IETF Logo Mail Archive

Re: [OAUTH-WG] FW: Call for consensus on SPICE charter

nadalin@prodigy.net Tue, 20 February 2024 16:33 UTC

Return-Path: <nadalin@prodigy.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ED9DC151065 for <oauth@ietfa.amsl.com>; Tue, 20 Feb 2024 08:33:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=prodigy.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qr0vqYJwkr91 for <oauth@ietfa.amsl.com>; Tue, 20 Feb 2024 08:33:32 -0800 (PST)
Received: from sonic310-24.consmr.mail.gq1.yahoo.com (sonic310-24.consmr.mail.gq1.yahoo.com [98.137.69.150]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A9F9C151520 for <oauth@ietf.org>; Tue, 20 Feb 2024 08:32:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prodigy.net; s=s2048; t=1708446743; bh=2TmbGbWzU8DvhtKYTQSALtcuzKbj4bicAFiDFDKMthQ=; h=From:To:Cc:References:In-Reply-To:Subject:Date:From:Subject:Reply-To; b=jguMhCRZyIyJgRaHZnIL35VqDxhkCcC5uYU//Os/9tPykv3OEBWobgRQiCqcb463FrDm0Iuf3UH10mrefuVbWhNijq2mXC2VoC4hk7djPjlult5NLsssDVkhy18PlGzeZTtRrz10tjtMKvX1AjBhCwAOfOrogo7ykfExrcupLZCcqnKhnk4it+b4YuiQOlC35Ppr3Qp2M9M+ATZUKkDwLih8IQ1gP1a9nuHvxQ8nDh9L2t2yjMSjsVzG+MzDBjgLe/jN8M/MOR14e1IM1tsMDRbeOdwJYh5LjHMlEXNdlsolQKqJywrWgYOT8798bAACbvkVEPJDOu3YTbg/vdIrwQ==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1708446743; bh=prDmjy6diJXdIQaZDnd1OnEWhn6FOK8ftoIkeao0K3y=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=ZEZ6mWsAKPH1Z19s+jzv+sr8VPE8azXYh/nAdBfBTVNn92TCAYbv7lT4050RZK3EGgViGeRX+Ut9tsRU8xSzfyO3NBe8+zeeztmx2Vp2jxQn+I8b6kma9JML7KtJUOK4FLaDFqkn2LlnJ3lL1CDBon//f+ZRgqcmgS+DrN/8g752u3W0B5zy2r25b7tP1eN+G+1/zj+GbR6Kn2gWwOdk/S4QJn7FDmg3flNSBQh7a1GwD0qP6XeBVBQA4ftcZiJ4drqrkMbct4Mz5WDz9y+XXIQNKHqtEw6Tq7oykDrFuI0Y51YQpaz5q2hMGBKGV6tUvOWp7KOWzAxs6SFyKMlOHA==
X-YMail-OSG: SzzHomUVM1kgxxJOt8PpmOhHL5xp6X6_pYTnaQ88mPOINjXHv2IlezS_4iU.cuU gZE4dcMj1_nwzEnmU5BBwHH0JUObdfpXagoEVLLT6MU61U0BVEPBTXKx_iaK28snrYmC4JQR.Dxq TM.9ib7Dn97LWbGZ1512Go.q_DsRo6ItXVYCA0CYcEplMJItVCCzH9w16_yEigqjYvQca7_wHBkz h6.TNyzoRdjFO4B.aWpiqSkrPTb5jNbxns5WltvMxFw5DPyzZ17kLzrNLIYRX.w0Ftc0PTddKCLg