[OAUTH-WG] Re: [media-types] Re: Request for registering media types and structured suffixes defined by W3C VCWG candidate recommendations

Brian Campbell <bcampbell@pingidentity.com> Thu, 20 June 2024 20:19 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63B53C151536 for <oauth@ietfa.amsl.com>; Thu, 20 Jun 2024 13:19:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApDQyiDUyHur for <oauth@ietfa.amsl.com>; Thu, 20 Jun 2024 13:18:58 -0700 (PDT)
Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FCE5C151072 for <oauth@ietf.org>; Thu, 20 Jun 2024 13:18:58 -0700 (PDT)
Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-710437d0affso1016829a12.3 for <oauth@ietf.org>; Thu, 20 Jun 2024 13:18:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1718914737; x=1719519537; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YegzBRTPQi2t42eZV7KOaMY3IjC6Krnp5aBU2gVwVVc=; b=CnN98oBI2vzJbCOLgBsLKvQx9JWQoAMGZDR1rkuz9wTNjdHfVsYt57r/zQkQagm7C3 r0KfSTZVH2TEr2GCPHAMEY6PoRBBqBR4wgzPBLYKZMm+e4masrsGZ7vTYf0pKuDLyYqC bU9Lgj1pTaua94L6DLsf8A0CBjizJWdu+UpWbepKMFoUMlbZHk7cAzhJnUxeL5AymXCh AzvvmSt+5qxBH/2rge6Dxh48drBCbvqYfOiVeWyR4x7bFY2l7yOmQsQniy68Xn1MViXz fEjFsRvoS2cZNI1VnZjYQ+0HwNUg2XhH94KKfprDjBH930PfkEnCkxYXij0S89Hg7wqA bS7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718914737; x=1719519537; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YegzBRTPQi2t42eZV7KOaMY3IjC6Krnp5aBU2gVwVVc=; b=k8Oa03cSAbTb1NNAOFSQ2iNgMxDeh1I8lVLeBTvhB6p9X9m3rcSre2eghiRD2vauIS P5MvsmvCQHei7TbKH1B+2zAp0U5fYeKJzKnLf1W0MlzXYnOdYBM5u6XOeR0A2T+zVdiF 9kbvvOtUQkPbNYq+ZTwhYl7XEzvsEPjAZ+rAE50KMHIJKgasENVJozGknQw3gWQP2/Fu kf/kKv3VyNjhGmAox9ceZboY2KsCSj8goQoF1ZA3HEOVYlUVChIgqWEZyk1ZRW40hoOG 4gsWRBK6/VQ8QX19Uo+M05zKlUThDA5sr7QcGZy26N2RqGT8fHpUaawx/p/LkOE2tL6/ TpjA==
X-Forwarded-Encrypted: i=1; AJvYcCWc0aBIyBoQJ70xKLT3db0yKo6l7biV1UQyaY2Q8s7c4GRtPteKSuzuGTMRvBk4jPC4mCmJK7Lo+nClbJVOcg==
X-Gm-Message-State: AOJu0Yy/TSw62/m+ay2iWfkhP+siWfsFtATsGT94hk9FdpZaM3nWoczy 8jjEAjbJ7j9D9h0zQ/pr6blg5zYpkz2BlD14hGbvm2pCa04i5g9TZ/rjPsyR8wVFSVwvbgVia8T IKtQlO9iFruw99k4ug0I5jjYigvVnntv9B4O4MCtzc9WkPwUSZc9ot5JBtEd/AKxF+U5ulGCQ5z OcvxAT6N9S/pUg1MfV+vPZ
X-Google-Smtp-Source: AGHT+IFiPMtdOV5YC8L3HIJCYYov1Tj+YW09iDd0ViWDLZqmr3CQYEu/gY4W+cCyaCpk0tj7KSFCFaSDUX4RTuVjr90=
X-Received: by 2002:a17:90a:df07:b0:2c1:ebc4:4f1f with SMTP id 98e67ed59e1d1-2c7b5d56b91mr6171355a91.33.1718914737054; Thu, 20 Jun 2024 13:18:57 -0700 (PDT)
MIME-Version: 1.0
References: <SJ0PR02MB743933344852DB3E08A49C5EB71F2@SJ0PR02MB7439.namprd02.prod.outlook.com> <dcb35328-3d4c-4a13-8c8c-7e86e417d14e@it.aoyama.ac.jp> <CAOGO=oETa_m81MCJRhOrPVP+fJEAiwG7CrVrMNMkwZdRSJNzVw@mail.gmail.com> <CAMBN2CRKo4=Ece_iMJ8qqdvtC4mamhv_fF4DW5RDw+2ufLG54A@mail.gmail.com> <8ea60c19-cf68-013e-1d9b-3d33666bf1a6@isode.com> <CAMBN2CTdxb2rSvoR8Lxv-owM3y=DAoKYV=2njXv_UC4wWW_Y=w@mail.gmail.com> <CAN8C-_Ksava=qZb3ZG2Ri=Mczf-5DrkkWg37O1StfCnhTfStpw@mail.gmail.com>
In-Reply-To: <CAN8C-_Ksava=qZb3ZG2Ri=Mczf-5DrkkWg37O1StfCnhTfStpw@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 20 Jun 2024 14:18:30 -0600
Message-ID: <CA+k3eCS+zB5Ax4DDL_qjCdbzTrVrghgzXsFQa2DrPr6EoCnQuA@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Content-Type: multipart/alternative; boundary="0000000000004daece061b5806c9"
Message-ID-Hash: OK3UC7VOF2ZOX3ZKWTL6DM7ME6PJIY6R
X-Message-ID-Hash: OK3UC7VOF2ZOX3ZKWTL6DM7ME6PJIY6R
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "media-types@iana.org" <media-types@iana.org>, oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: [media-types] Re: Request for registering media types and structured suffixes defined by W3C VCWG candidate recommendations
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/9sr5v9XfwMIIapa_XlJ6v4YE-RY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Thanks for pointing out the potential dependencies and collisions on the
horizon. As a co-author on a couple of the documents mentioned and a
general media type novice, I have a couple of observations and questions.

