CIBA: rt_hash

Issue #111 resolved
Takahiko Kawasaki created an issue

In the page 21 of the 6th draft (draft-mobile-client-initiated-backchannel-authentication-06), urn:openid:params:jwt:claim:rt_hash is defined. If possible, giving a shorter name, rt_hash, would be better, considering similarity to at_hash (OIDC Core), c_hash (OIDC Core) and s_hash (FAPI Part 2).

Comments (8)

  1. Axel Nennker

    The IANA expert mentioned in #93 is usually right, although in the past we most of the time moved from long strings to just something short. Ages ago we had url for attribute names, today we have just e.g. 'email'.

    Maybe ask the expert again whether rt_hash needs IANA blessings.

    Shorter is better.

  2. Brian Campbell

    During the Nov 13 MODRNA WG call there was general consensus to keep the public claim names. But to also add a bit of explanatory text, maybe in the IANA section.

  3. Brian Campbell

    pull request #50 adds a JWT claims subsection to the IANA considerations explaining why no claims registration is requested and why collision resistant public names were used for the refresh token hash and auth_req_id

  4. Log in to comment