Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing clarity about JWS requirement #90

Open
qligier opened this issue Aug 25, 2023 · 3 comments
Open

Missing clarity about JWS requirement #90

qligier opened this issue Aug 25, 2023 · 3 comments
Assignees
@msmock

Comments

@qligier
Copy link

qligier commented Aug 25, 2023

Section Number 3.71.4.2.2.1

Issue
It is unclear whether JWT shall be or may be signed.
The profile says JWT token shall be signed as specified in JSON Web Signature [RFC7515], which would require the use of JWS, but the next sentence starts with If signed. The first sentence could then be understood as "If signed, one must follow RFC7515" (i.e. a restriction on the signature method, and not an unconditional requirement).

Proposed Change
N/A

Priority:
N/A
@JohnMoehrke
Copy link
Contributor

Martin, can you review and comment?

@msmock
Copy link
Contributor

msmock commented Oct 26, 2023

I agree. We should remove the "If signed" phrase from the sentence. This is not a functional change, so I guess we don't need a ballot.

@JohnMoehrke
Copy link
Contributor

excellent, please submit a pull-request. We can review during a meeting and approve if the committee also sees it as a technical correction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@msmock msmock

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msmock @qligier @JohnMoehrke