The
https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
document does plan to request registration of a "+sd-jwt" structured syntax
suffix. I believe (hope is perhaps a better word) that the draft is nearing
WGLC and it could all happen this year.

The https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/ document,
which builds on the aforementioned document, plans on requesting
registration of an "application/vc+sd-jwt" media type. That draft is less
mature overall and not expected to be "finished" anytime soon. However, the
"application/vc+sd-jwt" media type is already being used in implementations
as well as downstream specifications and profiles.

Would it be useful in avoidance of dependencies to request early or
provisional registration of that structured syntax suffix and media type?
Please forgive my ignorance of the process but is early or provisional
registration even possible?


On Mon, Jun 10, 2024 at 10:58 AM Orie Steele <orie@transmute.industries>
wrote:

> [ as an individual ]
>
> +sd-jwt is requested to be registered in this document:
>
>
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-08#name-structured-syntax-suffix-re
>
> +cwt is requested to registered in this document:
>
>
> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-media-type-07#name-cwt-structured-syntax-suffi
>
> Both drafts are still work in progress, but for the W3C Verifiable
> Credentials use case, only +sd-jwt might be relevant, since +cwt is for
> claimsets that are CBOR maps where the map keys come from
> https://www.iana.org/assignments/cwt/cwt.xhtml
>
> Based on the comments I've seen here, I would expect to see requests for
> the following:
>
> application/vc
> application/vc+jwt
> application/vc+cose
> application/vc+sd-jwt (depends on the draft above)
>
> application/vp
> application/vp+jwt
> application/vp+cose
> application/vp+sd-jwt (depends on the draft above)
>
> Perhaps it is worth asking now if application/vc+sd-jwt will be rejected,
> since it is currently already being requested here:
>
>
> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-03#name-application-vcsd-jwt
>
> Including OAuth for awareness.
>
> Regards,
>
> OS
>
>
>
> On Mon, Jun 10, 2024 at 10:33 AM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
>> On Mon, Jun 10, 2024 at 10:22 AM Alexey Melnikov
>> <alexey.melnikov@isode.com> wrote:
>> > Yes, I can confirm that the registration is currently denied due to
>> > unclear rules about multiple structured suffixes, as well as lack of any
>> > conlusion on how to proceed on the mailing list.
>>
>> Thank you, Alexey, much appreciated, that helps the VCWG move forward.
>>
>> We'll update our specs and send in another set of registrations that
>> will fall more in line w/ the current accepted practices at IANA.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> https://www.digitalbazaar.com/
>>
>> _______________________________________________
>> media-types mailing list -- media-types@ietf.org
>> To unsubscribe send an email to media-types-leave@ietf.org
>>
>
>
> --
>
>
> ORIE STEELE
> Chief Technology Officer
> www.transmute.industries
>
> <https://transmute.industries>
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._