Merge pull request #321 from openid/mbj-nat-constraints

selfissued · web-flow · commit 67e03b605f44 · 2025-12-30T17:22:30.000-08:00
Improved "constraints" claim description per feedback from Nat
diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml
@@ -7632,9 +7632,8 @@ HTTP/1.1 302 Found
 	  Use of this Claim is OPTIONAL.
 	</t>
 	<t>
-	  For instance, the <spanx style="verb">constraints</spanx> Claim
-	  might be used to impose material thickness limits for a physical object.
-	  This Claim is used in this specification as specified in <xref target="ss-specific"/>
+	  For instance,
+	  this Claim is used in this specification as specified in <xref target="ss-specific"/>
 	  to represent constraints on the Trust Chain for the Entity.
 	</t>
       </section>
@@ -7720,6 +7719,18 @@ HTTP/1.1 302 Found
 	  to represent delegation of the right to issue Trust Marks
 	  with a particular identifier.
 	</t>
+	<t>
+	  Note that the <spanx style="verb">delegation</spanx> Claim is both
+	  syntactically and semantically distinct from the existing
+	  <spanx style="verb">act</spanx> Claim <xref target="IANA.JWT.Claims"/>.
+	  <spanx style="verb">act</spanx> is a JSON object whereas
+	  <spanx style="verb">delegation</spanx> is a StringOrURI.
+	  Semantically, the Delegation JWT defined in <xref target="delegation_jwt"/>
+	  carries a signature by an issuer cryptographically proving
+	  the right to delegate to the party.
+	  The <spanx style="verb">act</spanx> Claim, carrying no signature,
+	  cannot achieve this.
+	</t>
       </section>
 
       <section anchor="logo_uriClaim" title='"logo_uri" (Logo URI) Claim'>
