The privacy issues I have consistently raised have not been addressed through actionable text.
Implementers are not receiving guidance with the current version. The actual risks are buried below a bunch of words talking around the issue. I'll be very clear: if a user uses this technology to pass an age verification filter, they will end up exposing their complete identity without knowing it. This is an unacceptable risk, and no one disagrees the technology poses it. Implementers will often not have the skills or knowledge to identify this concern independently, and need actionable guidance on how to mitigate it. We provide far more actionable guidance on storage of credentials. On Fri, Oct 18, 2024 at 11:00 AM Rifaat Shekh-Yusef <[email protected]> wrote: > > All, > > This is a short second WG Last Call for the SD-JWT document after the recent > update based on the feedback provided during the first WGLC > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.txt > > Please, review this document and reply on the mailing list if you have any > comments or concerns, by Oct 25th. > > Regards, > Rifaat & Hannes > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Astra mortemque praestare gradatim _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
