[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt

Steffen Schwalm <Steffen.Schwalm@msg.group> Thu, 14 November 2024 18:50 UTC

Return-Path: <Steffen.Schwalm@msg.group>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74A13C14F6A8 for <oauth@ietfa.amsl.com>; Thu, 14 Nov 2024 10:50:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=msg.group
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u0PVi2hKfjJh for <oauth@ietfa.amsl.com>; Thu, 14 Nov 2024 10:50:16 -0800 (PST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2081.outbound.protection.outlook.com [40.107.20.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24F08C151084 for <oauth@ietf.org>; Thu, 14 Nov 2024 10:50:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g90NLeuCbc1E3edgoTAJ1RxqRCCYjA7IjoHMheRNAU8ft9DrlTU5HbzJr5maTHS427f/jYJRpd19oTsTu1HEdGwqWDBecz50c8FJ0I4LidaD9JrO0V1Qui6OTBhS3OFXPBWWiRYhkowIqda9LoDYShKf44pJbvddrgM5kli5lP0td7pIYiBIquOuOrTlQVTNMjB/7GMTC2C/8W18jQjkgDvs6zGfqaWZjUG5YOJAmIhb5tCC89rLBIYjKHjlsrzznG7mjdSOYDQNbbKfiLZbeDgRCyBOJU6oLLJHawwgSW+0hGUcIV8a1BYlHTUh/D7MI4l+cXF7dfM1LCFGIcdVkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CFnv6397kJu4uTyw17DBeeKyJm4CqLV88CNcvdRqJyA=; b=nvNH5vs6jtXZhJ87Itm+9yBZ9mYa+ndzrWJ+7b5yPgrsV9fbD1DjgRoYums1M6uS1tePgBth0+B7UMFWyMGCMq2e5Gp0D15j5PcXAL7zEd0TNS8fmk/WC3jJRI1eEKRBEoFRTeVX461EMpIOb+AeuZzLOKmU68vqUAFzPNwPYWXwQ6JgWIhRQxZMZ5dRgQ9iKm30IHqQaqgWcSN6fX7gLhfGcHCUT0F1jwu6UyYD1wieNzAG+5cIlN2ibdrqfGlPkslLmJ0s5he0VRrd1xJa1r4l9r492OSuAsy+etgI56Zs82TmuvnQYV2RDsr7/78GbvfWS5ghsxCDD82MD+5nxw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=msg.group; dmarc=pass action=none header.from=msg.group; dkim=pass header.d=msg.group; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=msg.group; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CFnv6397kJu4uTyw17DBeeKyJm4CqLV88CNcvdRqJyA=; b=TEgPoNQE4rikwwwOjei/D5qi4hSVLfJ5S/fM2/RrB8VzOXhGYhs8FDQMyGssWU2eV8uWBJY22QLotBXwqmjwZ7ADx20nUKJSZvmPNNuv/fXw49gf5ya7P1gwSlXObS+rqvqIi80J+Sfonk5M2f5ukIU8uVkDCWKtcl6NlsoDgnFYvDoitZXsBYCun+TVgGFlwp5ggATnRBXvu/Y+TTp7exK2vp2CYCf0E7D7w1qLLBanRfvd8upYAJUN6szjMsLS04pFKaZIr728TGo/tCXD6fsyN59AqmhSRUC1BsZaD4JHNuBBKz1tmAcaQa50fAOLlZ6DlaGI1BHcTKjWIFQf+g==
Received: from AM8P191MB1299.EURP191.PROD.OUTLOOK.COM (2603:10a6:20b:1e4::17) by GV2P191MB2187.EURP191.PROD.OUTLOOK.COM (2603:10a6:150:a8::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.17; Thu, 14 Nov 2024 18:50:12 +0000
Received: from AM8P191MB1299.EURP191.PROD.OUTLOOK.COM ([fe80::252c:da1d:9d86:7765]) by AM8P191MB1299.EURP191.PROD.OUTLOOK.COM ([fe80::252c:da1d:9d86:7765%4]) with mapi id 15.20.8158.017; Thu, 14 Nov 2024 18:50:10 +0000
From: Steffen Schwalm <Steffen.Schwalm@msg.group>
To: Daniel Fett <mail=40danielfett.de@dmarc.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt
Thread-Index: AQHbNg+ja8FCONL2fku7gNvzujBvA7K1t8RwgAFaT4CAAADw0A==
