- changed status to resolved
Section 3, it is unclear whether the Request Object can be a JWE only or if a JWS is always used
Issue #8
resolved
From the wording in Section 3, it is unclear whether the Request Object can be a JWE only or if a JWS is always used (with alg:none for unsigned) and is nested within a JWE when encryption but not singing is needed. To my reading there is text that suggest both cases. Which is it? I think some clarification is needed around this. (Brian Campbell)
The intent is that it can be:
- JWS only
- JWE only
- JWSed then JWEed.
The editor tried to reconstruct the section to clarify it. Please see -07 to find out if it worked. A concrete text would be appreciated.
Comments (1)
-
reporter - Log in to comment