Hi Brian, thanks a lot for your mail. As far as I know informal meetings and assumptions of alleged consensus are no basement for trustworthy decisions on open standardization and official standardization bodies like IETF as the chairs confirmed several times. We are currently in WGLC, after consensus found everybody will be happy to follow it.
Independently from this: the subject is under clarification. Maybe we use the time to solve the privacy issue TokenStatusList contains immanently if used for (Q)EAA in eIDAS. Best Steffen Von: Brian Campbell <bcampb...@pingidentity.com> Gesendet: Montag, 7. April 2025 21:49 An: Steffen Schwalm <Steffen.Schwalm@msg.group> Cc: Kristina Yasuda <yasudakrist...@gmail.com>; ANTHONY NADALIN <nada...@prodigy.net>; torsten=40lodderstedt....@dmarc.ietf.org; oauth <oauth@ietf.org> Betreff: Re: [OAUTH-WG] Re: Second WGLC for Token Status List Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders. On Thu, Apr 3, 2025 at 11:33 AM Steffen Schwalm <Steffen.Schwalm@msg.group<mailto:Steffen.Schwalm@msg.group>> wrote: I strongly oppose against moving forward the specification as Issues still open. 1. There´s no documented decision on the well-known x509 issue – beside the wishes of the authors Having seen and participated in discussion of the issue on the mailing list, at "unofficial" events with WG participants, and at official events with WG participants - the decision was very clearly based on the wishes of the rough consensus of the WG participants. Speaking as an individual, of course. 1. 2. Still wait for information from chairs where and how to solve issue when not in TokenStatusList 3. Means TokenStatusList contains privacy issue in case used for Attestatiosn of attributes in eIDAS Von: Kristina Yasuda <yasudakrist...@gmail.com<mailto:yasudakrist...@gmail.com>> Gesendet: Mittwoch, 2. April 2025 00:22 An: ANTHONY NADALIN <nada...@prodigy.net<mailto:nada...@prodigy.net>> Cc: torsten=40lodderstedt....@dmarc.ietf.org<mailto:40lodderstedt....@dmarc.ietf.org>; oauth <oauth@ietf.org<mailto:oauth@ietf.org>> Betreff: [OAUTH-WG] Re: Second WGLC for Token Status List Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders. I support moving this specification forward. It is a crucial building block for lifecycle management of different tokens/credentials. On Tue, Apr 1, 2025 at 9:42 PM ANTHONY NADALIN <nada...@prodigy.net<mailto:nada...@prodigy.net>> wrote: support this moving forward as we need this in ISO Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: torsten=40lodderstedt....@dmarc.ietf.org<mailto:40lodderstedt....@dmarc.ietf.org> <torsten=40lodderstedt....@dmarc.ietf.org<mailto:40lodderstedt....@dmarc.ietf.org>> Sent: Tuesday, April 1, 2025 11:38:22 AM To: oauth <oauth@ietf.org<mailto:oauth@ietf.org>>; Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com<mailto:rifaat.s.i...@gmail.com>> Subject: [OAUTH-WG] Re: Second WGLC for Token Status List Hi, I support moving this spec forward. best regards, Torsten. Am 24. März 2025, 13:41 +0100 schrieb Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com<mailto:rifaat.s.i...@gmail.com>>: All, This is a second WG Last Call for the Token Status List document: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ Please, review this document and reply on the mailing list if you have any comments or concerns, by April 7th. Regards, Rifaat & Hannes _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-le...@ietf.org<mailto:oauth-le...@ietf.org> _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-le...@ietf.org<mailto:oauth-le...@ietf.org> _______________________________________________ OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org> To unsubscribe send an email to oauth-le...@ietf.org<mailto:oauth-le...@ietf.org> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
