[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-status-list-07.txt

[Christian Bormann]

Hi all,   We are pleased to announce that draft -07 of Status List has been published. We have tried to incorporate the proposed changes as discussed in the interim meeting, the mailing list, and from discussions in github issues.   Notable changes are: Section on prior work Be more explicit on the option of short-lived tokens as an alternative to revocation Section explaining the status mechanism registry – be more explicit that other status mechanisms might have other privacy properties etc. Test Vectors for all cases (all bit sizes and both JSON/CBOR encoding) Additions to the privacy section, especially a new subsection on the implication of status types (suspended) Clarification of the terms Issuer/Status List Issuer/Status List Provider and concrete implementation consideration A new section on key resolution – we initially wanted to keep that out of scope, but there seems to be value in being more explicit for the more prominent variants (x5c, web resolution, same key) As a result of adding text on key resolution, the proposal of a new Extended Key Usage ID for X.509 – that way implementations that want to anchor on X.509 PKI hopefully use the same mechanism   There is one outstanding issue that we would like to bring to the mailing list in a separate email. Apart from that we believe, we have incorporated all feedback/discussions. Best Regards, Christian   On 02.02.25, 20:32, "internet-dra...@ietf.org" <internet-dra...@ietf.org> wrote: Internet-Draft draft-ietf-oauth-status-list-07.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.      Title:   Token Status List    Authors: Tobias Looker             Paul Bastian             Christian Bormann    Name:    draft-ietf-oauth-status-list-07.txt    Pages:   69    Dates:   2025-02-02   Abstract:      This specification defines a mechanism, data structures and    processing rules for representing the status of tokens secured by    JSON Object Signing and Encryption (JOSE) or CBOR Object Signing and    Encryption (COSE), such as JWT, SD-JWT VC, CBOR Web Token and ISO    mdoc.  It also defines an extension point and a registry for future    status mechanisms.   The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/   There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-07.html   A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-status-list-07   Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts     _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org