arndt-s
commented
1 month ago Do we need audience if we have a good proof of possession coverage via other claims? 🤔
Open yaronf opened 2 months ago
arndt-s
commented
1 month ago Do we need audience if we have a good proof of possession coverage via other claims? 🤔
bc-pi
commented
1 month ago Do we need audience if we have a good proof of possession coverage via other claims? 🤔
Audience is, to the best of my always limited understanding, an integral part of that proof of possession coverage. No?
Current text: "The
audclaim of the WPT matches the target URI, or an acceptable alias or normalization thereof, of the HTTP request".@yaronf: Man, what's a poor implementer to do with "an acceptable alias or normalization thereof"?
@bc-pi: Whatever they need to do to get shit to work in the case there are proxies in the middle that rewrite the path or even host. I agree that the language is less than ideal but think some allowance is needed.
https://github.com/yaronf/wimse-s2s/pull/19/files#r1648137394 for more context