Thank you Rifaat and Arndt and also Paul, Cristian, Kristina and Oliver for their valuable questions (many of those embedding the answer in the smart way they use to do).
In particular for the github issues and the actions that me and other author will be able to achieve, like: - optioanlly protect the endpoint also with DPoP using a key specialized for this purpose: https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/32#issuecomment-2161206939 - further points about status list in comparison with status assertions are collected here: https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/50#issuecomment-2129474975 - regarding short-lived credentials and refresh token: there might be concerns about the preservation of the LoA high, here some insights about the refresh tokens: https://github.com/italia/eudi-wallet-it-docs/issues/178 - regarding Kris concerns I can say that the wallet doesn't obains the revocations on behalf of the verifier: the wallet obtains the proofs that its credentials are not revoked first of all. The wallet therefore can use these proofs to the relying party in fully compliance to the wallet paradigm where everything passes through the wallet. The strong privacy requirement that demonstrate weakness with the status list is that using status list the RP can monitor the status of a credential over time and outside the user control, while with status assertion this cannot happen thank you for your patience in reading all the stuffs and your interest in this I-D, best G - Il giorno mer 12 giu 2024 alle ore 20:52 Rifaat Shekh-Yusef < rifaat.s.i...@gmail.com> ha scritto: > Attached are the slide decks presented during this meeting. > > The following is a link to the meeting notes (thanks to Arndt!): > > https://datatracker.ietf.org/meeting/interim-2024-oauth-06/materials/minutes-interim-2024-oauth-06-202406111600-00 > > The following is a link to the meeting video recording: > https://www.youtube.com/watch?v=Bq6hBh8Tyg4 > > Regards, > Rifaat > > > > On Mon, Apr 29, 2024 at 11:37 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> OAuth WG Virtual Interim - Revocation Drafts >> The Web Authorization Protocol (oauth) WG will hold a virtual interim >> meetingon 2024-06-11 from 12:00 to 13:00 America/Toronto (16:00 to 17:00 >> UTC).Agenda:Token Status Listhttps://datatracker.ietf.org >> >> The Web Authorization Protocol (oauth) WG will hold a virtual interim >> meeting >> on 2024-06-11 from 12:00 to 13:00 America/Toronto (16:00 to 17:00 UTC). >> >> Agenda: >> Token Status List >> https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ >> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-oauth-status-list%2F&sa=D&ust=1714836900000000&usg=AOvVaw1HlvJPhhfjHM40vdIoCKTH> >> >> OAuth Status Attestation >> https://datatracker.ietf.org/doc/draft-demarco-oauth-status-attestations/ >> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-demarco-oauth-status-attestations%2F&sa=D&ust=1714836900000000&usg=AOvVaw1b_4yOp5w33mpcQYI6A3os> >> >> Global Token Revocation >> https://datatracker.ietf.org/doc/draft-parecki-oauth-global- >> token-revocation/ >> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-parecki-oauth-global-token-revocation%2F&sa=D&ust=1714836900000000&usg=AOvVaw0YkD8P4IYpmtB1x2dVtCRR> >> >> >> Information about remote participation: >> https://meetings.conf.meetecho.com/interim/?group=79913841- >> 6dcc-4d63-a1f4-26484e75fee9 >> <https://www.google.com/url?q=https%3A%2F%2Fmeetings.conf.meetecho.com%2Finterim%2F%3Fgroup%3D79913841-6dcc-4d63-a1f4-26484e75fee9&sa=D&ust=1714836900000000&usg=AOvVaw1FfDTai6oHv3ckeSHdiihf> >> >> >> >> -- >> A calendar subscription for all oauth meetings is available at >> https://datatracker.ietf.org/meeting/upcoming.ics?show=oauth >> <https://www.google.com/url?q=https%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2Fupcoming.ics%3Fshow%3Doauth&sa=D&ust=1714836900000000&usg=AOvVaw1fGtX11YuZg7Lezh8ZBI5y> >> WhenTuesday Jun 11, 2024 ⋅ 12pm – 1pm (Eastern Time - Toronto) >> Guests >> Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com> - organizer >> oauth@ietf.org >> View all guest info >> <https://calendar.google.com/calendar/event?action=VIEW&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0> >> Reply for oauth@ietf.org >> Yes >> <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&rst=1&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0> >> No >> <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&rst=2&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0> >> Maybe >> <https://calendar.google.com/calendar/event?action=RESPOND&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&rst=3&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0> >> More options >> <https://calendar.google.com/calendar/event?action=VIEW&eid=NWJxbWU4azZwbWUzMGJjN2k5cjVhYXBmNnAgb2F1dGhAaWV0Zi5vcmc&tok=MjMjcmlmYWF0LnMuaWV0ZkBnbWFpbC5jb20zMzQ3NDZiMzllNWJkNmUyOWY3YzdhZGM5NmY5ZWQyMjVlZjZmZmIw&ctz=America%2FToronto&hl=en&es=0> >> >> Invitation from Google Calendar <https://calendar.google.com/calendar/> >> >> You are receiving this email because you are an attendee on the event. To >> stop receiving future updates for this event, decline this event. >> >> Forwarding this invitation could allow any recipient to send a response >> to the organizer, be added to the guest list, invite others regardless of >> their own invitation status, or modify your RSVP. Learn more >> <https://support.google.com/calendar/answer/37135#forwarding> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
