[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

My experience has been that greater specificity is appreciated. I think consensus (where “consensus” != “unanimity”) is the most significant measure of whether a “draft is complete” (and that the ADs are satisfied). I’m not arguing that the more specific text be included. I’m saying do not be

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

On Thu, Jan 9, 2025, 12:29 PM Dean Saxe wrote: > I agree with you, Paul. A statement that this is not anonymous should be > sufficient. > > -dhs > It isn't. The fact that this doesn't meet what everyone has for 2 decades held to be the definition of security in this area deserves to be explicit

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

I agree with you, Paul. A statement that this is not anonymous should be sufficient. -dhs--Dean H. Saxe, CIDPROPrincipal EngineerOffice of the CTOBeyond Identitydean.s...@beyondidentity.comOn Jan 9, 2025, at 12:10 PM, Paul Bastian wrote:It seems to me saying "SD-JWT is not an anonymous credential

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

It seems to me saying "SD-JWT is not an anonymous credential system according to " then seems sufficient, as most of the other text is already present in the thorough unlinkability section. Also I see that it gets increasingly difficult, if drafts have to enumerate all the things that they are

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

On Thu, Jan 9, 2025 at 10:39 AM Dean Saxe wrote: > > I’m struggling with the same thing. If there’s somewhere that this is > described/documented it should be linked from the text. I added the same > comment to the PR. > > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535#iss

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

I’m struggling with the same thing. If there’s somewhere that this is described/documented it should be linked from the text. I added the same comment to the PR. https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535#issuecomment-2580990520 -dhs -- Dean H. Saxe, CIDPRO

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

On Thu, Jan 9, 2025 at 10:24 AM Paul Bastian wrote: > > Hi Watson, > > Could you please link the standard security notation for anonymous > credentials that you are referring to? https://eprint.iacr.org/2001/019 > > Best, Paul > ___ > OAuth mailing lis

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

On Thu, Jan 9, 2025 at 11:18 AM Watson Ladd wrote: > > > On Thu, Jan 9, 2025, 10:14 AM Watson Ladd wrote: > >> >> >> On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman >> wrote: >> >>> Hi Watson, >>> >>> I thought it was a good suggestion and am looking forward to feedback >>> from others. >>> >>> I d

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

Hi Watson, Could you please link the standard security notation for anonymous credentials that you are referring to? Best, Paul ___ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

On Thu, Jan 9, 2025, 10:14 AM Watson Ladd wrote: > > > On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman > wrote: > >> Hi Watson, >> >> I thought it was a good suggestion and am looking forward to feedback >> from others. >> >> I didn't understand the part of the statement in the penultimate sentence

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

On Thu, Jan 9, 2025, 10:10 AM Pierce Gorman wrote: > Hi Watson, > > I thought it was a good suggestion and am looking forward to feedback from > others. > > I didn't understand the part of the statement in the penultimate sentence > which says, "but cannot work for Issuers". I should probably un

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

Hi Watson, I thought it was a good suggestion and am looking forward to feedback from others. I didn't understand the part of the statement in the penultimate sentence which says, "but cannot work for Issuers". I should probably understand what you meant without having to ask, but I don't. C

[OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations.

Pull request https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535 incorporates text based on this suggestion into the end of the Unlinkability subsection of the Privacy Considerations. Barring objections/concerns with this, we'll look to merge it and publish a new draft next week. O

[OAUTH-WG] Re: Fwd: New Version Notification for draft-ietf-oauth-selective-disclosure-jwt-14.txt

The holiday season derailed progress a bit but we are working to get back on track. That PR has now been merged. We hope/expect to have that and a few other items in a -15 draft published next week. On Fri, Dec 20, 2024 at 5:17 AM Deb Cooley wrote: > - Paul > > Brian, > > I have checked the