[OAUTH-WG] Re: [IANA #1416058] expert review for draft-ietf-oauth-selective-disclosure-jwt (jwt)

Thu, 03 Apr 2025 07:41:40 -0700 

Hello David, SD-JWT authors,

I have reviewed the proposed registrations in
draft-ietf-oauth-selective-disclosure-jwt-17
<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-17.html>
.

   - *"_sd"* - OK *✓*
   - *"_sd_alg"* - OK *✓*
   - *"sd_hash"* - OK *✓* (after digging out the discussion around why
   "sd_hash" does not have a prefix (issues/371
   <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/371>,
   pull/387
   <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/387>)
   like "_sd" and "_sd_alg" do)
   - *"..."* - Since this can never appear in the top level JSON object
   that represents the JWT Claims Set and appears exclusively as a property in
   a JSON array member that itself is an object, i.e. inside a Claim Value, it
   does not seem fit to be registered as a JSON Web Token Claim. However,
   lacking more details in the review instructions for designated experts I'm
   not finding a more solid ground to say no to it. That is other than this
   potentially far-fetching thought that since the registry entries are for
   "Claim Name"(s) and "..." can only appear inside "Claim Value" it seems
   like it needs no registration. Thoughts? Is my understanding of it never
   being on the top level JSON object correct?

S pozdravem,
*Filip Skokan*


On Wed, 2 Apr 2025 at 22:11, David Dong via RT <
drafts-expert-review-comm...@iana.org> wrote:

> Dear Mike Jones, Nat Sakimura, Filip Skokan (cc: Brian Campbell, oauth WG),
>
> As the designated experts for the JSON Web Token Claims registry, can you
> review the proposed registrations in
> draft-ietf-oauth-selective-disclosure-jwt-17 for us? Please note Brian is a
> co-author on this document.
>
> Please see:
>
> https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
>
> The due date is April 23rd.
>
> If this is OK, when the IESG approves the document for publication, we'll
> make the registration at:
>
> https://www.iana.org/assignments/jwt/
>
> We will assume that your response is a consensus response, unless you tell
> us otherwise.
>
> Unless you ask us to wait for the other reviewer, we’ll act one week after
> the first response we receive.
>
> With thanks,
>
> David Dong
> IANA Services Sr. Specialist
>

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to