[OAUTH-WG] Re: WGLC for SD-JWT
Denis <denis.ietf@free.fr> Fri, 20 September 2024 19:38 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72322C14F5E6 for <oauth@ietfa.amsl.com>; Fri, 20 Sep 2024 12:38:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8liKwNwll65j for <oauth@ietfa.amsl.com>; Fri, 20 Sep 2024 12:38:19 -0700 (PDT)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [212.27.42.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30F2EC14E515 for <oauth@ietf.org>; Fri, 20 Sep 2024 12:38:19 -0700 (PDT)
Received: from [192.168.1.11] (unknown [90.91.46.145]) (Authenticated sender: pinkas@free.fr) by smtp6-g21.free.fr (Postfix) with ESMTPSA id E4BC7780375; Fri, 20 Sep 2024 21:38:16 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------vwZjGe2g81WhyYgm09RsfU90"
Message-ID: <74b9d59d-da77-4b5c-81bd-21ab41622c9d@free.fr>
Date: Fri, 20 Sep 2024 21:38:18 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Denis <denis.ietf@free.fr>
To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, oauth <oauth@ietf.org>
References: <CADNypP_BESkJTXfuv=G9HnLcGwhpSYRggYDZxzaq6-6AaARh0w@mail.gmail.com> <6f822e18-bd1c-47ba-8237-a7ede4a59e45@free.fr>
Content-Language: en-GB
In-Reply-To: <6f822e18-bd1c-47ba-8237-a7ede4a59e45@free.fr>
Message-ID-Hash: 3UAWJAUROPKFLEBNWKXSL5KRFE6BIWS5
X-Message-ID-Hash: 3UAWJAUROPKFLEBNWKXSL5KRFE6BIWS5
X-MailFrom: denis.ietf@free.fr
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/EYlDtN8gg1--tsZ-AWolMjw4jAk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
*About disclosures for Array Elements versus disclosures of name/value pair* 1) The draft of Annex - Ares(2024)5786783 "laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards person identification data and electronic attestations of attributes issued to European Digital Identity Wallets" identifies on page 1 in Table 1: Mandatory attributes, the following attribute: *Attribute identifier* *Definition* *Presence* *Encoding format* nationality One or more Alpha-2 country codes as specified in ISO 3166-1, representing the nationality of the person identification data user. Mandatory tstr Section 5.2.6 from draft-ietf-oauth-selective-disclosure-jwt-12 (Recursive Disclosures) describes an example which is much better than the current**Mandatory attribute "nationality" described in the draft of Annex - Ares(2024)5786783. *When the *End-User* has multiple nationalities, the issuer may wish to conceal the presence of any statement regarding nationalities while also allowing the holder to reveal each of those nationalities individually.This can be accomplished by first making the entries within the "nationalities" array selectively disclosable, and then making the whole "nationalities" field selectively disclosable. * The structure from section 5.26 should be recommended as a replacement. Maybe such a recommendation has already been done to the EC. If it is not the case, this should be done. 2) In the same way, the draft of Annex - Ares(2024)5786783 "laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards person identification data and electronic attestations of attributes issued to European Digital Identity Wallets" identifies on page 3 in Table 2: Optional attributes, the following two attributes: Attribute identifier Definition Presence Encoding format age_over_18 Confirming whether the person identification data user is currently an adult (true) or a minor (false) Optional bool age_over_13 Confirming whether the person identification data user is currently over 13 years of age (false) Optional bool Some countries have additional needs for "age_over_15," and "age_over_25" as well as for age_under_25 (for social networks). Some organizations have needs for "age_over_60" and "age_over_65". Rather than defining new attributes names each time there will be a new need, the approach used for nationality (i.e. "nationalities") should be followed. This leads to define two fields: - "age_over", and - "age_under". The issuer may wish to make the whole "age_over" and/or "age_under" field selectively disclosable and allow the holder to make the entries within the "age_over" and/or "age_under" array selectively disclosable. Such an example should be added into the draft. Maybe such a recommendation has already been done to the EC. If it is not the case, this should be done. Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] WGLC for SD-JWT Rifaat Shekh-Yusef
- [OAUTH-WG] Re: WGLC for SD-JWT Jeffrey Victorino
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Neil Madden
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Judith Kahrer
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Denis
- [OAUTH-WG] Re: WGLC for SD-JWT Michael Jones
- [OAUTH-WG] Re: WGLC for SD-JWT Dick Hardt
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd
- [OAUTH-WG] Re: WGLC for SD-JWT Brian Campbell
- [OAUTH-WG] Re: WGLC for SD-JWT Watson Ladd