On Tue, Dec 17, 2024, 1:59 PM Joseph Heenan <jos...@authlete.com> wrote: > > Hi Watson > > Just to respond to the suggested text: > > > > > "When disclosures include information easily understood to be > > identifying, users intuitive view of what they are revealing largely > > matches the underlying technical reality. In cases where the > > information being disclosed is not identifying, SD-JWT > > MUST NOT be used as this confusion leads to users making the wrong > > choices. > > This sentence is really hard to make sense of and I don’t think implementors > will understand it. I’m not convinced I understand it even with the extra > context from the threads. I think a MUST NOT is far too strong too, and > saying ’SD-JWT’ in particular must not be used it too strong as an SD-JWT > where everything is disclosed (or no selective disclosures are present in the > issued credential in the first place) is no different to other credentials > formats that don’t have selective disclosure.
Would adding "When users disclose information that is not identifying, e.g. age, the fact that the mechanism in this draft exposes the unique signature of their credential is not obvious. Users could have made different decisions if they understood this. Therefore," in the middle help? > > > Applications cannot assume Verifiers behave properly (RFC > > 3514) and MUST analyze the consequences for such linkage with each > > credential that could be used." > > This ‘MUST’ is practically impossible for some implementors - for example, it > is impractical for a wallet to make this kind of judgement for each issued > credential. Bingo! Wallets that use SD-JWT can't give users the control over their data that we would expect them to have. The wallet needs to be aware of how the requests impact user privacy. > > > > Thanks > > Joseph > _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
