Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

Congratulations! On Aug 11, 2023 22:19 +0900, Oliver Terbu , wrote: > Thank you very much! We greatly appreciate your insightful feedback and > continuous support. As we move forward, we are fully committed to diligently > refining the document to meet the rigorous technical standards upheld by

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

Thank you very much! We greatly appreciate your insightful feedback and continuous support. As we move forward, we are fully committed to diligently refining the document to meet the rigorous technical standards upheld by the IETF working group. Best regards, Oliver & Daniel (authors) On Fri,

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

All, Based on the responses to this call for adoption, we declare the *SD-JWT-based Verifiable Credentials* draft adopted as a WG document. Authors, Feel free to submit a WG document at your convenience. Regards, Rifaat & Hannes On Tue, Aug 8, 2023 at 11:51 AM Paul Bastian wrote: > I

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support the adoption of SD-JWT-based Verifiable Credentials. ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption. From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Saturday, July 29, 2023 12:25 PM To: oauth Subject: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials All, This is an official call for adoption for the SD-JWT-based Verifiable Credentials draft discussed

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I'm an editor and I support adoption as well :) On Tue, Aug 1, 2023 at 8:13 AM Shigeya Suzuki wrote: > I support adoption. > > shigeya > > On Sun, Jul 30, 2023, at 04:25, Rifaat Shekh-Yusef wrote: > > All, > > This is an official call for adoption for the *SD-JWT-based Verifiable > Credentials

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption. shigeya On Sun, Jul 30, 2023, at 04:25, Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *SD-JWT-based Verifiable > Credentials *draft discussed in SF. > https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/ > > Please, reply on

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

f > > > Sent: Saturday, July 29, 2023 8:25 PM > > > To: oauth > > > Subject: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable > > > Credentials > > > > > > All, > > > > > > This is an official call for adoption for the

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption. On Sun, Jul 30, 2023, 9:15 AM Pieter Kasselman wrote: > I support adoption of this draft. > > > > *From:* OAuth *On Behalf Of *Rifaat Shekh-Yusef > *Sent:* Saturday, July 29, 2023 8:25 PM > *To:* oauth > *Subject:* [OAUTH-WG] Call for adoption -

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption of this draft. From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Saturday, July 29, 2023 8:25 PM To: oauth Subject: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials All, This is an official call for adoption for the SD-JWT-based Verifiable Credentials

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

t 9:45 AM To: Rifaat Shekh-Yusef Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption -DW > On Jul 29, 2023, at 1:25 PM, Rifaat Shekh-Yusef > wrote: > > All, > > This is an official call for adoption for the SD-JWT-based Verifiable > Credentials draft discussed in SF. > https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

+1 On Sat, Jul 29, 2023 at 12:25 Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *SD-JWT-based Verifiable > Credentials *draft discussed in SF. > https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/ > > Please, reply on the mailing list and let us

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption On Sat, Jul 29, 2023 at 12:25 PM Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *SD-JWT-based Verifiable > Credentials *draft discussed in SF. > https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/ > > Please, reply on the mailing

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption. From: OAuth on behalf of Rifaat Shekh-Yusef Sent: Saturday, July 29, 2023 12:25:16 PM To: oauth Subject: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials All, This is an official call for adoption for the SD-JWT-based

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

ConcurSkickat från min iPhone29 juli 2023 kl. 12:37 skrev Michael Prorock :I support adoption - but would request that if a group dedicated to verifiable credentials is created prior to this draft being finalized, that the group consider moving this draft to that group.Mike ProrockCTO -

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

+1 On Sat, Jul 29, 2023 at 9:26 PM Rifaat Shekh-Yusef wrote: > All, > > This is an official call for adoption for the *SD-JWT-based Verifiable > Credentials *draft discussed in SF. > https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/ > > Please, reply on the mailing list and let us

