rt, but it's a start.
https://github.com/jaredhanson/id-oauth-fido2/blob/main/draft.txt
Aaron
On Fri, Dec 23, 2022 at 1:37
PM David Chadwick <d.w.chadw...@verifiablecrede
Yes, I already proposed this to the OpenID4VCs working group. You
can see my proposal here
https://bitbucket.org/openid/connect/issues/1542/support-for-fido-authentication
This proposes two new authorization grant types of "FIDO
Registration" and "FIDO Authentication"
Answers inline below
On 03/08/2022 14:57, Torsten
Lodderstedt wrote:
Am 02.08.2022 um 19:30 schrieb David
Chadwick :
Hi Torsten
your use case
Hi Guiseppe
On 03/08/2022 01:02, Giuseppe De Marco
wrote:
Hi Neil,
The problem of the linkability affects both
sd-jwt (opaque values) and traditional jwt (readable values).
Not if
Hi Torsten
your use case sounds like an online use case, not an offline one.
So its a question of balancing a long lived SD-JWT along with a
revocation mechanism vs a short lived minimal JWT containing just
the claims that are needed.
I thought that SAML, OAuth2
On Behalf Of
Warren Parad
Sent: Tuesday, August 2, 2022 7:56 AM
To: David Chadwick
Cc: oauth
Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT
In the case we do that, this spec doesn&#x
a SD-JWT
with blinded properties
kind regards
David
On Tue, Aug 2, 2022, 13:39
David Chadwick <d.w.chadw...@verifiablecredentials.info>
wrote:
Hi Warren
I am speaking about the
would go a long way.
On Mon, Aug 1, 2022 at 6:56 PM
David Chadwick <d.w.chadw...@verifiablecredentials.info>
wrote:
Hi Aaron
I think we have different menta
On 01/08/2022 18:39, Warren Parad
wrote:
So
the question is how many offline interactions are there, and what
do those look like?
This to me is the key question. If the vast majority of
transactions between the user/wallet and the RP are on
Aaron Parecki
On Mon, Aug 1, 2022 at 9:22
AM David Chadwick <d.w.chadw...@verifiablecredentials.info>
wrote:
thanks Guiseppe. Glad to hear that
2, 14:50 David
Chadwick <d.w.chadw...@verifiablecredentials.info>
ha scritto:
I would like to add a few further points.
The age-over property is more complex than your example,
because a driving license on
this?
What happens when different countries have different
"standard claims"?
On Mon, Aug 1, 2022 at 1:29 PM
David Chadwick <d.w.chadw...@verifiablecredentials.info>
wrote:
On 01/08/2022 11:55, Neil Madden wrote:
I agree with many of these points that Jaimandeep Singh raises.
It would be good to know exactly what the intended
use-cases within OAuth are. In particular, in OAuth it’s
normal
included in
“sd_digests”.
Best,
Kristina
From: David Chadwick
Sent: Friday, June 24, 2022 2:16 AM
To: Kristina Yasuda
; oauth@ietf.org
Hi Denis
I tend to agree with you. Sending the same JWT to multiple
different RPs is providing them all with a correlating handle and
this drawback should be pointed out.
Kind regards
David
On 23/06/2022 18:04, Denis wrote:
Hi Danie
,
Kristina
From: OAuth
On Behalf Of
David Chadwick
Sent: Thursday, June 23, 2022 10:20 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Presenting Selective
Disclosure JWT (SD-JWT
Hi Daniel
Whilst I commend your initial efforts at SD, I find that the
current draft is too privacy invasive since it reveals to the RP
every property type that the user possesses, even though it does
not reveal the property values. Revealing property types might be
Hi Mike
thanks for your suggestions. I am quite
happy to replace base64 with base64url encoding.
I have talked to David Waite about an
alternative coding method. As always it is a tradeoff between
processing vs. storage/transfer size. The mor
.
Thanks again,
-- Mike
From: David Chadwick
Sent: Monday
A new version of I-D, draft-chadwick-oauth-jwk-uri-00.txt
has been successfully submitted by David W Chadwick and posted to
the
IETF repository.
Name: draft-chadwick-oauth-jwk-uri
Revision: 00
Title: JWT URI
Document date: 2022
ed correct.
Best wishes,
-- Mike
From: OAuth
On Behalf Of David Chadwick
Se
.
Best wishes,
-- Mike
From: OAuth
On Behalf Of
David Chadwick
Sent: Friday, February
On 02/02/2022 12:18, Rifaat Shekh-Yusef
wrote:
All,
The JWK Thumbprint URI document is a simple and
straightforward specification.
Actually this is a complex and inefficient specification compared
to o
From: David Waite
Sent: Wednesday, November 24, 2021 2:42 PM
To: Mike Jones
Cc: David Chadwick ;
oauth@ietf.org
Subject: Re: [OAUTH-WG] JWK Thumbprint URI
Specification
Cheers,
-- Mike
From: OAuth
On Behalf Of
David Chadwick
Sent: Wednesday, November 24, 2021 12:36 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] JWK Thum
On 24/11/2021 20:07, Mike Jones wrote:
The JSON Web Key (JWK)
Thumbprint specification [RFC
7638] defines a method for computing a hash
value over a JSON Web Key (JWK) [RFC
7517] and enc
What we have done in our verifiable
credentials implementation is to define sub as did:jwk:. (Note this is a non-standard
DID.) Then the JWT is signed with the corresponding private key.
This provides a JWT that is tamperproof and provides POP, but of
course it do
comes in the verification
-Original Message-
From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk]
Sent: Sunday, December 30, 2012 12:20 AM
To: Anthony Nadalin
Cc: Mike Jones; IETF oauth WG
Subject: Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
On 30/12/2012 00:28, Anthony Nadalin
would say that in Oauth you can present a claim or a credential.
regards
David
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David
Chadwick
Sent: Saturday, December 29, 2012 1:42 AM
To: Mike Jones
Cc: IETF oauth WG
Subject: Re: [OAUTH-WG
If a claim provides proof then I would call it a credential not a claim
David
On 29/12/2012 01:11, Mike Jones wrote:
I found the X.1252 definition. It is:
*6.18 claim *[b-OED]: To state as being the case, without being able to
give proof.
That seems both a bit vague, and actually incorrect,
30 matches
Mail list logo
