Hi all, My favorite way to understand a draft is to implement it, so I did a quick implementation of SD-JWT while sitting in IETF sessions last week (in Rust, as an extension to the `jwt` crate, which seems pretty mature and widely used). Currently in first-draft form, but in case anyone is interested:
https://github.com/bifurcation/rust-jwt/pull/1 Overall, my assessment is that the document is fundamentally sound but could use some clarifications and some minor technical improvements. I have filed the latter as issues on the GitHub repo: #375 - Make SD-JWT(0) and JWT the same https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/375 #374 - Separate token and presentation formats https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/374 #373 - Validate that disclosures match the issuer JWT https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/373 #372 - Forbid recursive redaction https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/372 #371 - Remove initial underscore on _sd_hash https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/371 Best, --Richard
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