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support SD-JWT-based Verifiable Credentials Il sab 29 lug 2023, 22:16 Brian Campbell ha scritto: > +1 > > On Sat, Jul 29, 2023, 1:37 PM Michael Prorock wrote: > >> I support adoption - but would request that if a group dedicated to >> verifiable credentials is created prior to this draft

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

+1 On Sat, Jul 29, 2023, 1:37 PM Michael Prorock wrote: > I support adoption - but would request that if a group dedicated to > verifiable credentials is created prior to this draft being finalized, that > the group consider moving this draft to that group. > > Mike Prorock > CTO - mesur.io > >

Re: [OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

I support adoption - but would request that if a group dedicated to verifiable credentials is created prior to this draft being finalized, that the group consider moving this draft to that group. Mike Prorock CTO - mesur.io On Sat, Jul 29, 2023, 12:26 Rifaat Shekh-Yusef wrote: > All, > > This

[OAUTH-WG] Call for adoption - SD-JWT-based Verifiable Credentials

All, This is an official call for adoption for the *SD-JWT-based Verifiable Credentials *draft discussed in SF. https://datatracker.ietf.org/doc/draft-terbu-oauth-sd-jwt-vc/ Please, reply on the mailing list and let us know if you are in favor of adopting this draft as WG document, by *August

Re: [OAUTH-WG] Call for adoption - SD-JWT

Thank you very much, everyone, for the feedback! Really looking forward to keep working on the document. Kindest Regards, Kristina & Daniel From: OAuth On Behalf Of Jaimandeep Singh Sent: Friday, August 12, 2022 5:44 AM To: Rifaat Shekh-Yusef Cc: oauth Subject: Re: [OAUTH-WG] Call for adop

Re: [OAUTH-WG] Call for adoption - SD-JWT

Congratulations to the SD-JWT team and all the members for the hard work and patiently addressing all the concerns. Regards and Best Wishes Jaimandeep Singh On Fri, 12 Aug, 2022, 5:51 pm Rifaat Shekh-Yusef, wrote: > Based on the feedback during the IETF meeting in Philadelphia and based on >

Re: [OAUTH-WG] Call for adoption - SD-JWT

Based on the feedback during the IETF meeting in Philadelphia and based on the feedback on the mailing list, the WG has decided to adopt the SD-JWT document as a WG document. Authors, Please, feel free to submit a WG -00 version for this document at your convenience. Regards, Rifaat & Hannes

Re: [OAUTH-WG] Call for adoption - SD-JWT

As Nat and others have mentioned, JWT itself is a product of this WG. While JWT had applications in OAuth, it was developed as a more general purpose token format and has seen widespread usage. Working on a general purpose selective disclosure mechanism

Re: [OAUTH-WG] Call for adoption - SD-JWT

é : Thursday, July 28, 2022 8:16:52 PM À : oauth mailto:oauth@ietf.org>> Objet : [OAUTH-WG] Call for adoption - SD-JWT All, This is a call for adoption for the SD-JWT document https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/<https://nam06.safelinks.protection.outl

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support the adoption of SD-JWT. This is a natural and important extension to JWT which is a product of this WG and meets some of the use-cases that we left out years ago with relatively simple cryptographic techniques. On Fri, Jul 29, 2022 at 9:17 AM Rifaat Shekh-Yusef wrote: > All, > > This

Re: [OAUTH-WG] Call for adoption - SD-JWT

On Fri, Jul 29, 2022 at 2:17 AM Rifaat Shekh-Yusef wrote: > > All, > > This is a call for adoption for the SD-JWT document > https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ > > Please, provide your feedback on the mailing list by August 12th. > I support adoption.

