IETF Logo Mail Archive

[OAUTH-WG] Re: WG Last Call: draft-ietf-oauth-sd-jwt-vc-14 (Ends 2026-02-19)

Brian Campbell <bcampbell@pingidentity.com> Fri, 13 February 2026 19:18 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0C6A2B720D7F for <oauth@mail2.ietf.org>; Fri, 13 Feb 2026 11:18:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7W1GPoAbljg for <oauth@mail2.ietf.org>; Fri, 13 Feb 2026 11:18:37 -0800 (PST)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 799F7B720D71 for <oauth@ietf.org>; Fri, 13 Feb 2026 11:18:37 -0800 (PST)
Received: by mail-ua1-x932.google.com with SMTP id a1e0cc1a2514c-948c3ce4d35so738352241.2 for <oauth@ietf.org>; Fri, 13 Feb 2026 11:18:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1771010311; cv=none; d=google.com; s=arc-20240605; b=Fo2YoXaFbdmvOvnm9sgH/ZSKAiJ3UgDWo7M4J6GV33HxuzLAjNpJl9EdU9HhjlDT3O lGgpyECoVD3iL+NUO3FsdpXZWdKe8LrBSjgac8e129uSnY+mlw/HN079H+DKoYZgCbC3 qfa1zhKq+gNXe3aKLKpuCRYMiKSnoP1XKkm7mJpyUJAhgGAfDDrEdW1fge6/Zf5QdYUN phmXA6b2jCUi2iU13trwk6gRPczyk8lMMZPDoFgznz1/wkOBT0T2F8su4HfqyY6poRlW pcGdUd+462Up1oCcHQVhlZQK06hM5enNW1kYHdrpTLNepdPg9E3vlPhOmvoqvxLhXYE0 vexA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=WMJZk5BF+3xy8p7/8b46ySPQvm/A6DeErn6AAIcXW/E=; fh=7WL/iUDFFZN+2PLQy3vIJRvxdETJymskZ4XVOxUhfmQ=; b=FJEXumOqrpg1Aj/A3UT+r6QrLa01WS0RQEPrvfjBrbxz25qCZ25uOc/HxEN9VK3m+k MzhNIXAQmWa2gpoZqJW2yuHCqc6Fe1al4z+0fodDDInMPeZUP40UC3EnCOat9xpqcxia 3PjJQZBWr+c5raBeqBBZwj3Hx7iEv9botIwZa4LK6yXwlAM5fcFlXbp0GI3pIQyNmG/b rVuBoZXdPGzdEdrp2GcYzs1IehTYS8aBBEtV73k94wrHZPxNeCBdBnQaRDRRf6VLl6kh 5Q9e/Vmpb6pG1Pvr7zh0lBwr+uc8lUwxfRFu66uOXkDOKaAOlcfO2MAw6fcwCbbsBU6F USew==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1771010311; x=1771615111; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WMJZk5BF+3xy8p7/8b46ySPQvm/A6DeErn6AAIcXW/E=; b=aA0w+m56Y1wukqTrLwYJlvp7DOK6DjdEaIPNMRxWhEVNTV/PlkDTUnQEe982m/cdEV 0LQwFrH1MTrYe9DepSJZWfP0gy+kkWMTwA0HmBqo+0vDTR4GE5iJJ6Q3KuCdeVCkqVSs Z1IFZU+Awl4vgiWin2Q0OYo6UdXzw0HYPic342wAujPc45caSWMB85Vr56d85U/p8luD Gi1W4/KPYeoTpjLj5AlkELmd0wPyf4BAgxEVYZkJjvD9RW/Cs+C8wYbsSMATNJrzjAbk xVHgVfac+pSIKUOmPHTbCE8GJZibQdXRNTxvAKq5VsZPMigmijJOguxYlxzYqyPMK4vx GGuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771010311; x=1771615111; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=WMJZk5BF+3xy8p7/8b46ySPQvm/A6DeErn6AAIcXW/E=; b=eIBZ9DuA24um3RENSYBXnM/rzl/6eCUIFRptSzFtKoY1ra8qATZ5M0JOhAvwNkucll xC/BuXW1NiGTonZECn5ztiOdmaWgwhyrNfqbPg6/MLw4v6eAw9rmcZ5upMGJz0ReoZeA KBSMqCUYwb8kkYhjzTlfW1WtLuSp2opgO/0xsncqJDBEHGxXuMzpdGD1Sx10uRhBt8kS fsAfWVi2twglIlR4egvyQejvcJBayfnoDuKJFIrUb3MZEmzk+MtU54TyjFLJcl9wXhi8 Zsz4Ii6vkGzIwLJnJ5fg0Qi/6cAQMg8W2+mniSqPYPeTE+ACuIhX6PCJ50hCpWAH/QDB LknQ==
X-Forwarded-Encrypted: i=1; AJvYcCWekCUiikcoN6a2YysxInk5MTCw3tdcifStE9yFrzsAZa3JYoDkXTZn1HFTPIOeRmKcfPpZmQ==@ietf.org
X-Gm-Message-State: AOJu0YwSH2p+Vl4OpRGebASt5trZcXAmh+xScMmBKdrZGSEPnGY/Fflv 2JU93qOZgqrB1zfM0ziekvkZHLv8C07OkXOcg3IbJS22+ODfZnkZ1tc88XJjC3X4YpPjwEDvUw8 qlaguApR2SHfShb+z829itbyHd0rIcKi7Sk2fKh5fbUHNPR5Zu7CsxDblFLewZeLvA+Oh3DG1dB PKehxleXVD01OO9A==
X-Gm-Gg: AZuq6aLFOHG0OIybsMC+NBF5A8cAtJfLQE27Q9f2NX6gMXvCjMBu9hghWlPlhrPvZrk 6rFVlm8CdDu7kXVNHhwk9OEFg1ErzgpA3CPKKf7ig2rw3g8xjMr2fHswfOLZp8BtXfEOIt9NVNd KLdbIIbWBCyPSAxRXnG77cX0oZBE3t/7p/fHeKgh/DOn0m13SrxWhuZq81EGRCfWIO8l425tiPN fRFsJu8bT+/IvB4opxh6FskI47zDzso248EEsPR8TCbqIq5b00uMI7r9tH1LpG+n6CXHcPwoI6d BN0J3rvC2R+ly6WpwjRiuOmjOCIcXe9AoQAP9Q/fEfDyQbClOlnkCl/5qiOIhgg+EgOQLkFULkZ rXcs22zrXipF0I/R24TIyr2a5zSyzuf1CsQI=
X-Received: by 2002:a05:6102:1611:b0:5fd:f0d2:9ef7 with SMTP id ada2fe7eead31-5fe1afe2671mr1241342137.42.1771010310818; Fri, 13 Feb 2026 11:18:30 -0800 (PST)
MIME-Version: 1.0
References: <177032114272.336581.8537420287669384400@dt-datatracker-6bcfd44575-g5gjh>
In-Reply-To: <177032114272.336581.8537420287669384400@dt-datatracker-6bcfd44575-g5gjh>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 13 Feb 2026 12:18:04 -0700
X-Gm-Features: AaiRm50Zvjw2UFnqt71GUWm7Ju0Xyw-9k8Jq7fsL9RprMJ4Z27m5NwdYA3KL0dA
Message-ID: <CA+k3eCTSbqwHF7=wQWWcjuF3omNnqkNdAz2qp1L03jhEpkm7Lg@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000786326064ab9787c"
Message-ID-Hash: KMBQ2QQMHV2VCNV6XVFKI2GZB2FKT7JX
X-Message-ID-Hash: KMBQ2QQMHV2VCNV6XVFKI2GZB2FKT7JX
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-oauth-sd-jwt-vc@ietf.org, oauth-chairs@ietf.org, oauth@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: WG Last Call: draft-ietf-oauth-sd-jwt-vc-14 (Ends 2026-02-19)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/LwIGmhiYL_Me5Dpg16J9178DEOM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

