Catching up on the discussion now. It seems prudent to register "..." to me. And all others look ok.
2025年4月4日(金) 5:52 Michael Jones <michael_b_jo...@hotmail.com>: > I then choose to defer to Brian’s judgement as an author (and a recused > Designated Expert) and approve this and all the other registrations. > > > > IANA, please proceed to make the registrations. > > > > -- Mike > > > > *From:* Brian Campbell <bcampb...@pingidentity.com> > *Sent:* Thursday, April 3, 2025 1:50 PM > *To:* Michael Jones <michael_b_jo...@hotmail.com> > *Cc:* Filip Skokan <panva...@gmail.com>; > drafts-expert-review-comm...@iana.org; nat@nat.consulting; > jwt-reg-rev...@ietf.org; oauth@ietf.org > *Subject:* Re: [IANA #1416058] expert review for > draft-ietf-oauth-selective-disclosure-jwt (jwt) > > > > I am (and always have been on this one) on the fence about it but also > lean towards making the registration. > > > > On Thu, Apr 3, 2025 at 2:47 PM Michael Jones <michael_b_jo...@hotmail.com> > wrote: > > I would lean towards approving the registration of “…” even though it may > not appear as a top-level claim when used as defined in the specification. > It’s still a claim value integral to the functioning of this specification. > > > > That said, Brian, as an author, do you believe we should register it or > not? I can’t tell from your response below. > > > > Thanks all, > > -- Mike > > > > *From:* Brian Campbell <bcampb...@pingidentity.com> > *Sent:* Thursday, April 3, 2025 1:40 PM > *To:* Filip Skokan <panva...@gmail.com> > *Cc:* drafts-expert-review-comm...@iana.org; nat@nat.consulting; > michael_b_jo...@hotmail.com; jwt-reg-rev...@ietf.org; oauth@ietf.org > *Subject:* Re: [IANA #1416058] expert review for > draft-ietf-oauth-selective-disclosure-jwt (jwt) > > > > Indeed unlikely to appear as a top level claim and, I think even if it > did, it'd be unlikely to actually impact algorithms / steps defined in > SD-JWT (depends on implementation though, of course, so not impossible). > But it could certainly be a source of confusion seeing it there. > > > > On Thu, Apr 3, 2025 at 2:32 PM Filip Skokan <panva...@gmail.com> wrote: > > Hello Brian > > > > to prevent it from being used as a top level claim name > > > > That's a perfectly valid reason, would its appearance as a top level claim > (while unlikely, possible) impact the various algorithms / steps defined in > SD-JWT? If so, let's register it. > > > > S pozdravem, > *Filip Skokan* > > > > > > On Thu, 3 Apr 2025 at 22:20, Brian Campbell <bcampb...@pingidentity.com> > wrote: > > Thanks Filip, > > > > I think your observations about "..." are correct. It doesn't necessarily > need to be registered and isn't even strictly speaking a claim name. We > talked about this some (poorly captured in this issue /315 > <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/315>) > and decided it'd be a reasonable idea to request to register it anyway. I > think the motivation was largely to have it documented in a place, other > than the draft itself, where people might maybe look for such information > and to prevent it from being used as a top level claim name. Also (other > than having this conversation, which was anticipated) there didn't seem to > be any real downside to requesting registration. And there's not, as far as > I know, definitive guidance or precedent. > > > > Having said that, however, I don't think there's a lot of conviction > behind it from anyone involved. And not requesting / making the > registration for "..." would be a perfectly reasonable outcome too. > > > > > > On Thu, Apr 3, 2025 at 8:39 AM Filip Skokan <panva...@gmail.com> wrote: > > Hello David, SD-JWT authors, > > > > I have reviewed the proposed registrations in > draft-ietf-oauth-selective-disclosure-jwt-17 > <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-17.html> > . > > - *"_sd"* - OK *✓* > - *"_sd_alg"* - OK *✓* > - *"sd_hash"* - OK *✓* (after digging out the discussion around why > "sd_hash" does not have a prefix (issues/371 > <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/371> > , pull/387 > <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/387>) > like "_sd" and "_sd_alg" do) > - *"..."* - Since this can never appear in the top level JSON object > that represents the JWT Claims Set and appears exclusively as a property in > a JSON array member that itself is an object, i.e. inside a Claim Value, it > does not seem fit to be registered as a JSON Web Token Claim. However, > lacking more details in the review instructions for designated experts I'm > not finding a more solid ground to say no to it. That is other than this > potentially far-fetching thought that since the registry entries are for > "Claim Name"(s) and "..." can only appear inside "Claim Value" it seems > like it needs no registration. Thoughts? Is my understanding of it never > being on the top level JSON object correct? > > S pozdravem, > *Filip Skokan* > > > > > > On Wed, 2 Apr 2025 at 22:11, David Dong via RT < > drafts-expert-review-comm...@iana.org> wrote: > > Dear Mike Jones, Nat Sakimura, Filip Skokan (cc: Brian Campbell, oauth WG), > > As the designated experts for the JSON Web Token Claims registry, can you > review the proposed registrations in > draft-ietf-oauth-selective-disclosure-jwt-17 for us? Please note Brian is a > co-author on this document. > > Please see: > > https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/ > > The due date is April 23rd. > > If this is OK, when the IESG approves the document for publication, we'll > make the registration at: > > https://www.iana.org/assignments/jwt/ > > We will assume that your response is a consensus response, unless you tell > us otherwise. > > Unless you ask us to wait for the other reviewer, we’ll act one week after > the first response we receive. > > With thanks, > > David Dong > IANA Services Sr. Specialist > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