Re: [OAUTH-WG] Call for adoption - SD-JWT

out issuer issuing usbsets of JWTs vs SD-JWT approach in a decoupled flow. https://mailarchive.ietf.org/arch/msg/oauth/_nf1_4GOefLtjMz2uvzdd0E3D_0/ From: Warren Parad Sent: Friday, August 5, 2022 1:41 PM To: Kristina Yasuda Cc: Warren Parad ; Daniel Fett ; oauth@ietf.org Subject: Re: [OAUTH-WG]

Re: [OAUTH-WG] Call for adoption - SD-JWT

So the executive summary is "JWP does solve this problem, but that work isn't close to being able to provide a solution yet" Or is it something else? On Fri, Aug 5, 2022 at 5:22 PM David Waite wrote: > I can’t speak to what group or charter the JWP work would eventually be > under, but the JWT

Re: [OAUTH-WG] Call for adoption - SD-JWT

ns that have been previously outlined in this thread. > > -- > *De :* OAuth de la part de Warren Parad 40rhosys...@dmarc.ietf.org> > *Envoyé :* vendredi, août 5, 2022 6:25 AM > *À :* Daniel Fett > *Cc :* oauth@ietf.org > *Objet :* Re: [OAUTH-WG] Ca

Re: [OAUTH-WG] Call for adoption - SD-JWT

I can’t speak to what group or charter the JWP work would eventually be under, but the JWT specification is one of several examples of a specification that heavily leveraged the JOSE work but which was started here at OAUTH, outside of the (at the time active) JOSE WG. Without perusing old

Re: [OAUTH-WG] Call for adoption - SD-JWT

previously outlined in this thread. De : OAuth de la part de Warren Parad Envoyé : vendredi, août 5, 2022 6:25 AM À : Daniel Fett Cc : oauth@ietf.org Objet : Re: [OAUTH-WG] Call for adoption - SD-JWT It's clear that good thought has been put into the core of it, more so

Re: [OAUTH-WG] Call for adoption - SD-JWT

It's clear that good thought has been put into the core of it, more so than other drafts submitted, but not yet feature complete. For example there is no sense of how the private/public key exchange actually happens. In *holder binding *scenario, it isn't detailed how to actually include the

Re: [OAUTH-WG] Call for adoption - SD-JWT

It's not that the people I have spoken to didn't like the idea of SD-JWT. It's just on a different layer than JWPs, using a different approach, different crypto, providing different features, and on a different timeline. There's no compelling reason to have both in the same WG. There are

Re: [OAUTH-WG] Call for adoption - SD-JWT

Maybe they have a good reason for not wanting it, and then we shouldn't be the WG that backdoor's it in. Also: "other people have already implemented it" is a cognitive fallacy, so let's not use that as a justification we have to make the standard. We should get a concrete reason why a WG that

Re: [OAUTH-WG] Call for adoption - SD-JWT

Am 05.08.22 um 10:22 schrieb Warren Parad: > and nobody involved in the JWP effort thinks that SD-JWT should be in that WG once created Why? For the reasons listed, I guess? Also, mind the "As far as I am aware" part, but I don't remember any discussions in that direction at IETF114.

Re: [OAUTH-WG] Call for adoption - SD-JWT

l of this decoupling is to avoid “issuer call home”, >>>>>> where the user can send a user credential directly to the RP, without RP >>>>>> needing to contact the Issuer directly. So the motivations are not >>>>>> limited &

Re: [OAUTH-WG] Call for adoption - SD-JWT

*Subject:* [OAUTH-WG] Call for adoption - SD-JWT All, This is a call for adoption for the *SD-JWT*document https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclos

Re: [OAUTH-WG] Call for adoption - SD-JWT

t;>> encouraged by the national cybersecurity agencies. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Regarding an approach where issuer issues multiple JWTs of a same type >>>>> but with different subset of claims, it

Re: [OAUTH-WG] Call for adoption - SD-JWT

Answers inline below On 03/08/2022 14:57, Torsten Lodderstedt wrote: Am 02.08.2022 um 19:30 schrieb David Chadwick :  Hi Torsten your use case

Re: [OAUTH-WG] Call for adoption - SD-JWT

t;>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Driver’s Licence just happens to be an example familiar to many, and >>>>>>>>>> there is no reason

