Standardization does not enable legal solutions – that`s job of legislators but
standardization shall recognize existing standardization on records management
which is affected here. Acc. to ISO 15489, ISO 30301 (ISO Tc 46 Sc 11) the
definition of retention period is in responsibility of records
On 17. Dec 2024, at 21:04, Paul Bastian wrote:
>
> RFC7049 doesn't even have a privacy consideration section although it
> contains linkable data structures that may be utilized to track users.
I’m not sure why you pick an RFC that has been superseded a while ago by an
Internet Standard, but l
Hi Watson
Just to respond to the suggested text:
>
> "When disclosures include information easily understood to be
> identifying, users intuitive view of what they are revealing largely
> matches the underlying technical reality. In cases where the
> information being disclosed is not identifyin
i don't disagree with Paul - my comments addressed the text of the change.
Will "Disclosures" be a part of the standard (even security concerns?)
If that is the case, then the means to address the disclosures will need to
be realistic.
AFAIK the only proposed use of the SD-JWT is in OID4VP. In th
I think people on this list are overly critical towards SD-JWT and I
don't understand it. I'm not aware that these kind of statements have
been done in other IETF standards in a comparable context. Please
correct me why neither JWT, CWT, JOSE, COSE, CBOR nor X.509 have
specific text about thes
That's because it isn't. SD-JWT has no direct dependency or relation to
any OpenID spec.
On 17.12.24 02:37, Watson Ladd wrote:
On Mon, Dec 16, 2024, 5:26 PM Tom Jones
wrote:
I could have been more clear. If a verifier is asking for
information, it must include strong human-centric
Legal requirements can only be adjudicated by legal means. The common
approach in standards developments should be to enable a legal solution not
to mandate it.
thx ..Tom (mobile)
On Mon, Dec 16, 2024, 11:14 PM Steffen Schwalm
wrote:
> In > 80% of use cases the retention period is not defined b
Thanks Philippe!
That's very helpful.
I wonder if there is a way to somehow capture some of this explanation in
the document to make sure implementers are clear on this issue?
Otherwise, I am fine with your explanation.
Regards,
Rifaat
On Tue, Dec 17, 2024 at 11:22 AM Philippe De Ryck <
phil
> On 17 Dec 2024, at 14:58, Rifaat Shekh-Yusef wrote:
>
> Thanks Philippe!
>
> Just to make sure I understand, with regards to the following statement:
>> When the attacker manages to send such a malicious request without a
>> preflight, the server would process it,...
>
> The server will proc
Hi
I’d appreciate your input in just one word or one sentence on a few points
regarding OAuth 2.0 Token Exchange integration—I’ll figure out the rest on
my own.
*Use Case:* Token Exchange Delegation Flow
Alice encounters an issue with the Acme Client Application and wants to
delegate authorizatio
Thanks Philippe!
Just to make sure I understand, with regards to the following statement:
> When the attacker manages to send such a malicious request without a
> preflight, the server would process it,...
The server will process it because of a bug on the server? or will it
always process such
11 matches
Mail list logo
