·
2 commits
to main
since this release
-06
- Use IANA.media-types so the tooling can find the media types registry without an explicit target
- Mention that the RFC8693 token exchange is not strictly necessary, if trust domain A's platform provides other means to obtain a JWT authorization grant
- Better describe the trust relationship necessary (domain B has to trusts domain A to issue JWT authz grants and trust its signing key(s)) and mention that AS Metadata's
jwks_urican be used to obtain the verification keys for trust domain A - add a note about agreeing on semantics etc. when transcribing claims
- Editorial fixes