Skip to content

Replace 'absolute URI' with 'URI' #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
acoburn wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Replace 'absolute URI' with 'URI' #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions lws10-core/Authentication.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ <h3>End-User Credential Data Model</h3>
</p>

<ul>
<li><dfn>subject</dfn> <strong>REQUIRED</strong> &mdash; an identifier for an end user. This MUST be an absolute URI.</li>
<li><dfn>issuer</dfn> <strong>REQUIRED</strong> &mdash; an identifier for the entity that issued the end-user credential. This MUST be an absolute URI.</li>
<li><dfn>client</dfn> <strong>REQUIRED</strong> &mdash; an identifier for a client application. This SHOULD be an absolute URI.</li>
<li><dfn>subject</dfn> <strong>REQUIRED</strong> &mdash; an identifier for an end user. This MUST be a URI.</li>
<li><dfn>issuer</dfn> <strong>REQUIRED</strong> &mdash; an identifier for the entity that issued the end-user credential. This MUST be a URI.</li>
<li><dfn>client</dfn> <strong>REQUIRED</strong> &mdash; an identifier for a client application. This SHOULD be a URI.</li>
<li><dfn>audience restriction</dfn> <strong>RECOMMENDED</strong> &mdash; a list of values that SHOULD include an authorization server identifier.</li>
</ul>
</section>
Expand Down
16 changes: 8 additions & 8 deletions lws10-core/Authorization.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,11 @@ <h4>Authorization Server Discovery</h4>

<ul>
<li>
<strong><code>as_uri</code> REQUIRED</strong> — The value of this parameter is an absolute URI identifying the authorization server
<strong><code>as_uri</code> REQUIRED</strong> — The value of this parameter is a URI identifying the authorization server
where a client can retrieve an access token. The value of this parameter will be the same as the <code>iss</code> claim of a valid access token.
</li>
<li>
<strong><code>realm</code> REQUIRED</strong> — The value of this parameter is an absolute URI indicating the scope of protection.
<strong><code>realm</code> REQUIRED</strong> — The value of this parameter is a URI indicating the scope of protection.
This value will be included in the audience (<code>aud</code>) claim of an access token. A client MUST verify that
the URI of the originating request is logically contained within the <code>realm</code> presented in this response.
</li>
Expand Down Expand Up @@ -136,7 +136,7 @@ <h5>Request</h5>
</p>

<ul>
<li>The <code>resource</code> parameter is REQUIRED. The value of this parameter MUST be an absolute URI and will be used to populate the
<li>The <code>resource</code> parameter is REQUIRED. The value of this parameter MUST be a URI and will be used to populate the
<code>aud</code> (audience) claim in the resulting access token. The supplied value will be the same as the
<code>realm</code> parameter response in a <code>WWW-Authenticate</code> challenge. The authorization server
MUST reject any request in which the resource parameter identifies an unknown or untrusted storage.
Expand Down Expand Up @@ -183,16 +183,16 @@ <h5>Response</h5>

<ul>
<li>
<code>sub</code> (subject) — <strong>REQUIRED</strong>. This claim MUST be an absolute URI identifying the agent performing the operation
<code>sub</code> (subject) — <strong>REQUIRED</strong>. This claim MUST be a URI identifying the agent performing the operation
</li>
<li>
<code>iss</code> (issuer) — <strong>REQUIRED</strong>. This claim MUST be the absolute URI of the authorization server
<code>iss</code> (issuer) — <strong>REQUIRED</strong>. This claim MUST be the URI of the authorization server
</li>
<li>
<code>client_id</code> (client id) — <strong>REQUIRED</strong>. This claim MUST be an absolute URI identifying the client.
<code>client_id</code> (client id) — <strong>REQUIRED</strong>. This claim MUST be a URI identifying the client.
</li>
<li>
<code>aud</code> (audience) — <strong>REQUIRED</strong>. This claim MUST include the absolute URI supplied by the client
<code>aud</code> (audience) — <strong>REQUIRED</strong>. This claim MUST include the URI supplied by the client
in the resource parameter. This value will be used to restrict the entities for which the access token is valid. This will
be the same value as provided by a storage server in the <code>realm</code> parameter of a <code>WWW-Authenticate</code> challenge.
</li>
Expand Down Expand Up @@ -306,7 +306,7 @@ <h5>Validation</h5>
Issuer Validation: Verify the <code>iss</code> claim matches the expected authorization server identifier.
</li>
<li>
Audience Validation: Verify the <code>aud</code> claim contains exactly one value and this value is an absolute URI identifying the storage server which logically contains the target resource.
Audience Validation: Verify the <code>aud</code> claim contains exactly one value and this value is a URI identifying the storage server which logically contains the target resource.
</li>
<li>
Temporal Validation, subject to an allowable clock skew between systems.
Expand Down