Re: [OAUTH-WG] Call for adoption - SD-JWT

Cc: oauth <oauth@ietf.org> Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT    

Re: [OAUTH-WG] Call for adoption - SD-JWT

gt; So even if you issued a separate JWT for each field, that’s only 5 JWTs. > Why is that not practical? > > — Neil > > > > That's why I support adoption. > > > > -- Mike > > > > *From:* OAuth *On Behalf Of * Neil Madden > *Sent

Re: [OAUTH-WG] Call for adoption - SD-JWT

that not practical? — Neil > > That's why I support adoption. > >-- Mike > > From: OAuth On Behalf Of Neil Madden > Sent: Tuesday, August 2, 2022 2:16 AM > To: Kristina Yasuda > Cc: oauth > Subject: Re:

Re: [OAUTH-WG] Call for adoption - SD-JWT

22 2:16 AM To: Kristina Yasuda Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT On 2 Aug 2022, at 03:20, Kristina Yasuda mailto:Kristina.Yasuda=40microsoft@dmarc.ietf.org>> wrote: I support adoption. To add some color. One of the use-cases is a flow where issuance of a

Re: [OAUTH-WG] Call for adoption - SD-JWT

oauth <oauth@ietf.org> Subject: [OAUTH-WG] Call for adopti

Re: [OAUTH-WG] Call for adoption - SD-JWT

On Behalf Of Warren Parad Sent: Tuesday, August 2, 2022 7:56 AM To: David Chadwick Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT   In the case we do that, this spec doesn't

Re: [OAUTH-WG] Call for adoption - SD-JWT

On 02/08/2022 12:56, Warren Parad wrote: In the case we do that, this spec doesn't add value, right? Only if the user subsequently wants to use the VC offline and only disclose part of it. Then there is value in having a

Re: [OAUTH-WG] Call for adoption - SD-JWT

adwick Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT In the case we do that, this spec doesn't add value, right? On Tue, Aug 2, 2022, 13:39 David Chadwick mailto:d.w.chadw...@verifiablecredentials.info>> wrote: Hi Warren I am speaking about the verifiable credential issui

Re: [OAUTH-WG] Call for adoption - SD-JWT

In the case we do that, this spec doesn't add value, right? On Tue, Aug 2, 2022, 13:39 David Chadwick < d.w.chadw...@verifiablecredentials.info> wrote: > Hi Warren > > I am speaking about the verifiable credential issuing process where the > user/wallet is the client and the credential issuing

Re: [OAUTH-WG] Call for adoption - SD-JWT

Hi Warren I am speaking about the verifiable credential issuing process where the user/wallet is the client and the credential issuing system is the authoriser and operates the AS and RS. (This is the model describes in the OIDC4VCI spec.) So the AS issues

Re: [OAUTH-WG] Call for adoption - SD-JWT

On Tue, 2022-08-02 at 12:02 +0200, Torsten Lodderstedt wrote: > > > > Am 02.08.2022 um 11:44 schrieb David Chadwick > > : > > > >   > > > > On 01/08/2022 18:39, Warren Parad wrote: > >   > > > So the question is how many offline interactions are there, and > > > what do those look like? > >

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support adoption From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Friday, July 29, 2022 1:17 AM To: oauth Subject: [OAUTH-WG] Call for adoption - SD-JWT All, This is a call for adoption for the SD-JWT document https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt

Re: [OAUTH-WG] Call for adoption - SD-JWT

> Am 02.08.2022 um 11:44 schrieb David Chadwick > : > > > > On 01/08/2022 18:39, Warren Parad wrote: >> So the question is how many offline interactions are there, and what do >> those look like? > This to me is the key question. If the vast majority of transactions between > the

Re: [OAUTH-WG] Call for adoption - SD-JWT

t; try to provide RP-U unlinkability (RPs cannot collude to track the user). >>>>> The simplest way to achieve unlinkability with JWTs without using advanced >>>>> cryptography is to issue multiple credentials of the same type but with >>>>> varying u

