[OAUTH-WG] One-time confirmation tokens

Let's take the following (very common) scenario: * A user logs into the system; * They request an operation that might require additional confirmation from the user, at the system's discretion. The most common example would be payment / money transfer, but could also be generating a statement or sh

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Thanks Denis! This is very helpful. On Thu, Jun 13, 2024 at 3:24 PM Denis wrote: > Hi Rifaat, > > FYI, I copy and paste a part of a message I sent to saag on 14/03/2024. > > *Every RFC shall include a "Terms and definitions" section for the > vocabulary that it uses* > > This topic is rath

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Hi Rifaat, FYI, I copy and paste a part of a message I sent to saag on 14/03/2024. *Every RFC shall include a "Terms and definitions" section for the vocabulary that it uses* This topic is rather for the IESG, but could be reported to the IESG by the SEC ADs. Every I

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Rifaat Shekh-Yusef wrote: > That's where we started, but that was deemed problematic because that > document was produced as an Independent Submission Stream, which is > outside of the IETF process. Also, the RFC is a static document, while > what we are proposing is a living and

[OAUTH-WG] Re: [ID-align] Re: Re: Re: Fwd: Internet Terminology Glossary

I had to look up "concordance" For drafts being worked on, it is a concordance. For finalized documents, it is a glossary. On Thu, Jun 13, 2024 at 2:26 PM Watson Ladd wrote: > On Thu, Jun 13, 2024 at 2:20 PM Dick Hardt wrote: > > > > > > > > On Thu, Jun 13, 2024 at 1:37 PM Denis wrote: > >> >

[OAUTH-WG] Re: [ID-align] Re: Re: Re: Fwd: Internet Terminology Glossary

On Thu, Jun 13, 2024 at 2:20 PM Dick Hardt wrote: > > > > On Thu, Jun 13, 2024 at 1:37 PM Denis wrote: >> >> >> The two following sentences seem to be contradictory: >> >> The glossary will contain: terms and definitions used in finalized >> documents; and references to new terms and definitions

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

On Thu, Jun 13, 2024 at 1:37 PM Denis wrote: > > The two following sentences seem to be contradictory: > > The glossary will contain: terms and definitions used in finalized > documents; and references to new terms and definitions being proposed in > draft documents. > > New definitions for exist

[OAUTH-WG] Re: Fwd: Internet Terminology Glossary

If you want a dynamic document, you could create a BCP. And the RFC could indicate that it obsoletes RFC 4949. From: Rifaat Shekh-Yusef Sent: Thursday, June 13, 2024 10:34 AM To: Michael Jones Cc: oauth ; id-al...@ietf.org Subject: Re: [OAUTH-WG] Fwd: Internet Terminology Glossary That's wher

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Some comments on the glossary Introduction "This is a living document ..." It should rather be a querying tool. "This is a living document that captures how key terms are used in IETF and other SDO documents." "used in IETF" might

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

** living document*. On Thu, Jun 13, 2024 at 4:22 PM Rifaat Shekh-Yusef wrote: > Adding the id-align list to the thread. > > The *draft* proposal is talking about a *live* document, with some ideas > borrowed from the IANA registry process. > We are sharing this here to get the community's thoug

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Adding the id-align list to the thread. The *draft* proposal is talking about a *live* document, with some ideas borrowed from the IANA registry process. We are sharing this here to get the community's thoughts on this, so we would together come up with a proper process for such a document. Regar

[OAUTH-WG] Re: Fwd: Internet Terminology Glossary

That's where we started, but that was deemed problematic because that document was produced as an Independent Submission Stream, which is outside of the IETF process. Also, the RFC is a static document, while what we are proposing is a living and dynamic document. Regards, Rifaat On Thu, Jun 13

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

On 2024-06-13, at 22:02, Dick Hardt wrote: > > ISO has its processes and IETF has its processes Right. We don’t have a process for living documents. (We do have processes for IANA registries, which could be misused here. Maybe that is actually what you are trying to do here. I’d love to be

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

ISO has its processes and IETF has its processes While useful to learn from other SDOs, we don't all need to work the same way. In the proposal, any WG can propose a new definition for an existing term, and refer to that definition. Collecting all the definitions is one of the goals. Is there a c

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Hi Dick, Living document is the right term. A living *database* would be the right term. :-) Note also that within ISO there is NOT a single definition for each term. As an example, there are *81* results for the term "credential". Each ISO document is free to use its own terms ... as long

[OAUTH-WG] Re: Fwd: Internet Terminology Glossary

A BCP is not a living document. We do not want to publish a new RFC every time there is a new term defined somewhere. On Thu, Jun 13, 2024 at 1:50 PM Michael Jones wrote: > If you want a dynamic document, you could create a BCP. And the RFC could > indicate that it obsoletes RFC 4949. > > > >

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

Living document is the right term. A key objective is that the glossary is a collection of definitions that were made in other documents. Terms can only be added to the glossary if they have an existing definition. This (hopefully) prevents the glossary work from becoming a bikeshedding activity.

[OAUTH-WG] Re: [ID-align] Re: Fwd: Internet Terminology Glossary

I think we are in agreement here. I did not mean for "dynamic" to be interpreted as the term might change after it was defined. I will try to avoid using the term "dynamic" to avoid any future confusion. Regards, Rifaat On Thu, Jun 13, 2024 at 3:10 PM Michael Richardson wrote: > > Rifaat She

[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-selective-disclosure-jwt-09.txt

Greetings fellow OAUTH WG mail list subscribers, It is with great pleasure that I announce the recent publication of the -09 draft of the SD-JWT document. The usual datatracker, etc. links are below along with a quick summary of the changes in this revision (copied from the document history). I k

[OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-09.txt

Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-09.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Selective Disclosure for JWTs (SD-JWT) Authors: Daniel Fett Kristina Yasuda Brian Campbell Name:

[OAUTH-WG] Re: Fwd: Internet Terminology Glossary

Is this intended to replace https://www.rfc-editor.org/rfc/rfc4949.html? From: Rifaat Shekh-Yusef Sent: Thursday, June 13, 2024 9:14 AM To: oauth Subject: [OAUTH-WG] Fwd: Internet Terminology Glossary -- Forwarded message - From: Rifaat Shekh-Yusef mailto:rifaat.s.i...@gmail.c

[OAUTH-WG] Fwd: Internet Terminology Glossary

-- Forwarded message - From: Rifaat Shekh-Yusef Date: Thu, Jun 13, 2024 at 11:38 AM Subject: Internet Terminology Glossary To: All, Dick and I put together the following *draft* proposal for an *Internet Terminology Glossary*: https://github.com/dickhardt/glossary/blob/main/glo

[OAUTH-WG] Re: Call for adoption - PIKA

Comment inline. On Wed, Jun 12, 2024 at 8:39 AM Giuseppe De Marco wrote: [snip] > > Today relying parties verify the issue domain indirectly by opening a > TLS connection to the https URL of the issuer, which involves an X.509 > validation of the issuer domain name in the URL. > > Amen. this giv