Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rephrase "overwrite" of access token #179

Closed
gselander opened this issue Dec 18, 2020 · 0 comments · Fixed by #180
Closed

Rephrase "overwrite" of access token #179

gselander opened this issue Dec 18, 2020 · 0 comments · Fixed by #180

Comments

@gselander
Copy link
Collaborator

gselander commented Dec 18, 2020

Feedback from implementers: Section 5.10.1 of the ACE framework uses the term "overwrite"

"This specification RECOMMENDS that an RS stores only one token per
proof-of-possession key, meaning that an additional token linked to the
same key will overwrite any existing token at the RS. The reason is that
this greatly simplifies (constrained) implementations, with respect to
required storage and resolving a request to the applicable token."

and this is mirrored in the OSCORE profile. However, this is not strictly an overwrite of a token because some information in the original token needs to be kept. For example, if the client requests new access rights only using the kid as reference, and the corresponding access token overwrites the original token, then information about the actual key would be lost.

Proposed reformulation:

"This specification RECOMMENDS that an RS stores only one token per
proof-of-possession key. This means that an additional token linked to
the same key will supersede any existing token at the RS, by replacing
the corresponding authorization information. The reason is that ..."

gselander added a commit that referenced this issue Dec 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant