[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Watson Ladd
Hello, I've taken a look at the document. There are some things that confuse me. First off section 1.3 isn't something I've seen in other IETF documents. I do think it's a good idea. The allocation of status types in the registry has implications, and I don't think they are the right ones. First

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Rifaat Shekh-Yusef
Dean, Giuseppe, This is *not* a call for adoption, but rather a *WG Last Call.* Please, review the document and provide feedback on the mailing list, if you have any. Regards, Rifaat On Thu, Jan 2, 2025 at 3:37 PM Giuseppe De Marco wrote: > Hi, > > I support adoption. > > Il giorno gio 2 gen

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Giuseppe De Marco
Hi, I support adoption. Il giorno gio 2 gen 2025 alle ore 14:53 Rifaat Shekh-Yusef < rifaat.s.i...@gmail.com> ha scritto: > All, > > This is a WG Last Call for the *Token Status List *document. > https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ > > Please, review this document and

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Dean Saxe
I support adoption. Reading the text this morning I found a minor nit that I issued a PR to fix. This PR should not prevent WGLC since it corrects the use of a homonym and makes no technical edits. -dhs -- Dean H. Saxe, CIDPRO

[OAUTH-WG] Re: [External Sender] Re: Alternative text for sd-jwt privacy considerations.

2025-01-02 Thread Watson Ladd
On Thu, Jan 2, 2025, 7:00 AM George Fletcher wrote: > +1 for including "something along those lines" in the existing > considerations > > I would be cautious about defining or assuming "what users naively expect" > as my guess is that most users are not thinking about the things we are > thinking

[OAUTH-WG] Re: [External Sender] Re: Alternative text for sd-jwt privacy considerations.

2025-01-02 Thread George Fletcher
+1 for including "something along those lines" in the existing considerations I would be cautious about defining or assuming "what users naively expect" as my guess is that most users are not thinking about the things we are thinking about :) That said, any objective considerations make sense so t

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Oliva Fernandez, Jorge
Hi Rifaat, Just first time reading this new spec, and I have one doubt, in section “11.1. Correct decoding and parsing of the encoded Status List” say “Implementations are RECOMMENDED to verify correctness using the test vectors given by this specification.” Where are this test vectors located

[OAUTH-WG] WGLC for Token Status List

2025-01-02 Thread Rifaat Shekh-Yusef
All, This is a WG Last Call for the *Token Status List *document. https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ Please, review this document and reply on the mailing list if you have any comments or concerns, by *Jan 17th*. Note that this document will be discussed during the OAu