Thank you for presenting your proposal to the group in Brisbane. Reading through the draft, it seemed that there are really two topics in here, and I'm wondering how they could be split:
1, a data structure for complex access rights 2, a cryptographic mechanism for selectively encrypting some of those rights to protect them from unintentional audiences. The data structure used to convey the access rights seems very similar to the object structure defined by RAR, RFC9396: https://www.rfc-editor.org/rfc/RFC9396 I was unable to find something in this data structure that is required to provide the cryptographic hiding functionality, have I missed something? Or would it be possible to apply this to RAR objects? Does the key distribution happen or of band of the protocol? In the oauth world, would these keys become part of the RS configuration? Thank you, - Justin ________________________________ From: OAuth <[email protected]> on behalf of jiangcheng <[email protected]> Sent: Tuesday, March 19, 2024 9:42 PM To: [email protected] <[email protected]> Cc: zhangjl382 <[email protected]>; jill32 <[email protected]> Subject: [OAUTH-WG] draft-zhang-jose-json-fine-grained-access Dear oauth, We have a draft and we are looking forward to soliciting comments on it. https://datatracker.ietf.org/doc/draft-zhang-jose-json-fine-grained-access/ Best regards
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
