My experience has been that greater specificity is appreciated. I think consensus (where “consensus” != “unanimity”) is the most significant measure of whether a “draft is complete” (and that the ADs are satisfied).
I’m not arguing that the more specific text be included. I’m saying do not be overly concerned if it is. Pierce CONFIDENTIAL From: Dean Saxe <dean.saxe=40beyondidentity....@dmarc.ietf.org> Sent: Thursday, January 9, 2025 2:29 PM To: Paul Bastian <paul.bast...@posteo.de> Cc: oauth@ietf.org Subject: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations. EXTERNAL EMAIL I agree with you, Paul. A statement that this is not anonymous should be sufficient. -dhs -- Dean H. Saxe, CIDPRO<https://idpro.org/cidpro/> Principal Engineer Office of the CTO Beyond Identity dean.s...@beyondidentity.com<mailto:dean.s...@beyondidentity.com> On Jan 9, 2025, at 12:10 PM, Paul Bastian <paul.bast...@posteo.de<mailto:paul.bast...@posteo.de>> wrote: It seems to me saying "SD-JWT is not an anonymous credential system according to <link>" then seems sufficient, as most of the other text is already present in the thorough unlinkability section. Also I see that it gets increasingly difficult, if drafts have to enumerate all the things that they are not, this is a slippery slope that may never be complete. Best, Paul On 1/9/25 8:32 PM, Watson Ladd wrote: On Thu, Jan 9, 2025 at 10:39 AM Dean Saxe <dean.saxe=40beyondidentity....@dmarc.ietf.org<mailto:dean.saxe=40beyondidentity....@dmarc.ietf.org>> wrote: I’m struggling with the same thing. If there’s somewhere that this is described/documented it should be linked from the text. I added the same comment to the PR. https://www.google.com/url?q=https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535%23issuecomment-2580990520&source=gmail-imap&ust=1737058221000000&usg=AOvVaw2ZJTyUSYKf5i67EjayhT9A We can link to CL01, but I think there might be some easier to understand presentations. Will look. -dhs -- Dean H. Saxe, CIDPRO Principal Engineer Office of the CTO Beyond Identity dean.s...@beyondidentity.com<mailto:dean.s...@beyondidentity.com> On Jan 9, 2025 at 10:20:56 AM, Paul Bastian <paul.bast...@posteo.de<mailto:paul.bast...@posteo.de>> wrote: Hi Watson, Could you please link the standard security notation for anonymous credentials that you are referring to? Best, Paul _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-le...@ietf.org<mailto:oauth-le...@ietf.org> _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-le...@ietf.org<mailto:oauth-le...@ietf.org>
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
