[OAUTH-WG] Re: WGLC for Token Status List

2025-02-07 Thread Rohan Mahy
Hi Paul, Apparently my review (based on -06) and your publication of -07 happened at about the same time. I will reread -07 and provide my feedback soon. Regarding point 4, I wrote a quick test while having lunch that shows that a deflate (level=12) compressed bit-stream becomes much more efficie

[OAUTH-WG] Re: WGLC for Token Status List

2025-02-06 Thread Paul Bastian
Hi Rohan, thanks for your feedback. Answers are inline: On 06.02.25 02:21, Rohan Mahy wrote: Hi, I support the overall goals of this document. I do *not* think the document was ready for WGLC; at minimum there are still plenty of TBDs and TODOs in the text. Below are some comments: We do not h

[OAUTH-WG] Re: WGLC for Token Status List

2025-02-05 Thread Rohan Mahy
Hi, I support the overall goals of this document. I do *not* think the document was ready for WGLC; at minimum there are still plenty of TBDs and TODOs in the text. Below are some comments: 1. I would prefer we make the document standards track instead of informational. 2. You have to read throug

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-17 Thread Christian Bormann
Hi Watson, > My consideration here is just about the cost in bits. 1 bit status - easy, everyone gets the same thing, wanted it. 2 bit status - by only defining one of them in the application, we force any application with 2 defined statuses up to 4 bit status symbols. Feels like a waste. That is d

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-16 Thread Watson Ladd
On Thu, Jan 16, 2025 at 12:49 AM Christian Bormann wrote: > > Hi Watson, > > > > We tried to bring your points into the OAuth interim meeting. Here my attempt > to reflect the major parts of the discussion that happened there and the > perspective from the editors: Thanks and sorry to have comp

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-16 Thread Christian Bormann
Hi Watson, We tried to bring your points into the OAuth interim meeting. Here my attempt to reflect the major parts of the discussion that happened there and the perspective from the editors: The allocation of status types in the registry has implications, and Idon't think they are the right ones.

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-13 Thread Denis
FYI, I have posted 3 new issues: Proposed replacement for 13.1, 13.2 and 13.3 placed under section 13 (Implementation Considerations) #219 Comments on section 12.5.2 Unlinkability

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-08 Thread Dean Saxe
; > *Date: *Thursday, 2. January 2025 at 15:23 > *To: *Rifaat Shekh-Yusef , oauth > *Subject: *[OAUTH-WG] Re: WGLC for Token Status List > > Hi Rifaat, > > Just first time reading this new spec, and I have one doubt, in section > “111. Correct decoding and parsing of the encoded S

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-08 Thread chris.borm...@gmx.de
Hi Jorge, With that part, we meant the examples given in Section 4 & 10 where examples are given for 1 and 2 bit status lists (byte array and base64url encoding for the JWT variant).Perhaps a general question: Would more and bigger examples / test vectors be helpful? Best Regards,Christian From: Ol

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-03 Thread Dean Saxe
Oops, my mistake. I think the doc is ready to move forward. -dhs -- Dean H. Saxe, CIDPRO Principal Engineer Office of the CTO Beyond Identity dean.s...@beyondidentity.com On Jan 2, 2025 at 12:57:57 PM, Rifaat Shekh-Yusef wrote: > Dean, Giuseppe, > > This is *not

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Watson Ladd
Hello, I've taken a look at the document. There are some things that confuse me. First off section 1.3 isn't something I've seen in other IETF documents. I do think it's a good idea. The allocation of status types in the registry has implications, and I don't think they are the right ones. First

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Rifaat Shekh-Yusef
Dean, Giuseppe, This is *not* a call for adoption, but rather a *WG Last Call.* Please, review the document and provide feedback on the mailing list, if you have any. Regards, Rifaat On Thu, Jan 2, 2025 at 3:37 PM Giuseppe De Marco wrote: > Hi, > > I support adoption. > > Il giorno gio 2 gen

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Giuseppe De Marco
Hi, I support adoption. Il giorno gio 2 gen 2025 alle ore 14:53 Rifaat Shekh-Yusef < rifaat.s.i...@gmail.com> ha scritto: > All, > > This is a WG Last Call for the *Token Status List *document. > https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ > > Please, review this document and

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Dean Saxe
I support adoption. Reading the text this morning I found a minor nit that I issued a PR to fix. This PR should not prevent WGLC since it corrects the use of a homonym and makes no technical edits. -dhs -- Dean H. Saxe, CIDPRO

[OAUTH-WG] Re: WGLC for Token Status List

2025-01-02 Thread Oliva Fernandez, Jorge
Hi Rifaat, Just first time reading this new spec, and I have one doubt, in section “11.1. Correct decoding and parsing of the encoded Status List” say “Implementations are RECOMMENDED to verify correctness using the test vectors given by this specification.” Where are this test vectors located