Re: [OAUTH-WG] Call for adoption - SD-JWT

iers per RP. Now there >>>> are multiple copies of each JWT with subset of claims of the same type. >>>> This greatly complicates presentation of these credentials too – since >>>> credentials are of the same type, now wallet needs to manage the >>>&g

Re: [OAUTH-WG] Call for adoption - SD-JWT

On 01/08/2022 18:39, Warren Parad wrote: So the question is how many offline interactions are there, and what do those look like? This to me is the key question. If the vast majority of transactions between the user/wallet and the RP are

Re: [OAUTH-WG] Call for adoption - SD-JWT

> On 2 Aug 2022, at 03:20, Kristina Yasuda > wrote: > > I support adoption. > > To add some color. > > One of the use-cases is a flow where issuance of a user credential > (collection of user claims) is decoupled from presentation (where both > issuance and presentation of a user

Re: [OAUTH-WG] Call for adoption - SD-JWT

dentials too – since >>>> credentials are of the same type, now wallet needs to manage the >>>> combination of a subset of claims + pairwise identifier… >>>> >>>> >>>> >>>> What if the implementation also wants predicates p

Re: [OAUTH-WG] Call for adoption - SD-JWT

rs per RP. Now there are multiple copies of each JWT >>>>>> with subset of claims of the same type. This greatly complicates >>>>>> presentation of these credentials too – since credentials are of the >>>>>> same type, now wal

Re: [OAUTH-WG] Call for adoption - SD-JWT

rs to issue multiple age_over_xx booleans so that an appropriate one >>> can be selectively disclosed to the RP. How many “JWTs with subset of >>> claims” does the issuer needs to issue to account for all possible age >>> requirements? Note that it’s not just age_over_21 to start ga

Re: [OAUTH-WG] Call for adoption - SD-JWT

e simplest >>>> way to do predicates with JWTs without using advanced cryptography is to >>>> have issuers to issue multiple age_over_xx booleans so that an appropriate >>>> one can be selectively disclosed to the RP. How many “JWTs with subset of >>&

Re: [OAUTH-WG] Call for adoption - SD-JWT

cryptography is to >>>> have issuers to issue multiple age_over_xx booleans so that an appropriate >>>> one can be selectively disclosed to the RP. How many “JWTs with subset of >>>> claims” does the issuer needs to issue to account for all possible age &

Re: [OAUTH-WG] Call for adoption - SD-JWT

s" approach could be taken >> in some implementations, but it should not prevent a simpler, extensible >> alternative of SD-JWT. >> >> >> >> >> >> Finally, as Giuseppe pointed out, an option to blind claim names is on >> the table. As discussed

Re: [OAUTH-WG] Call for adoption - SD-JWT

nwieldy, to say the >> least. "A conventional JWT with a subset of claims" approach could be taken >> in some implementations, but it should not prevent a simpler, extensible >> alternative of SD-JWT. >> >> >> >> >> >> Fin

Re: [OAUTH-WG] Call for adoption - SD-JWT

inted out, an option to blind claim names is on the > table. As discussed on this list previously, we should analyze privacy > properties of the mechanism and decide if we want to mandate it – which can > be discussed after the adoption. > > > > Best, > > Kristina >

Re: [OAUTH-WG] Call for adoption - SD-JWT

ssed after the adoption. Best, Kristina From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Thursday, July 28, 2022 8:17 PM To: oauth Subject: [OAUTH-WG] Call for adoption - SD-JWT All, This is a call for adoption for the SD-JWT document https://datatracker.ietf.org/doc/draft-fett-oauth-s

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support adoption of this draft as a WG document. On Thu, Jul 28, 2022 at 5:17 PM Rifaat Shekh-Yusef wrote: > *This message originated outside your organization.* > > -- > > All, > > This is a call for adoption for the *SD-JWT* document >

Re: [OAUTH-WG] Call for adoption - SD-JWT

And in the situation they did, we would just use the existing scopes and let the user approve the selected list. RS requests, AS redirects the user, the user approves. (RS => AS => User) The draft isn't trying to prevent needing to do that, it's trying to change the order of the flow, first the

