On May 31, 2018, at 7:52 PM, Scott Stark <sst...@redhat.com> wrote:
We need input on whether we move forward with the iss claim validation compromise as described in the current 1.1-RC2 release candidate, or whether we are basically delaying the release until some future MP umbrella release. The discussion on today's MP-JWT call was around our options, and rolling back to the 1.1-RC1 behavior of allowing the token to dictate the iss claim validation was felt to be a relaxation of previous behavior that was undesirable.
--
You received this message because you are subscribed to the Google Groups "Eclipse MicroProfile" group.
To unsubscribe from this group and stop receiving emails from it, send an email to microprofile...@googlegroups.com.
To post to this group, send email to microp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/microprofile/80cd619e-f387-4166-be8b-e27fd2390739%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sent a note in the draft thread. I'm fine moving forward with requiring `mp.jwt.verify.issuer` if others are 100% confident. I'm perhaps 30% confident as I see other options. I'm 5% confident on `mp.jwt.verify.requireiss` and would prefer we leave that out for 1.1 so we can carefully consider what it means to require claims and how we want to express that.
On May 31, 2018, at 7:52 PM, Scott Stark <sst...@redhat.com> wrote:
We need input on whether we move forward with the iss claim validation compromise as described in the current 1.1-RC2 release candidate, or whether we are basically delaying the release until some future MP umbrella release. The discussion on today's MP-JWT call was around our options, and rolling back to the 1.1-RC1 behavior of allowing the token to dictate the iss claim validation was felt to be a relaxation of previous behavior that was undesirable.--
You received this message because you are subscribed to the Google Groups "Eclipse MicroProfile" group.
To unsubscribe from this group and stop receiving emails from it, send an email to microprofile+unsubscribe@googlegroups.com.
To post to this group, send email to microp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/microprofile/80cd619e-f387-4166-be8b-e27fd2390739%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Eclipse MicroProfile" group.
To unsubscribe from this group and stop receiving emails from it, send an email to microprofile+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/microprofile/3BCA8804-A513-4386-84D4-242A3D152D15%40tomitribe.com.
To unsubscribe from this group and stop receiving emails from it, send an email to microprofile+unsubscribe@googlegroups.com.
To post to this group, send email to microp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/microprofile/9e716e52-bceb-47ce-b2ee-b43a3b53310b%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/microprofile/9e716e52-bceb-47ce-b2ee-b43a3b53310b%40googlegroups.com.