Closed jaxoncreed closed 3 years ago
Another section is the JSON Web Key store section which adds no new information on top of the original OIDC spec.
I think in general, this spec should either choose to repeat ALL relevant information from other specs, or simply refer to other specs and focus solely on the things that differentiate this system.
or simply refer to other specs and focus solely on the things that differentiate this system
+1 on not reiterating what other spec documents already state.
I'm in agreement. I'll remove the mention of iat
and change the language to something alone the lines of "validate the DPoP as per spec".
I think this is a good argument for removing the JSON Web Key Store section, too. @amigus do you have any different opinion on this?
No, I concur.
@jaxoncreed does latest draft address this issue? https://github.com/solid/authentication-panel/blob/master/oidc-authentication.md
This issue was resolved via #49 Please reopen this issue if more discussion is needed
In DPoP Validation, checking the
iat
field is mentioned, but checking thehtu
andhtm
fields are not. I know that both are referenced in the DPoP spec, but it seems weird theiat
, which is also mentioned is brought over into this spec, when the two arguably more important fields in DPoP are left unmentioned.