Orie Steele and I have updated the “Fully-Specified Algorithms for JOSE and COSE” specification to incorporate working group last call (WGLC) feedback. Thanks to all who took the time to comment on the draft. Your feedback was exceptionally actionable and helped to substantially improve the specification. Responses to each WGLC comment thread were sent on the IETF JOSE working group mailing list.
The updated draft attempts to discuss the full range of the problems created by polymorphic algorithm identifiers. Guided by working group feedback, it strikes an engineering balance between which of these problems to fix immediately in the specification and which to describe how future specifications can fix later as the need arises.
I look forward to discussing next steps for the specification at IETF 120 in Vancouver.
The specification is available at:
The “OAuth 2.0 Protected Resource Metadata” specification has been updated to address feedback from our document shepherd Rifaat Shekh-Yusef in advance of