I am overall supportive of proceeding with the publication of this
document.

Some threads resulting from the recent DISCUSS ballot on TSL
<https://mailarchive.ietf.org/arch/msg/oauth/tHd5oWIXE8ZZjTaVXPtTmWd8HqE/>
about
it obviously exceeding the current and prospective future scope of this
WG's charter led to some more narrow discussions elsewhere, in one of which
I expressed my discomfort
<https://mailarchive.ietf.org/arch/msg/spice/4xr2I1IX_A4T_cDxlUUufH5QdIM/>with
draft RFCs linking to the product page of an organization with a
non-transparent and access-restricted standards development process and
pay-to-access publication model (at least without some contextualization or
qualification). While expressing that discomfort I was reminded
that draft-ietf-oauth-sd-jwt-vc-14 has a similar, if arguably somewhat
less invasive, product placement that I'd like to see addressed as part of
WGLC. I created issue #393
<https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/393> to track that.

On Thu, Feb 5, 2026 at 12:52 PM Rifaat Shekh-Yusef via Datatracker <
noreply@ietf.org> wrote:

> This message starts a WG Last Call for:
> draft-ietf-oauth-sd-jwt-vc-14
>
> This Working Group Last Call ends on 2026-02-19
>
> Abstract:
>    This specification describes data formats as well as validation and
>    processing rules to express Verifiable Digital Credentials with JSON
>    payloads with and without selective disclosure based on the SD-JWT
>    [RFC9901] format.
>
> File can be retrieved from:
>
> Please review and indicate your support or objection to proceed with the
> publication of this document by replying to this email keeping
> oauth@ietf.org
> in copy. Objections should be explained and suggestions to resolve them are
> highly appreciated.
>
> Authors, and WG participants in general, are reminded of the Intellectual
> Property Rights (IPR) disclosure obligations described in BCP 79 [1].
> Appropriate IPR disclosures required for full conformance with the
> provisions
> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
> Sanctions available for application to violators of IETF IPR Policy can be
> found at [3].
>
> Thank you.
>
> [1] https://datatracker.ietf.org/doc/bcp78/
> [2] https://datatracker.ietf.org/doc/bcp79/
> [3] https://datatracker.ietf.org/doc/rfc6701/
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/
>
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-14.html
>
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-sd-jwt-vc-14
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.39.1 | Report a Bug | By Email | System Status