Hi! We've observed growing energy around JWT, selective disclosure and VC related topics in the WG in recent meetings. We spent almost all of the third OAuth meeting at IETF 117 on related topics. The initial SD-JWT (draft-ietf-oauth-selective-disclosure-jwt) has been followed up with SD-JWT-VC (draft-ietf-oauth-sd-jwt-vc). There is also work like draft-looker-oauth-jwt-cwt-status-list being proposed.
As promised at IETF 117, we would like to start a conversation about the direction the WG would like to take at a strategic level rather than continuing to deal this topic in one document increments of additional scope. ** What's the body of work around SD/JWT/VC that should be done and how much work will that be? What needs to be done first? What unknown about the direction and needed tasks? ** For whatever that work might be, how should the OAuth charter evolve to support the work? ** Is there work to be done around bridging the architectural narrative used in the core OAuth framework/RFC6749 (AS, RS, RO) and three part model (issuer, holder, verifier) used in draft-ietf-oauth-selective-disclosure-jwt? Thanks, Roman, Hannes, and Rifaat _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
