We use JSON Path internally, we also use the !sd tags in YAML to annotate
disclosable terms.
We wrote a utility that converts from a YAML file with !sd tags to a set of
JSON Pointers, for convenience.
I think the current approach in SD-JWT is to treat the "definition of
disclosable claims" as an
I was wondering if ever occured to use a JSON path-like approach as
disclosure name. This will result in a single top level _sd key and will
remove the need for sperating discolsures that conern objects vs those that
concern arrays. If this has been disussed in the past, what are its
Hi Giuseppe,
I missed this
> IMO, neither the "Token Status List", nor to the "OAuth Status
Attestations" are the right way to address two privacy considerations:
"Unlinkability between verifiers" and "Untrackability by digital
credential issuers".
here my notes
*Unlinkability between
I missed this
> IMO, neither the "Token Status List", nor to the "OAuth Status
Attestations" are the right way to address two privacy considerations:
"Unlinkability between verifiers" and "Untrackability by digital credential
issuers".
here my notes
*Unlinkability between verifiers*
Status
Ciao Denis,
I agree with you until I find that the presentation/credential format has
the feature to attest its (non-)revocation. I was a BLS signature
evangelist at least two years ago. Working in the government field, I am
now required to use formats that are globally recognized and
Hi Giuseppe,
We are on different tracks.
There is however a common point in our two approaches: "however, we
assume that the Wallet Instance had an internet connection within the
last 24h".
However, there is no need to present an "OAuth Status Attestation" to a
verifier.
IMO, neither the
Ciao Denis,
OAuth Status Attestation was born because of some different approches with
the oauth status list token, I really would like to have a single
specification with the two approaches.
I report below and explain the main differences between the status
attestation and the status list token.
Hi Guiseppe,
In your reply, you cut the main content of my original text and hence
you didn't reply to it.
In addition, you missed to pay attention to the email I sent yesterday
in my response to "I-D Action: draft-ietf-oauth-status-list-01.txt".
I copy some parts of it below:
Another