[OAUTH-WG] Fwd: [media-types] Last tracker issue for mediaman-suffixes
Orie Steele <orie@transmute.industries> Mon, 19 February 2024 19:41 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00076C14F6F4 for <oauth@ietfa.amsl.com>; Mon, 19 Feb 2024 11:41:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cz20pkTsJMyj for <oauth@ietfa.amsl.com>; Mon, 19 Feb 2024 11:41:17 -0800 (PST)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AFC4C14F747 for <oauth@ietf.org>; Mon, 19 Feb 2024 11:41:17 -0800 (PST)
Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-2998950e951so762969a91.2 for <oauth@ietf.org>; Mon, 19 Feb 2024 11:41:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1708371676; x=1708976476; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TNqRW7njhi7To4T7eVxJOKI+IETWgl7bn4l3Em/pNZo=; b=VVr/w/hH1UGjEVth/u9SQF4xaDchsLWfTKrOQZa/Y0UJwhtljf89RQl1v61rYnylQm 6cGRjY025iNrlBo3aPVtkdm5mYb8f0V87TvVJAU/xdclDnMKfzU7Z6K8GGffJ9Tof63o hPzpbupwUMbXax6kpetU8v5eN1hbHNr9d7tayFp4JpcoOrjEgyUXlddA7efexGE6sjH2 rcoSRdUWZeplNtOtxNjP+ow6jYsc2IFfyfgJmfiYuScjfWWfsqb+OLJhlkC06Ygt/0gZ fMqIfygMFKJsF5DFAccbMb222v1oFRANNZAEh6NA6e/Z2QLDASFl+BuZFOBsQ8rxSSL8 fNFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708371676; x=1708976476; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TNqRW7njhi7To4T7eVxJOKI+IETWgl7bn4l3Em/pNZo=; b=COHkHhNUf/eAn0Kmhj9gFI5xWolz+OMGWcuNef2lp5E2mx1p4sv8v52IC2g9uMcTqq 3pn4sLtY8V2nhzWDo9gGMn71U2/ztG0SClg6oPiz1wum2u2nvS8iYn/TeNowj2WaLWWl AZa4WEw7Pqqp8cM/MxV/ac+1xfc69ldHpBAuju3UfGyeikqMi5j78RDmBn68+n41kuzr bmx7mjcqrFPbANgfi0Ec/WQbk3c3BEa0b7PbrZnmUDNlX0erB87vSnCyXIDGZTbAJ9T9 5wEOXT9o2MSf2viEK32g6LmZfOJThWMPASqnUB+r4ZeBMIXPlZ14NvKiG91zZLvRQ5Mo emvw==
X-Gm-Message-State: AOJu0YwYWj6iGX0UQGOFbAqdk3yCRbYFoULnb2F/vGlmLOvFIfHvVMjm xFfxu6qcxXCo4UhvDNT3kr35VpeSD0ejhV8bHpCAveDOeJBsLlT2M13toBzeDyBRRXeDfdUPXcF q2cR0L/97GZ8/of86poUJNsaozj0rKGRXq5UvkcrxsgA3Q8dnHmc=
X-Google-Smtp-Source: AGHT+IFVpgFlRTY4Ajz40MZs6bQ6x50migdrnbmro0N1Cb8/fjdD56p95a9tRMK1qGMjcfDF1Lj77chXUM68MnKAeHE=
X-Received: by 2002:a17:90b:351:b0:299:14c9:94f0 with SMTP id fh17-20020a17090b035100b0029914c994f0mr9371707pjb.11.1708371676258; Mon, 19 Feb 2024 11:41:16 -0800 (PST)
MIME-Version: 1.0
References: <CAMBN2CQbfAW2pmmxZZgbBOTUzY+TdYe5S8ve5cX_R30PXZJ=+w@mail.gmail.com>
In-Reply-To: <CAMBN2CQbfAW2pmmxZZgbBOTUzY+TdYe5S8ve5cX_R30PXZJ=+w@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 19 Feb 2024 13:41:05 -0600
Message-ID: <CAN8C-_JGre8jtAenDCrV7JSwJWPhf9K7K6HiC4_cX6E+YLru+Q@mail.gmail.com>
To: oauth <oauth@ietf.org>, cose <cose@ietf.org>, JOSE WG <jose@ietf.org>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Carsten Bormann <cabo@tzi.org>, Michael Jones <michael_b_jones@hotmail.com>, Darrel Miller <darrel@tavis.ca>, Mark Nottingham <mnot@mnot.net>
Content-Type: multipart/alternative; boundary="000000000000e87a3a0611c1461e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/2PsQ9iZI2rOhuv9GXVcmAK1rpyA>
Subject: [OAUTH-WG] Fwd: [media-types] Last tracker issue for mediaman-suffixes
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2024 19:41:22 -0000
See the following PR related to registrations of media types that rely on multiple structured suffixes, for example: application/foo+bar+cose would require `+bar+cose` , `+cose` application/foo+bar+jwt would require `+bar+jwt`, `+bar+jwt` application/foo+bar+sd-jwt would require `+bar+sd-jwt`, `+sd-jwt` Manu, please make sure I translated the text from the PR to examples meaningful to the JOSE, COSE and OAuth working groups. If you feel this message should be reviewed by other lists, for example: - https://openid.net/wg/digital-credentials-protocols/ - https://www.w3.org/community/wicg/ Please forward a link along to them. For context, the intention of the W3C VCWG appears to be to register a lot of media types relying on structured suffixes: For example: application/vc+ld+json - https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240218/#iana-considerations application/vp+ld+json - https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240218/#iana-considerations application/vc+ld+json+jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vp+ld+json+jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vc+ld+json+sd-jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vp+ld+json+sd-jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vc+ld+json+cose - https://w3c.github.io/vc-jose-cose/#media-types application/vp+ld+json+cose - https://w3c.github.io/vc-jose-cose/#media-types +jwt is already registered https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml ( https://www.rfc-editor.org/rfc/rfc8417.html#section-7.2 ) +ld+json is requested to be registered in https://w3c.github.io/json-ld-syntax/#structured-extension-ld-json (an W3C Editors draft) +sd-jwt is requested to be registered in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-07#name-structured-syntax-suffix-re (not yet an RFC) +cose is requested to be registered in https://datatracker.ietf.org/doc/html/draft-ietf-anima-constrained-voucher#section-16.5 (not yet an RFC) My understanding of the proposed PR text would be that there is no need to register additional structured suffixes to support the intention of the W3C VCWG, because: All the suffixes mentioned above are either already registered (+jwt), or in the process of being registered (+ld+json, +sd-jwt, +cose). After all the suffixes have been registered, it will then be possible to request registrations of subtypes that rely on them, namely: application/vc+... application/vp+... We may also see additional structured syntax suffixes registered for other security formats in the future, for example: application/cesr might register +cesr - https://mailarchive.ietf.org/arch/msg/i-d-announce/FvL1rLC1SCyTBRnu92At9Wncd2Y/ <https://mailarchive.ietf.org/arch/msg/i-d-announce/FvL1rLC1SCyTBRnu92At9Wncd2Y/> - https://www.iana.org/assignments/provisional-standard-media-types/provisional-standard-media-types.xhtml#Samuel_M._Smith I can imagine perhaps `+mdoc` in the future, or perhaps mdoc might use `+cose` since AFAIK, mdocs are cose-sign1 based credentials. I'd like to see the suffixes draft make it to WGLC (with more reviews), and appreciate Manu sending this email out in order to gather feedback with sufficient time to address it before 119. Regards, OS ---------- Forwarded message --------- From: Manu Sporny <msporny@digitalbazaar.com> Date: Mon, Feb 19, 2024 at 12:44 PM Subject: [media-types] Last tracker issue for mediaman-suffixes To: IETF Media Types <media-types@ietf.org> The only item of concern that was raised during the last IETF was the notion that one wouldn't have to register "intermediate" suffixes[1]. The PR above corrects that by implementing what I believe many of the people in the room (and on the tracker) were arguing for, including Alexi and Darrel: https://github.com/ietf-wg-mediaman/suffixes/pull/21 That is the last PR for the last tracker issue for the mediaman-suffixes draft. Speaking as an Editor, I think we're done here with all of the items that we can get consensus on (we'll see if others disagree). Once I have enough reviews on the PR above (end of week, probably), I'll cut a new version of the draft and send it out for review (next weekend, probably) before the next IETF. -- manu [1]https://github.com/ietf-wg-mediaman/suffixes/issues/20 -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/ _______________________________________________ media-types mailing list media-types@ietf.org https://www.ietf.org/mailman/listinfo/media-types -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [OAUTH-WG] Fwd: [media-types] Last tracker issue … Orie Steele
- [OAUTH-WG] Fwd: [media-types] Last tracker issue … Orie Steele
- Re: [OAUTH-WG] [media-types] Last tracker issue f… Carsten Bormann