Hello, On the last SPICE proponents call, we discussed the follow up from the last IETF.
OAuth has adopted "verifiable credentials" in JSON related work items, and unless something changes, we expect that trend to continue for JSON based claimsets, verifiable credential related extensions to OAuth defined data formats, like JWT, SD-JWT, Status Lists, VC-JWT-SD, and any future formats that might be used in access or identity tokens (BBS / JWP). On the SPICE calls we've seen no major interest in doing credential related work in JSON, while we have seen a lot of interest in doing digital credential work in CBOR. Now is your chance to argue that SPICE (in its first ever charter) can effectively support aligning JWT / CWT claimsets, and meaningfully address our intended charter deliverables, for which there is now an updated PR: https://github.com/transmute-industries/ietf-spice-charter/pull/15 and that OAuth should not handle the JSON part of the "3 party model", "verifiable credentials" and "JSON related digital identity formats". Unless we receive a strong response contradicting the assertions in the subject of this email, we plan to reduce the scope of SPICE to focus on CBOR. If SPICE forms, and things change in OAuth, perhaps a future SPICE charter might attempt alignment. We will gather feedback for 4 weeks, to account for the holidays, after which we will revise the draft charter to put JSON, JWT, SD-JWT and associated claims work out of scope. Regards, OS -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth