[OAUTH-WG] Re: SD-JWT architecture feedback

Hi Dick, Am 21.09.24 um 06:41 schrieb Dick Hardt: Hey Brian, Kristina, Daniel I appreciate you have been working on this for a while, and this feedback is last minute, and people have already working code that works with it -- so this is unlikely to be welcome feedback -- but in the spirit o

[OAUTH-WG] Re: SD-JWT and Unlinkability

Hi Dick, Batch credential (not claims) issuing has become the default approach to circumvent the inherent limitations of salted-hash-based credentials formats. This was neither invented by us, nor is it unreasonable to ask implementers to do it. Protocols such as OpenID4VCI support it. -Dani

[OAUTH-WG] Leading underscores in SD-JWT Claim Names (was SD-JWT architecture feedback)

SD-JWT is following an existing OAuth (and OpenID) convention by including an underscore prefix in the names of claims about claims. You’ll find that _claim_names and _claim_sources are registered at https://www.iana.org/assignments/jwt/jwt.xhtml, which are both claims about claims, rather tha

[OAUTH-WG] Explicit typing of SD-JWTs (was SD-JWT architecture feedback)

Actually, the JWT BCP (which we were both authors of) does not recommend using a single media type. Rather, it recommends using a specific media type suffix in the “typ” values: When explicit typing is employed for a JWT, it

[OAUTH-WG] Re: SD-JWT architecture feedback

On Sat, Sep 21, 2024 at 4:28 PM Daniel Fett wrote: > Hi Dick, > Am 21.09.24 um 06:41 schrieb Dick Hardt: > > Hey Brian, Kristina, Daniel > > I appreciate you have been working on this for a while, and this feedback > is last minute, and people have already working code that works with it -- > so

[OAUTH-WG] Re: SD-JWT architecture feedback

+1 On Sat, Sep 21, 2024 at 6:44 AM Dick Hardt wrote: > Hey Brian, Kristina, Daniel > > I appreciate you have been working on this for a while, and this feedback > is last minute, and people have already working code that works with it -- > so this is unlikely to be welcome feedback -- but in the

[OAUTH-WG] Re: SD-JWT and Unlinkability

that doesn't answer the question about users randomly selecting some to store and some to reject. This seems to me like user private information. As is most of the feedback to the issuer from the wallet. Peace ..tom jones On Sat, Sep 21, 2024 at 7:30 AM Daniel Fett wrote: > Hi Dick, > > Batch

[OAUTH-WG] Re: SD-JWT and Unlinkability

I understand it has become the accepted approach. It still comes across as a hack, and there is no guidance on how many to issue, nor how a holder chooses when to reissue the same ones. I'm amused by the decision to use implicit typing in a disclosure to save a few bytes, but we will send dozens o