Date: Thu, 14 Nov 2024 18:50:10 +0000
Message-ID: <AM8P191MB12990DCC89709040328D6845FA5B2@AM8P191MB1299.EURP191.PROD.OUTLOOK.COM>
References: <173153074770.1068691.9710905485591752899@dt-datatracker-5f77bcf4bd-4q5pd> <41e7b267-f119-4ef9-bce1-5f8db2b9589a@danielfett.de> <AM8P191MB1299BB5A33EF566AC23B9EC2FA5A2@AM8P191MB1299.EURP191.PROD.OUTLOOK.COM> <d7aa4727-2ba8-4592-99ca-b0d59d3590c2@danielfett.de>
In-Reply-To: <d7aa4727-2ba8-4592-99ca-b0d59d3590c2@danielfett.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_ActionId=851902d6-8b4a-4ddb-80d1-2601542eb833;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_ContentBits=0;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_Enabled=true;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_Method=Standard;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_Name=Alle Personen (kein Schutz) - Any persons (no protection);MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_SetDate=2024-11-14T18:03:54Z;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_SiteId=763b2760-45c5-46d3-883e-29705bba49b7;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=msg.group;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM8P191MB1299:EE_|GV2P191MB2187:EE_
x-ms-office365-filtering-correlation-id: 009d0bd9-bd80-4691-6b11-08dd04dd2a95
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|4022899009|366016|8096899003|38070700018;
x-microsoft-antispam-message-info: uO58CIZ/+2C6+ARPnLQUTqYpETbQ+barPTamCDP2vzbGbaG6oY5PFUw0SbCxi2VvlE5jiS4jvcFqwRQKgm1HerEsSLt1QY3JhwbzF9oIdxCQQbWJsYY4JAwvciWkOuVwNzU/YnLeS3u4w1Lsweh6pijBoAycbYCQgX/8suM2uQNKHKX+mVnSeT0gUQsv0UvxK+9O9axajZHA+8BVOxiHUQ5qxwxgdgnEaV7gVLVEt94DKmJLD5qEGYrXfza7wZcyE6W+nPMS2NZeCJO0UBKf07nFXNM6DjKg4uv1Cz4+ktqH7EpPcyexhNyjp89gKmtsb9/m4zst7xv80KBSW/TX9nSpmt4trbaTeVRkimnaTCZ38VwarlhAm+WibuV14mCJlYUbxXLhC1X5234mISAYY+ld3n0A1iEGtS7zwgq9D+4iUTmtSmjCrPj0/HPG8eiJQvpQ84ud/7aWHNE3sfM3jYUuvpBxbFatQ7NLLg6KWR+YbrnVC3qYiQKUGSzwGSW4ZjWj6TGPDyPxQ9C6nIulptO6AY1UsuZzxxPQ0BpFEntkfQiQ3dspCkagVA5s9v/8s9h/RHzOn6tWOvC8qUaR45UfohjjK6rEOB4PHL/egtdYKAkSBF2CFX/QS63aiI2lwR7uZy6S6LdjHLqedN4NWYVRlRGNU9adNkAwugTaYmWAzeDcW6UB2I0iONXL++I8fEJ2kaAlOeByzOvW4rT1XqUu3dT9s0ONnB6kCk0NGHkWvl8h7XrK3G/0I76ZMOVTV4LMCQTnWAscWLEg+UovVRQlhqoVR160c9OQrRUGbN2cUfLAne3ZYjScJsYhnU5ovS6sbQYa+JV93je6EBtNeYZlgMYsKHfVvux+tLPbB5iv4niAWuhdnpXnK3CyArq1MaxlQEb1TSPvg8fBL8PhyFgJ8iPoy/hc8WvYFZ8aPZ3RpyO1IMUSKY7HGNFhfaDst7lFnS2TO8YbHpLPPZNVhXiz3uLFSJuLGuQ/xvS5GO+0dD67TpZcFiq2AarrUBbIVcputnmjsF+dFD52LCP761IX6Y2akxPLfYcEkpANUrWqMrELjzBfOHbrqa0EEtEUpdzyRC9iSSwBtw/rY6hWMUqeX8zVdDJsgrrDzp3oWhhPcQ15dYcq4DoGVb5ChkDmMyurCO2mmXFLGEuatCk+SfR0RMDJJreH4xSVBDXjxXStCrj2vhgYj4CEv9Vxvy8psc/anlQItVUJSO6mwWa+2XCqRTa7JbC/w6S+Mi1jG69SPCImaRZZDwt5Q+FHd1gh7LC99sb61Wtkw6mHGNJ0UKHD8wua2NIbN20bvzIwRVYAdwteUTcR4bUCz3DQSpImuuxTmckWsyWLHCwX2Al/nA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM8P191MB1299.EURP191.