[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-status-list-05.txt

Christian Bormann Fri, 15 Nov 2024 10:07:25 -0800

Hi All,

Thanks for the good discussion on the Status List at the IETF 121 (Dublin). 
This is our understanding of the discussions and the rough consensus at the 
meeting. We will continue with PRs in this direction and wanted to confirm that 
our understanding matches the working groups:


- Unsigned Option: No strong objection to drop the unsigned option in favor of 
simplicity of the spec. We will drop the unsigned option and add to security 
considerations that we expect the status list to always be in a secured 
container.
- Compression: Minimize options and do not introduce an optional parameter to 
support different compression algorithms (and no compression) for the time 
being - could still be extended later on.
- Content Type: Enforce media types, especially Content-Type when retrieving 
the status list. We will also do a bit more research how earlier RFCs dealt 
with the problem of some services (like some CDNs) not responding with correct 
media types.

Best Regards,
Christian

-----Original Message-----
From: internet-dra...@ietf.org <internet-dra...@ietf.org> 
Sent: Monday, October 21, 2024 8:55 PM
To: i-d-annou...@ietf.org
Cc: oauth@ietf.org
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-status-list-05.txt

Internet-Draft draft-ietf-oauth-status-list-05.txt is now available. It is a 
work item of the Web Authorization Protocol (OAUTH) WG of the IETF.

   Title:   Token Status List
   Authors: Tobias Looker
            Paul Bastian
            Christian Bormann
   Name:    draft-ietf-oauth-status-list-05.txt
   Pages:   48
   Dates:   2024-10-21

Abstract:

   This specification defines status list data structures and processing
   rules for representing the status of tokens secured by JSON Object
   Signing and Encryption (JOSE) or CBOR Object Signing and
   Encryption(COSE), such as JSON Web Tokens (JWTs), CBOR Web Tokens
   (CWTs) and ISO mdoc.  The status list token data structures
   themselves are also represented as JWTs or CWTs.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-05.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-status-list-05

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-status-list-05.txt

Reply via email to