- From: Johnston, Alan B (Alan) <abjohnston@avaya.com>
- Date: Wed, 6 Jan 2016 23:12:07 +0000
- To: "public-webrtc@w3.org" <public-webrtc@w3.org>
- Message-ID: <7DE47B1B6D020A4789561F4C0D3E96C76E72EE27@AZ-US1EXMB05.global.avaya.com>
I have some comments and questions about terminology and naming in the Identity Provider APIs, Section 9.
I can�t figure out what is the different between an �identity assertion� (in the Section 9.2.3.1 definition of �assertion�) and a �payload of the identity assertion� (in the Section 9.2.3.3 definition of �contents�). Are these the same thing? I can�t seem to find a definition of either.
Section 5.7 of draft-ietf-rtcweb-security-arch-11 gives an example of �contents� as:
"contents": "{\"fingerprint\":[ ... ]}"
which seems to imply that it is the fingerprint from the SDP.
Section 5.6.6 of the I-D also gives this example of �assertion�:
"assertion": "{\"identity\":\"bob@example.org\",
\"contents\":\"abcdefghijklmnopqrstuvwyz\",
\"signature\":\"010203040506\"
which seems to imply that �contents� is a subset of �assertion�. Is it required that the �contents� object in the �assertion� passed in validateAssertion be returned unchanged in the �contents� object of the promise?
Where is normative definition of the structure of the �identity assertion� and the �payload of the identity assertion� and the 'contents' and 'assertion' objects defined?
Also, in Section 9, �payload� means something very different from �payload� in the rest of the document, where is usually refers to an RTP payload. Choosing a different word here might reduce confusion.
Examples 4 and 5 at the end of Section 9 aren�t very helpful, either.
Am I just not finding the relevant text?
Thanks,
Alan
Received on Wednesday, 6 January 2016 23:12:39 UTC