Re: [OAUTH-WG] SD-JWT, use of JSON path in disclosure claim name

We use JSON Path internally, we also use the !sd tags in YAML to annotate disclosable terms. We wrote a utility that converts from a YAML file with !sd tags to a set of JSON Pointers, for convenience. I think the current approach in SD-JWT is to treat the "definition of disclosable claims" as an

[OAUTH-WG] SD-JWT, use of JSON path in disclosure claim name

I was wondering if ever occured to use a JSON path-like approach as disclosure name. This will result in a single top level _sd key and will remove the need for sperating discolsures that conern objects vs those that concern arrays. If this has been disussed in the past, what are its

Re: [OAUTH-WG] [SPICE] OAuth Digital Credential Status Attestations

Hi Giuseppe, I missed this > IMO, neither the "Token Status List", nor to the "OAuth Status Attestations" are the right way to address two privacy considerations: "Unlinkability between verifiers" and "Untrackability by digital credential issuers". here my notes *Unlinkability between

Re: [OAUTH-WG] [SPICE] OAuth Digital Credential Status Attestations

I missed this > IMO, neither the "Token Status List", nor to the "OAuth Status Attestations" are the right way to address two privacy considerations: "Unlinkability between verifiers" and "Untrackability by digital credential issuers". here my notes *Unlinkability between verifiers* Status

Re: [OAUTH-WG] [SPICE] OAuth Digital Credential Status Attestations

Ciao Denis, I agree with you until I find that the presentation/credential format has the feature to attest its (non-)revocation. I was a BLS signature evangelist at least two years ago. Working in the government field, I am now required to use formats that are globally recognized and

Re: [OAUTH-WG] [SPICE] OAuth Digital Credential Status Attestations

Hi Giuseppe, We are on different tracks. There is however a common point in our two approaches: "however, we assume that the Wallet Instance had an internet connection within the last 24h". However, there is no need to present an "OAuth Status Attestation" to a verifier. IMO, neither the

Re: [OAUTH-WG] [SPICE] OAuth Digital Credential Status Attestations

Ciao Denis, OAuth Status Attestation was born because of some different approches with the oauth status list token, I really would like to have a single specification with the two approaches. I report below and explain the main differences between the status attestation and the status list token.

Re: [OAUTH-WG] [SPICE] OAuth Digital Credential Status Attestations

Hi Guiseppe, In your reply, you cut the main content of my original text and hence you didn't reply to it. In addition, you missed to pay attention to the email I sent yesterday in my response to "I-D Action: draft-ietf-oauth-status-list-01.txt". I copy some parts of it below: Another