DP - More precise qualification on Encryption needed.

2) On page 9 the text states:

The authorization request object MUST be either
   (a)  JWS signed; or
   (b)  JWE encrypted; or
   (c)  JWS signed and JWE encrypted.

This should be replaced by:

The authorization request object MUST be either
   (a)  JWS signed; 
   (b)  JWE encrypted (when symmetric keys are being used); or
   (c)  JWS signed and JWE encrypted.

Comments (1)