- changed status to open
"non monotonically increasing" does not cover all cases
Issue #64
resolved
Currently, it states:
shall provide opaque, non-monotonically increasing
or non-guessable access tokens with a minimum of 128 bits
as defined in section 5.1.4.2.2 of [RFC6819]
Since non-monotonically decreasing is equally bad, this statement is inaccurate. It should just say:
shall provide opaque and non-guessable access tokens
with a minimum of 128 bits
as defined in section 5.1.4.2.2 of [RFC6819]
Comments (7)
-
reporter -
reporter - changed status to resolved
Fixed
#64→ <<cset 850a4c1fcfa2>>
-
reporter - changed component to Part 1: Baseline
-
reporter - changed component to FAPI 1 - Part 1: Baseline
-
reporter - changed component to FAPI 1 – Part 1: Baseline
-
reporter - changed component to FAPI 1 – Baseline
-
reporter - changed component to FAPI 1: Baseline
- Log in to comment
Discussed in the call.
Agreed on the text.
Axel pointed out that it may sound imposing some structure to access token. A note should be put there to clarify that this is a minimum requirements for the access tokens for this profile and as long as the token satisfies this property, it is ok to use any kind of structure including but not limited to JWT.