You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feedback from implementers: Section 5.10.1 of the ACE framework uses the term "overwrite"
"This specification RECOMMENDS that an RS stores only one token per
proof-of-possession key, meaning that an additional token linked to the
same key will overwrite any existing token at the RS. The reason is that
this greatly simplifies (constrained) implementations, with respect to
required storage and resolving a request to the applicable token."
and this is mirrored in the OSCORE profile. However, this is not strictly an overwrite of a token because some information in the original token needs to be kept. For example, if the client requests new access rights only using the kid as reference, and the corresponding access token overwrites the original token, then information about the actual key would be lost.
Proposed reformulation:
"This specification RECOMMENDS that an RS stores only one token per
proof-of-possession key. This means that an additional token linked to
the same key will supersede any existing token at the RS, by replacing
the corresponding authorization information. The reason is that ..."
The text was updated successfully, but these errors were encountered:
Feedback from implementers: Section 5.10.1 of the ACE framework uses the term "overwrite"
"This specification RECOMMENDS that an RS stores only one token per
proof-of-possession key, meaning that an additional token linked to the
same key will overwrite any existing token at the RS. The reason is that
this greatly simplifies (constrained) implementations, with respect to
required storage and resolving a request to the applicable token."
and this is mirrored in the OSCORE profile. However, this is not strictly an overwrite of a token because some information in the original token needs to be kept. For example, if the client requests new access rights only using the kid as reference, and the corresponding access token overwrites the original token, then information about the actual key would be lost.
Proposed reformulation:
"This specification RECOMMENDS that an RS stores only one token per
proof-of-possession key. This means that an additional token linked to
the same key will supersede any existing token at the RS, by replacing
the corresponding authorization information. The reason is that ..."
The text was updated successfully, but these errors were encountered: