[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-selective-disclosure-jwt-21.txt

Wed, 28 May 2025 19:27:49 -0700 

Hi folks,

I saw one confusing item in this document. In section 4.2.4.2. at the end,
it states:

In the example above, the verification process would
   output an array with only one element unless a matching Disclosure
   for the second element is received.

But the example looks like this:

{
     "nationalities":
       ["DE", {"...":"w0I8EKcdCtUPkGCNUrfwVp2xEgNjtoIDlOxc9-PlOhs"}, "US"]
   }

My reading is that the second element of the array would be omitted if the
verifier didn't receive the matching disclosure, but the first and third
elements would be delivered. Therefore the array would have two elements if
no disclosure was received.

I reviewed section 7 but didn't see anything about removing elements of an
array after an element that was selectively disclosed (as the
{"...":"w0I8EKcdCtUPkGCNUrfwVp2xEgNjtoIDlOxc9-PlOhs"} is).

What am I missing?

Dan

On Wed, May 28, 2025 at 11:47 AM <internet-dra...@ietf.org> wrote:

> Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-21.txt is now
> available. It is a work item of the Web Authorization Protocol (OAUTH) WG
> of
> the IETF.
>
>    Title:   Selective Disclosure for JWTs (SD-JWT)
>    Authors: Daniel Fett
>             Kristina Yasuda
>             Brian Campbell
>    Name:    draft-ietf-oauth-selective-disclosure-jwt-21.txt
>    Pages:   96
>    Dates:   2025-05-28
>
> Abstract:
>
>    This specification defines a mechanism for the selective disclosure
>    of individual elements of a JSON data structure used as the payload
>    of a JSON Web Signature (JWS).  The primary use case is the selective
>    disclosure of JSON Web Token (JWT) claims.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
>
> There is also an HTML version available at:
>
> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-21.html
>
> A diff from the previous version is available at:
>
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-selective-disclosure-jwt-21
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-le...@ietf.org
>

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to