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(4022899009)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3gVzU0FRgBND4G29OOZepVd6+mc94nn++L+hNCiX9AATnO3KbcHI8m2CtYJ3ULetbRDw5xsaWl0IHO2Q7anjVyIZ29gPeXgl16Yp5kXMD4qiSdcc4S/DILRsCnZNrWK9KIQTAzkEkFjaOtD1u/DnXBPZFdOEc8l1rSp50bOJHXKrFvknoMCG9w0JGw8V3V/MPmmRSRVictjWABW2in7p9a6QwXT3rk3ISXuCL+VeipD+5qPsdhW+wylEpuoRwjVM/i5P0ENf/toRN5AdjQ3CUMVYEs4/ImLyACdKuDNW9zlfoNSA3I3k7YWRS+WoaXbw4J7+VrAG03+V3gQ1SsTaJyt/5KIWuMVyk8oG5fJdvVs5pMnV0tiTMtDvBdoWW9vI5ARHFeGSAjXaBkHSMDwvy7t91rhBY4E1WbGqYzQTuIbelSLYcoG1Kstoh3ZFmSGIYOvjpV3XCU6w1s8NOIaMSkZJt5NKydV0Y0a/tQAl3sGjslX3EiYN1HR/SMlcYo6VjlbwIojEUU+qUDXLPCNUQhw3qD0tUz6lQGP6zLFSmoDmjJh9SeN9xaXzNqX0LwTKm3YEcv+ewutYfFrlzKva0RyeS9OUHE/cgAIKBslVP7DOqCH88Mzv6kd7FS/+akMJ/yqSI6AaCBEqTBMhNKsB9FBEcgJ9OUIi0t2nwWG2OUMdpyrAV7p36oGswwt7mzYhNkmYMlhFPX6iDtzIeWdXU82MMAtQbdzHgokosVgl03mnOot/9M1dyHcX7Y5rKzfPF7137ySOcr9YBR+eBdEm8CBH4kePZhaa2OouBZpt9Q+UjoziHzZm6YyQ5HVZn+FYg4x9Pvpeo/meAF7U4KVgIyRwF1WcuPaaR9aMEGFv0p/x8+AzyKFegoiFekHqrCS/MT0b7B1RWayp3YYbfX0B15oMW+93wjB8agrTrOubBzfbj/yzoH+vVWaMGFxtp9vHM2gQpjYXgedGMf4L5riPKVsLedCSQbgyS/tq8hbDB5dPaiOZDZP6ejKGb2JLOwe4ovAurp0kYFFbgbYcmJtQSETUHY/nDT1BOjmoKBzKbMhgpQkk4q6/dLmIEKbV7KQXrcPMyYxJgMK4aWqrR3OzwleEuDSbXx/dumqjOmvKkc/C1a3bUVwqsysmLTkRWdRBLfYn5DdwhmHoVZf2k/OpJdOHt+BtnewBn6X4gR3QjUpYaMpTzeNOoJUfmU9qh/OBptSjkuld7psV2XeHsvxfwdMDoAsfy2BhQEGO9D/ROR5MYtScmCTUhL9p6f9/zLtjoHj40SuY+AAQIjZwmaZQy8Xns0M93nsjjoaCdVlCFVcP9QQ7LxSwb9X4Cz7fFTwI52neoRW+ktvvahVaAGAULHpfMdqJ05FR78SxHaTeIKTP8tpJfXcbhzGECa+aEU2OzQPyI94KDJf7HXOdVWEPumWFfXavm/Cva0dM7IZP5le7GYw/8L/Hwr2Qp8a0fPzGBGnM5/U06DMo7l2AwSndY/4yaD9e8FPLCYXy99kkPG844p3vcHjDKA66QsfnGCfpblAkVdVXBZB/ziYFwl6cxW/EtAaBGxF4+3DoJQDEdeL/nW7sngi3Ebp/Yw0ddejVzM2eb18IM44m01scGWIE3w==
Content-Type: multipart/alternative; boundary="_000_AM8P191MB12990DCC89709040328D6845FA5B2AM8P191MB1299EURP_"
MIME-Version: 1.0
X-OriginatorOrg: msg.group
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P191MB1299.EURP191.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 009d0bd9-bd80-4691-6b11-08dd04dd2a95
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2024 18:50:10.5107 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 763b2760-45c5-46d3-883e-29705bba49b7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ouFpTnnl7X726nXm2bhBLMZNu+7GMBzg020esLnaUa6Tp9prjTrD6qU1/9Xg164wq5cMPFYp9VwlBOpdXg+NhjJm4obBNfiUyuKG/E+eLQY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2P191MB2187
Message-ID-Hash: Z67CZLXQ2BQKOR6WKZQXRSQXJK467NLD
X-Message-ID-Hash: Z67CZLXQ2BQKOR6WKZQXRSQXJK467NLD
X-MailFrom: Steffen.Schwalm@msg.group
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/EvyxGoLebAbXhU4T8msQSZoYEKU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Hi Daniel,

