This part of the iSHARE scheme Scheme is considered normative and is therefore compliant with RFC 2119.
...
- In a request for an OAuth Access Token or an OpenID Connect ID token the client sends a signed JWT. The client is authenticated based on the verification of the JWT's signature.
- Delegation evidence is presented as a signed JWT. The signature of the Authorisation the Authorization Registry or Entitled Party provides proof to other parties.
- In a response from a server iSHARE metadata is presented as a signed JWT. The signature is used to bind the iSHARE metadata (such as license information) in the JWT to the content of the response.
- A service from an iSHARE Service Provider MAY require a request to be signed.
...
Panel |
---|
|
...