subject:"\[OAUTH\-WG\] Re\: WGLC for SD\-JWT"

[OAUTH-WG] Re: WGLC for SD-JWT

2024-10-27 Thread Jeffrey Victorino

https://developers.google.com/identity/protocols/oauth2#libraries https://developers.google.com/profile/u/jeffreyvictorino92 victorinojeffrey...@gmail.com ___ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: WGLC for SD-JWT

2024-10-27 Thread Jeffrey Victorino

oauth@ietf.org https://developers.google.com/profile/u/jeffreyvictorino92 victorinojeffrey...@gmail.com ___ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-20 Thread Denis

*About disclosures for Array Elements versus disclosures of name/value pair* 1) The draft of Annex - Ares(2024)5786783 "laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards person identification data and electronic attest

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-20 Thread Brian Campbell

Resending this because I didn't see it show up in the list archive https://mailarchive.ietf.org/arch/browse/oauth/ On Thu, Sep 19, 2024 at 2:00 PM Brian Campbell wrote: > As an individual, I don't believe the additional text is necessary. > However, as an editor committed to that same goal of pu

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-19 Thread Brian Campbell

As an individual, I don't believe the additional text is necessary. However, as an editor committed to that same goal of publishing this specification as an RFC (hopefully soon), I'm happy to add it to the draft to help achieve that goal. On Tue, Sep 17, 2024 at 10:01 PM Michael Jones wrote: >

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-17 Thread Michael Jones

I'm going to resurrect exactly one of my previous review comments that was not addressed. The original comment was: 6.1. Issuance

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-17 Thread Denis

*All,* *Below are my comments:* *1.Introduction* ** *The introduction is too long and far from being crystal clear. Text proposal: This document specifies the encoding of digital credentials issued by a digital credential issuer (Issuer) that allows an holder application (Holder) placed unde

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-15 Thread Dick Hardt

Working on a PR ... On Thu, Sep 12, 2024 at 11:37 PM Brian Campbell wrote: > Thanks Dick, > > Some hopefully not-difficult-to-parse responses are inline below. > > On Wed, Sep 4, 2024 at 6:25 AM Dick Hardt wrote: > >> A while ago in an in-person meeting I provided feedback that the >> introduct

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-13 Thread Watson Ladd

On Fri, Sep 13, 2024 at 10:17 AM Brian Campbell wrote: > > Watson, > > Thank you for your comments during the Vancouver meeting and subsequently on > the mailing list. Your input helped initiate some valuable discussions, and > I’ve incorporated additional text into the Unlinkability subsection

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-13 Thread Brian Campbell

Watson, Thank you for your comments during the Vancouver meeting and subsequently on the mailing list. Your input helped initiate some valuable discussions, and I’ve incorporated additional text into the Unlinkability subsection under the Privacy Considerations to reflect the general consensus tha

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-12 Thread Brian Campbell

Thanks Neil, That is indeed an error. Thanks for catching that. We'll get it fixed. I see how that other part is a bit confusing too and will look at improving how those pieces flow together. And also maybe fix some other stuff in that area while we're at it, like inadequate salt length in at leas

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-12 Thread Brian Campbell

On Thu, Sep 5, 2024 at 8:18 AM Judith Kahrer wrote: > I gave the -12 revision a read. Thanks for the great work Brian, Kristina > and Dr. Fett. > Thanks for the thanks Judith. And also thanks for using the proper salutation for Daniel. > One thing that I find confusing is the term “Issuer-sig

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-12 Thread Brian Campbell

Thanks Judith, Some additional discussion on your comments/questions/suggestions is inline below. On Thu, Sep 5, 2024 at 7:48 AM Judith Kahrer wrote: > > I agree, I also think the intro is hard to read. There are some more > points that I want to add with regard to the introduction: > > > The

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-12 Thread Brian Campbell

Thanks Dick, Some hopefully not-difficult-to-parse responses are inline below. On Wed, Sep 4, 2024 at 6:25 AM Dick Hardt wrote: > A while ago in an in-person meeting I provided feedback that the > introduction was difficult to parse. It still is. A few comments inserted > to illustrate. > > I'l

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-05 Thread Judith Kahrer

I gave the -12 revision a read. Thanks for the great work Brian, Kristina and Dr. Fett. One thing that I find confusing is the term “Issuer-signed JWT”. Isn’t it self-evident that a signed JWT is signed by its Issuer (that is its creator as defined in the spec)? I think, the spec would read jus

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-05 Thread Judith Kahrer

I agree, I also think the intro is hard to read. There are some more points that I want to add with regard to the introduction: > The JSON-based representation of claims in a signed JWT is secured against > modification using JWS digital signatures. A consumer of a signed JWT that > has checke

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-04 Thread Watson Ladd

The privacy considerations section does not have enough RFC 2119 language in the Unlinkability section. There is no workable guidance on how to mitigate these risks. Presentation to users is not a workable solution: please learn from how browsers have suffered a lot at this. It's also very prolix.

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-04 Thread Neil Madden

I haven’t read the latest draft in a lot of detail, but I did check over the cryptographic details again and everything seems reasonable to me. One error I noticed in section 5.2.4.1: "For example, using the digest of the object property Disclosure created above, the Issuer could create the fol

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-04 Thread Dick Hardt

A while ago in an in-person meeting I provided feedback that the introduction was difficult to parse. It still is. A few comments inserted to illustrate. I'll raise my hand to provide alternative text if the authors are interested. /Dick > 1. >

[OAUTH-WG] Re: WGLC for SD-JWT

2024-09-03 Thread Brian Campbell

Thanks Rifaat & Hannes, In an effort to make the most up-to-date content available for the WGLC period, a -12 revision was just recently published, which contains a number of editorial improvements. https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html Respectfully,

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

[OAUTH-WG] Re: WGLC for SD-JWT

20 matches

Site Navigation

Mail list logo

Footer information