first of all to be honest the tone of your message is surprising as you mention assumptions like “The previously provided text on DIDs was underspecified and therefore not helpful, and a more complete specification would exceed the scope of this document while interoperability issues would remain. We think that those ecosystems wanting to use DIDs are best served by defining a profile for doing so.”. Who is we? You personally? The experts? Looking in [1] it seens like your personal opinion but I might be wrong. Means you deleted DID reference obviously without consulting all experts but I might be wrong.

I refer to [1] (comment from Brian Campbell) where an consensus is assumed which, if you look at the discussion, obviously does no exist. Means you created your draft obviously without consensus. Regarding the other stuff:


  *   Section 1 of RFC 2026 defines “These procedures are intended to provide a fair, open, and objective basis for developing, evaluating, and adopting Internet Standard. At each stage of the standardization process, a specification is repeatedly discussed and its merits debated in open meetings and/or public electronic mailing lists, and it is made available for review via world-wide  on-line directories” The fact that somebody of the Authors assumes a consensus while parts of WG protests makes obvious that a fair and open process seemingly not really existed, same with the open debates etc. Seems more that the authors decided to finalized the new draft, ignoring opposite opinions. So exactly this obviously missing consensus or alignment with the experts during drafting is missing – otherwise there won`t be those protests in GitHub

  *   Would be breach of Section 1 RFC 2026.

  *   Beside RFC 2026 I refer to RFC 8874 valid your drafting of your own document “More mature documents require not only consensus, but consensus about specific text. Ideally, substantive changes to documents that have passed WGLC are proposed as pull requests and MUST be discussed on the mailing list. Having chairs explicitly confirm consensus on changes ensures that previous consensus decisions are not overturned without cause. Chairs MAY institute this stricter process prior to WGLC..



     *   As you obviously have no consensus you are on breach of your own rules as Deleting DID References is mature change!
     *   Decision about this is not in hands of authors as Brian Campbell seemingly assumes
     *   If I have overseen the related discussion etc. please point me to it
  *   RFC 7282 Section 3
     *   According to Section 3 of RFC7282<https://datatracker.ietf.org/doc/html/rfc7282#section-3>, rough consensus can be achieved when all issues are addressed, but not necessarily accommodated:
     *   But Section 3 also defines: “What can't happen    is that the chair bases their decision solely on hearing a large number of voices simply saying, "The objection isn't valid."  That would simply be to take a vote.  A valid justification needs to be made.”



Exactly this was, looking at the discussion in GitHub, not done.

  *
If you now try to achieve this rough consensus, this would solve the issues on Section 5 and 9.2 but unfortunately your draft is in breach of RFC 8874 as assumption that for drafts no consensus needed is IMHO wrong as it`s a major change to delete the DID references. Beside this you are in Breach of RFC 2026 Section 1 and 2.

Would recommend you withdraw your draft and start the discussion in GitHub again as a draft which is obviously developed in Breach of several IETF rules seems not the best basement for discussion in Mailinglist acc. Section 5 RFC 2026.

A formal appeal against your approach will be started if we can´t find a consensual solution.

Best
Steffen




Von: Daniel Fett <mail=40danielfett.de@dmarc.ietf.org>
Gesendet: Donnerstag, 14. November 2024 18:01
An: oauth@ietf.org
Betreff: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt


Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.