Re: [OAUTH-WG] Call for adoption - SD-JWT

> On 1 Aug 2022, at 17:34, Aaron Parecki > wrote: > David, > > Creating "A conventional JWT with a subset of claims" is exactly the thing > this draft sets out to prevent needing to do. The problem with that approach > is the AS would have to create a new JWT with only the claims needed for

Re: [OAUTH-WG] Call for adoption - SD-JWT

Hey David, would you be able to go back and reread what you wrote? I'm trying to parse it and it seems what you are calling different things don't align to the common understanding of what AS/RS/client mean. For instance: - the user, not the AS, authorizes a client to attain credentials -

Re: [OAUTH-WG] Call for adoption - SD-JWT

Hi Aaron I think we have different mental models for this. In my opinion, if the AS authorises the client to obtain a complete credential with all the properties, then the client should be able to ask the RS for a set of subsets of the credential, since the client

Re: [OAUTH-WG] Call for adoption - SD-JWT

David, Creating "A conventional JWT with a subset of claims" is exactly the thing this draft sets out to prevent needing to do. The problem with that approach is the AS would have to create a new JWT with only the claims needed for the particular presentation, so the AS would need to be both

Re: [OAUTH-WG] Call for adoption - SD-JWT

thanks Guiseppe. Glad to hear that blinding claim names is now on the cards. This does not answer the question about why conventional JWTs with a subset of the claims cannot also be used Kind regards David On 01/08/2022 17:04, Giuseppe De Marco

Re: [OAUTH-WG] Call for adoption - SD-JWT

Hi David, This issue was already raised. Below the proposal for both draft and python code https://github.com/oauthstuff/draft-selective-disclosure-jwt/pull/124 Regarding the privacy I'd like to have a combined presentation format that makes the PID/QEAA (VC) untraceable (jwe, with variable iat

Re: [OAUTH-WG] Call for adoption - SD-JWT

I would like to add a few further points. The age-over property is more complex than your example, because a driving license only contains the date of birth. The issuing authority decides which age-over properties to statically provide in the mDL and the ISO

Re: [OAUTH-WG] Call for adoption - SD-JWT

> > This is done because network availability and privacy concerns may > separate the act of acquiring the SD-JWT of a license from the issuing > authority, and presenting it (such as days later during a traffic stop on a > mountain road). I think we keep pointing to "offline drivers license" as

Re: [OAUTH-WG] Call for adoption - SD-JWT

On 01/08/2022 11:55, Neil Madden wrote: I agree with many of these points that Jaimandeep Singh raises.  It would be good to know exactly what the intended use-cases within OAuth are. In particular, in OAuth it’s

Re: [OAUTH-WG] Call for adoption - SD-JWT

I agree with many of these points that Jaimandeep Singh raises. It would be good to know exactly what the intended use-cases within OAuth are. In particular, in OAuth it’s normally the case that the client is relatively untrusted and a privacy goal is to avoid revealing information/PII to the

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support adoption. Joseph Heenan > On 29 Jul 2022, at 01:16, Rifaat Shekh-Yusef wrote: > > All, > > This is a call for adoption for the SD-JWT document > https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ >

Re: [OAUTH-WG] Call for adoption - SD-JWT

+1, we are planning to implement this in Rust for public sector use cases. On Thu, Jul 28, 2022 at 8:17 PM Rifaat Shekh-Yusef wrote: > All, > > This is a call for adoption for the *SD-JWT* document > https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ > > Please, provide

Re: [OAUTH-WG] Call for adoption - SD-JWT

With its salted/hashed approach SD-JWT rapresents the solution that allows the selective disclosure of the claim values in a JWT, it's a concrete alternative to ISO 18013-5 (mDoc) and also proposes a very interesting integration with JWT-VC (vc-data-model 1.1). Considering that in eIDAS 2 we

