Hi Justin,
Your premise relies on a feature of JSON that does not exist. JSON
does not provide well-defined behavior for repeated names within an
object:
When the names within an object are not
unique, the behavior of software that receives such an object is
unpredictable.
You should also c
I support adoption, but we also implemented a similar spec and have similar
observations/reservations as Orie.
Really hope this draft can build up on the learnings to date and be a
significant improvement..
From: OAuth On Behalf Of Orie Steele
Sent: Saturday, September 30, 2023 6:10 AM
To: rifa
+1
Nat Sakimura
On 2 Oct 2023, 22:11 +0100, Brian Campbell
, wrote:
> I support adoption.
>
> I do think the document would be more appropriately scoped with more focus on
> the status list itself and less so on the JWT/CWT signed representations
> thereof. As such, I'd suggest maybe using a le
Your premise relies on a feature of JSON that does not exist. JSON does not
provide well-defined behavior for repeated names within an object:
When the names within an object are not
unique, the behavior of software that receives such an object is
unpredictable.
From: https://www.rfc-editor.org
The latest draft (i.e. draft-looker-oauth-jwt-cwt-status-list-latest)
which is available at :
https://vcstuff.github.io/draft-looker-oauth-jwt-cwt-status-list/draft-looker-oauth-jwt-cwt-status-list.html
includes the following illustrative drawing:
+--++---+
||
I am in favor of the adoption, with reservations and observations.
My reservations and observations will be posted in another email under
the following header:
"Reservations and observations about draft JWT and CWT Status List"
The basic idea looks useful for environments where:
- the
I support adoption. I have questions about the specifics which I'll try to
write up in the next week or so, but the basic idea seems useful. (The tl;dr of
my thoughts is: have we learned everything we can do from the *many* iterations
of similar mechanisms in the PKI space?)
-- Neil
> On 30 Se
Hi Brock
Answers inline:
> On 28 Sep 2023, at 19:39, Brock Allen wrote:
>
> Hello --
>
> While implementing PAR, some questions came up around the request_uri,
> expiration, and one-time use semantics.
>
> 1: I found this conversation:
> https://mailarchive.ietf.org/arch/msg/oauth/Xp5Wyt4N9
I support adoption.
Joseph
> On 30 Sep 2023, at 13:52, Rifaat Shekh-Yusef wrote:
>
> All,
>
> This is an official call for adoption for the JWT and CWT Status List draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>
> Please, reply on the mailing list and let
