I was also surprised to see this agenda, based on the discussions on OAUTH and SPICE lists.
I am supportive of recapping, the great work that is happening at OAUTH, and how that work is applied outside of OAUTH to none OAUTH use cases. I don't think work items that are close to the finish line should be delayed, when we can all communicate effectively. OS On Wed, Nov 1, 2023 at 9:57 AM Brian Campbell <bcampbell= [email protected]> wrote: > I didn't expect to see SD-JWT as a "proposed work item" on the SPICE BoF > agenda because its appropriateness to be and stay in the OAuth WG had been > discussed on list (e.g., > https://mailarchive.ietf.org/arch/msg/oauth/6qjAsqLwyp5WoxqY3dVv8SJ5nVM/) > and SD-JWT wasn't mentioned in the SPICE BoF request > https://datatracker.ietf.org/doc/bofreq-prorock-secure-patterns-for-internet-credentials-spice/03/ > > On Wed, Nov 1, 2023 at 5:21 AM Hannes Tschofenig < > [email protected]> wrote: > >> Hi all, >> >> >> I am a bit puzzled by the response Pam and I received when putting the >> agenda for the SPICE BOF together. It appears that most people have not >> paid attention to the discussions during the last few months. >> >> >> Let me try to get you up to speed. So, here is my summary. >> >> >> The OAuth working group has seen a lot of interest in the context of the >> SD-JWT/VC work and there have been complaints about the three WG sessions >> we scheduled at the last IETF meeting. (FWIW neither Rifaat nor I >> understood why we received these complaints given that people asked us for >> more slots. But that's another story...) >> >> >> The SD-JWT/VC work is architecturally different to the classical OAuth >> (which is not a problem) but raises questions about the scope of the work >> done in the OAuth working group, as defined by the charter. The charter of >> a group is a "contract" with the steering committee (IESG) about the work >> we are supposed to be doing. There is the expectation that the work >> described in the charter and in the milestones somehow matches the work the >> group is doing (at least to some approximation). See also the mail from >> Roman to the OAuth list for the type of questions that surfaced: >> https://mailarchive.ietf.org/arch/msg/oauth/a_MEz2SqU7JYEw3gKxKzSrRlQFA/ >> >> >> In time for the Prague IETF meeting a BOF request (with the shiny name >> SPICE, see >> https://datatracker.ietf.org/doc/bofreq-prorock-secure-patterns-for-internet-credentials-spice/) >> was submitted. It was subsequently approved by the IESG. SPICE aims to >> cover the scope of the SD-JWT/VC work (plus work on defining the CWT-based >> counterparts) -- my rough summary; details are here: >> https://github.com/transmute-industries/ietf-spice-charter/blob/main/charter.md >> >> >> This BOF request again raised questions about the scope and the >> relationship with OAuth, see Roman's note here: >> https://mailarchive.ietf.org/arch/msg/spice/Aoe86A0x6bezllwx17Xd5TOQ3Pc/ >> >> >> Now, we are in the final stages of preparing the BOF for the Prague IETF >> and in the agenda preparation we repeately get asked the same question: >> >> >> "Has the transfer of some of the OAuth documents already been agreed?" >> >> >> The answer is "no". Nothing has been agreed. The purpose of the BOF is to >> find this agreement. >> >> >> So, if you have an opinion whether some of the OAuth documents (in >> particular draft-ietf-oauth-sd-jwt-vc, >> draft-ietf-oauth-selective-disclosure-jwt, draft-ietf-oauth-status-list) >> should move to a new working group then you should speak up **now**. >> >> >> The SPICE BOF (and the WIMSE BOF) will happen on Tuesday next week. The >> first OAuth WG session happens shortly afterwards (also on Tuesday). The >> outcome of the BOF(s) will guide us in our discussion about re-chartering >> the OAuth working group (which is an item on the OAuth agenda, see >> https://datatracker.ietf.org/meeting/118/materials/agenda-118-oauth-03). >> >> >> Rifaat, Pam and I are mediators in this process and therefore we rely on >> your input. Since you have to do the work, you should think about where you >> want to do it. >> >> >> Ciao >> >> Hannes >> >> >> PS: A process-related note. If you are author of a working group document >> you are working for the group. With the transition from an individual >> document to a working group document you have relinquished control to the >> group. While your opinion is important, it has the same weight as the >> opinion of any other working group participant. The theme is "We reject: >> kings, presidents, and voting. We believe in: rough consensus and running >> code". >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*-- > SPICE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/spice > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