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support adoption. From: OAuth On Behalf Of Daniel Fett Sent: Friday, July 29, 2022 8:32 AM To: oauth@ietf.org Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT You don't often get email from mail=40danielfett...@dmarc.ietf.org<mailto:mail=40danielfett...@dmarc.ietf.org>. Lea

Re: [OAUTH-WG] Call for adoption - SD-JWT

> On Jul 29, 2022, at 5:35 AM, Warren Parad > wrote: > > I too do not support adoption. > > Something is "off" for me, I don't quite get the expectation on the secure > flow, in this draft, doesn't the issuer have to know the claims that could be > requested up front? If the goal is to not

Re: [OAUTH-WG] Call for adoption - SD-JWT

+1 On Fri, 2022-07-29 at 16:23 +0200, Leif Johansson wrote: > > I support the adoption of draft-fett-oauth-selective-disclosure-jwt > as a wg document > > On 2022-07-29 02:16, Rifaat Shekh-Yusef wrote: > > All, > > > > This is a call for adoption for the *SD-JWT* document > >

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support the adoption of draft-fett-oauth-selective-disclosure-jwt as a wg document On 2022-07-29 02:16, Rifaat Shekh-Yusef wrote: All, This is a call for adoption for the *SD-JWT* document https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/

Re: [OAUTH-WG] Call for adoption - SD-JWT

+1 fre. 29. jul. 2022 kl. 14:32 skrev Daniel Fett : > +1 for obvious reasons. > > > Am 28. Juli 2022 21:12:49 GMT-04:00 schrieb Brian Campbell 40pingidentity@dmarc.ietf.org>: >> >> I support adoption. >> >> On Thu, Jul 28, 2022, 8:17 PM Rifaat Shekh-Yusef >> wrote: >> >>> All, >>> >>> This

Re: [OAUTH-WG] Call for adoption - SD-JWT

+1 for obvious reasons. Am 28. Juli 2022 21:12:49 GMT-04:00 schrieb Brian Campbell : >I support adoption. > >On Thu, Jul 28, 2022, 8:17 PM Rifaat Shekh-Yusef >wrote: > >> All, >> >> This is a call for adoption for the *SD-JWT* document >>

Re: [OAUTH-WG] Call for adoption - SD-JWT

+1 > Am 29.07.2022 um 03:13 schrieb Brian Campbell > : > >  > I support adoption. > >> On Thu, Jul 28, 2022, 8:17 PM Rifaat Shekh-Yusef >> wrote: >> All, >> >> This is a call for adoption for the SD-JWT document >> https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/

Re: [OAUTH-WG] Call for adoption - SD-JWT

I too do not support adoption. Something is "off" for me, I don't quite get the expectation on the secure flow, in this draft, doesn't the issuer have to know the claims that could be requested up front? If the goal is to not have the issuer contain any of this data, but let the holder "add in

Re: [OAUTH-WG] Call for adoption - SD-JWT

Dear All, 1. At the outset I must compliment Daniel Fett and Kristina Yasudafor and all the contributors for the wonderful work done on SD-JWT. 2. However, in my opinion there is no clear motivation for using SD-JWT in the present oAuth 2.0/2.1 ecosystem. We already have JWS and JWE which more or

Re: [OAUTH-WG] Call for adoption - SD-JWT

I support adoption. On Thu, Jul 28, 2022, 8:17 PM Rifaat Shekh-Yusef wrote: > All, > > This is a call for adoption for the *SD-JWT* document > https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ > > Please, provide your feedback on the mailing list by *August 12th*. > >

Re: [OAUTH-WG] Call for adoption - SD-JWT

+1 On Thu, Jul 28, 2022 at 5:17 PM Rifaat Shekh-Yusef wrote: > All, > > This is a call for adoption for the *SD-JWT* document > https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ > > Please, provide your feedback on the mailing list by *August 12th*. > > Regards, >

[OAUTH-WG] Call for adoption - SD-JWT

All, This is a call for adoption for the *SD-JWT* document https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ Please, provide your feedback on the mailing list by *August 12th*. Regards, Rifaat & Hannes ___ OAuth mailing list