Hi all,
we have just released version -08 of OAuth Token Status List
incorporating the latest feedback with the following changes:
* Fix cwt typ value to full media type
* Clarifying that Holders may also fetch and verify Status List Tokens
* Update terminology for Referenced Token and Status List Token
Datatracker Link for convenience:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-status-list-08
We also included some Feedback from Rohan's feedback, switching the
draft from informational to standards track, which was a bug on our side
(which we copied from other specs in OAuth, please check your drafts as
well) and opened two issues as todos:
- provide CDDL -
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/267
- clarify defintion of Status List refering to the compressed or
uncompressed byte array -
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/268
We've also resolved several issues in Github, one remaining issue is on
the question, whether X509 should be included as Referenced Tokens, i.e.
whether we should described how to do status management and revocation
of X509 Certificates with the TokenĀ Status List, for details of the
discussion see:
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243 or
on the mailing list
https://mailarchive.ietf.org/arch/msg/oauth/_vc8RgYVMOl3ekRTFd7nbGyDo9c/
We plan to discuss this topic at the OAuth Security Workshop next week
in Reykjavik, additionally we would love some more input from the
working group/chairs on thisĀ topic, if you can't participate next week
in person, either on the mailing list or in the Github issue.
Best regards, Paul + Christian
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
