More on data formats

Dirkjan Ochtman dirkjan at
Tue Nov 26 11:15:47 PST 2013

On Tue, Nov 26, 2013 at 6:54 PM, Chris Karlof <ckarlof at> wrote:
>> Discussion was mostly around the verifier being able to differentiate,
>> not as much the RP, I think. In any case, it seemed to me like people
>> were uncomfortable about distinguishing based on the issuer, and
>> therefore wanted to add the scheme to make it easier. I must say that
>> I still don't fully grasp the perceived issue here.
> Crypto/security future feature creep fear. :)
> It's nice if there is a simple explicit way of knowing how the sub field should be interpreted. sub as URI helps with that.

And you think jwt.iss == "" isn't a good enough
test? IIUC we don't have any use case for a JWT without issuer.



More information about the Dev-fxacct mailing list