Closed jaxoncreed closed 3 years ago
jaxoncreed
commented
4 years ago Another section is the JSON Web Key store section which adds no new information on top of the original OIDC spec.
I think in general, this spec should either choose to repeat ALL relevant information from other specs, or simply refer to other specs and focus solely on the things that differentiate this system.
acoburn
commented
4 years ago or simply refer to other specs and focus solely on the things that differentiate this system
+1 on not reiterating what other spec documents already state.
EndlessTrax
commented
4 years ago I'm in agreement. I'll remove the mention of iat and change the language to something alone the lines of "validate the DPoP as per spec".
I think this is a good argument for removing the JSON Web Key Store section, too. @amigus do you have any different opinion on this?
amigus
commented
4 years ago No, I concur.
elf-pavlik
commented
4 years ago @jaxoncreed does latest draft address this issue? https://github.com/solid/authentication-panel/blob/master/oidc-authentication.md
acoburn
commented
3 years ago This issue was resolved via #49 Please reopen this issue if more discussion is needed
In DPoP Validation, checking the
iatfield is mentioned, but checking thehtuandhtmfields are not. I know that both are referenced in the DPoP spec, but it seems weird theiat, which is also mentioned is brought over into this spec, when the two arguably more important fields in DPoP are left unmentioned.