Steffen,

I am surprised and somewhat startled by the tone in your message. My message to this list was clearly intended to find the rough consensus that is missing - that's why I pointed to the two threads of discussions - and not to ignore the usual IETF processes.
Am 13.11.24 um 22:34 schrieb Steffen Schwalm:
great work! Looking at [1] and [2] there`s obviously no consensus – which implies a breach of Sections 1.2, 5 and 9.2 of the IETF Directives on Internet Standards Process.
These are strong accusations. I presume you're referring to RFC 2026<https://datatracker.ietf.org/doc/html/rfc2026>? How would Sections 5 and 9.2 apply here, even remotely?

An assumption is great but not sufficient as in any standardization body.

Again, finding this consensus is precisely what my previous message intended. Maybe this got lost in translation.
According to IETF rules the consensus shall be ensured before announcement of new version.

In my understanding and experience in this group, draft versions are just that - drafts. They can be changed at any time and this can include reverting previous changes if the working group comes to the conclusion that that is required. A new draft version can be the trigger to start a discussion to find rough consensus on a specific topic.

As far as I know, there is no part in the IETF rules that says that consensus on any change must be ensured before publication of a new draft version.
 The profiling you suggest is technically the worst solution as it leads directly to additional effort to ensure interoperability between fundamental standard and its profiles and extend complexity unnecessarily. Means the inclusion of DID in SD-JWT-VC shall be discussed with the relevant experts such as Markus Sabadello, Alen Horvat etc. Decision making based on actual consensus not assumed one.
As above - this discussion is exactly what I wanted to trigger. It needs to happen here on this list. If the outcome is that the DID references should be preserved, we'll do so.

 Formal appeal acc. Section 6.5 of IETF Directives on Internet Standards Process will follow in case the IETF directives will still be ignored.

Ok.

-Daniel

Best
Steffen

Von: Daniel Fett <mail=40danielfett.de@dmarc.ietf.org><mailto:mail=40danielfett.de@dmarc.ietf.org>
Gesendet: Mittwoch, 13. November 2024 21:03
An: oauth@ietf.org<mailto:oauth@ietf.org>
Betreff: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt


Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.

Hi all,

we are happy to announce version -06 of SD-JWT VC. In this release, we're updating the media type from application/vc+sd-jwt to application/dc+sd-jwt (for background, see Brian's excellent summary at the IETF meeting last week [0]).

This version also removes references to DIDs in the specification, while leaving the door open for those who want to define a profile of SD-JWT VC using DIDs. The previously provided text on DIDs was underspecified and therefore not helpful, and a more complete specification would exceed the scope of this document while interoperability issues would remain. We think that those ecosystems wanting to use DIDs are best served by defining a profile for doing so.

We would like to point out that there are concerns about this step raised both in the respective issue [1] and in the pull request [2]. While it is our understanding from various discussions that there is a consensus for the removal of the references to DIDs in the group, this change had not been discussed here on the mailing list before. So we'd like to take this opportunity to do that now.

As a minor point, this version adds the “Status” field for the well-known URI registration per IANA early review.

-Daniel



[0] https://www.youtube.com/watch?v=LvIBqlHkuXY

[1] https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250

[2] https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/251
Am 13.11.24 um 21:45 schrieb internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>:

Internet-Draft draft-ietf-oauth-sd-jwt-vc-06.txt is now available. It is a

work item of the Web Authorization Protocol (OAUTH) WG of the IETF.



   Title:   SD-JWT-based Verifiable Credentials (SD-JWT VC)

   Authors: Oliver Terbu

            Daniel Fett

            Brian Campbell

   Name:    draft-ietf-oauth-sd-jwt-vc-06.txt

   Pages:   53

   Dates:   2024-11-13



Abstract:



   This specification describes data formats as well as validation and

   processing rules to express Verifiable Credentials with JSON payloads

   with and without selective disclosure based on the SD-JWT

   [I-D.ietf-oauth-selective-disclosure-jwt] format.



The IETF datatracker status page for this Internet-Draft is:

https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/



There is also an HTML version available at:

https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-06.html



A diff from the previous version is available at:

https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-sd-jwt-vc-06



Internet-Drafts are also available by rsync at:

rsync.ietf.org::internet-drafts





_______________________________________________

OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>

To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>



_______________________________________________

OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>

To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>