FAILED] Re: [OAUTH-WG] Privacy considerations
regarding RAR and authorization_details in AT JWT
I'll just add that RAR is in the very latter stages of IESG processing for
publication, which is a point in the process that is not particularly amenable
to changes from the WG.
On Wed, Dec 21,
I'll just add that RAR is in the very latter stages of IESG processing for
publication, which is a point in the process that is not particularly
amenable to changes from the WG.
On Wed, Dec 21, 2022 at 7:30 AM Justin Richer wrote:
> Hi Kai,
>
> Both of those approaches are common approaches for
Hi Kai,
Both of those approaches are common approaches for preventing the leakage of
private information in JWTs, and neither is specific to the RAR specification.
The use of RAR objects does make it easier to have more specific detail, but
that detail could have easily been leaked through a sc
Hi,
In the privacy considerations section of the RAR specification
(https://www.ietf.org/archive/id/draft-ietf-oauth-rar-21.html#name-privacy-considerationsit)
it is stated:
“The AS needs to take into consideration the privacy implications when
sharing authorization_details with the client or