GhM4.gOD.QAEz5lGMNknpf4SAALnt8Q7XtlKlJix4P8vxbevR0HFxCvwTPGCs6.CjrzyafezLn9D pGqeORo2gSS9yapkVXHsWz54GpbHaeJxy_SwTK3IqjVcYoERNu3bBtJX9P5zzhGBecK3b6CkSP52 3W64ofzwWiDUUqt1VmL8O7N31rHA20MbGuHvgfRmYPxMuE7PTF7YaWLDKhpu2W4zLH9kkFEwqMah WPt_6.MBwWGHFT63cvCslngW.WbTdpFYXMVQnsotp384sNnlH3yu.6Jffo.nc2PWB1aFDSIxznL7 gAGpNrIZRkmqGp0riCbUIDPE4LyxZbh4ULetPZT1MFeax.vJ31J48irEXV5AQ7wphSt6n1sVGmTE jSpL9jnebVQwNPqQgI8i3DNScfZtvUnGXlOjWu_uT.9ISCkc0FPaHkbMNjP.MxynORlq1D6DzwMG zOsg6r8O9d5c_0blAZyLIHIQZXiwIOCrQ1NgUKKDayhikiNAzoY6idRQ4khwUNPh83IF1GZ5iysC 2FKR_oWaQ4RDTiZovGWKBZqaU2RtvVkev_5QalqBb.mQdrAus0tBpF48NbIILoqJLuPYPqC2cnQD Aj9fMm3DesBB.c6wE2XJzZ5Icn_ZyMV65C_iy0chIQbPy6vfppctPmcU43UlaA.WcPgBK_FtZKY. KT.GeyZMFtIC3cdPpgIZXzeY7jvbwep5Uv1Y0mXKDTntLVq.u76Dxn3QfPK78G4cMCbIpCW7_Zld 8D_qJ6UuqpsHsmk4.UZaC_vqZ5Vo1ZSATViUI25uOfi2OAJHprJggKuDwOc2uD2vIPzWHPKTzAYt w80eo2syCNFjec59J_YGsZEY69xI6Q0.nIiotHdln3bjSo4XY3TDP.9Ch1F9WcOL8dOq2GosZdG9 2.vsINKjnHj7HxXDFNkV_S0Oq0gAAVSlG5oK8zGKkByV2Ds14T4PO7m7hbqx0X_zXiJp6avrtDBd BeznMqcPZZwWa6e4oqcyBnbGK15BHvJWv1otK0ldWgMjj9LIOyeDFJ9RAQ2dsYwu9dWEEOn25So_ fnpyVYTJHoh5x0FBLy646J1oy2fbQhXe29S5lrrxvp0t0fNBlS3KiefluQPQidX3c1hNA2_Xztn8 0LSjF5OuY2NYR6_IuvnLaO7sjLeBUsvWN7rocqlqZ9mGqNmjh8rMDbTxTskk5YXIbBdH9xft14KQ BTKsj0D1NfsKXX7GBPGYnr4_4VfYripSlfi0__qv4V.IK8BKrng_gCeCod9TVELVG7gTp074K6qV 8WYcWCdKcYdRDC.SwajQC6_oEilbo07KTpl5o7dAYS0x6IyWOMdLlvTSj_jOIx9ZtRC7Y69lqs9B 4SDxhzgVE7Dhnsx57WvcdTmNPi8ZV856DUKsywbuZ3BpVknobUCqFyQ1VJNUUVYDfLxEJcMsqZ8b JbtbSSxUwor7JLyUQckDP1FJjheJQLtHBp6N_AtBcTnhoVwTM5EN0zAiKNceR8j8YmlE2xs7EncN ypytUJ06S_iQZaV9Id0PzF5V4MvYTu0GOSddj15TZJGx5oapotsk8kaRy7xzplSiT5C226LX4sMP ND4janztIH1dvcDIxA7LO8nGLnfYyqrr0u53.sGXWlMS6GdMBQOvDeunH6L99lH2yHflY50ppFdE QyHlTKrYmUJ1oHmI4kyyBflPqTL1xaNC5a5HS1G01P0Gf_eHX80fXFi1ZHp7SZ.NdOe7zXQOuqVo QJ42km0ZLlWEzRol51Er84zpRMB3VXFXlCEXA9iiRVfCS0HQRZ8TFkDaUanX5ZnWEeN6d40Q7PSr V.AbS_Qw2FBGpOc10UXyhLvMPXQJiw7PflWj4d.8YvY97frGcUPnFK69hp3MFqWFhg.1AaSjrBpq 5mXxiF59t6xZH.OqatZpcAg1ObdDmVowcFfnz5cHoGH6YzUM6vDCQQvxPmLMgvfY.l54htpG.0xx r3JmGegmXdummabq9B_VsojycF8CDQnzYlondaxYlg6Yn0szPodJjx0mDMIFLQgN.o7NExB2M2aT kum7hmfolGBFYylSp8kTK4mLG8n88noN1gJSoLwrQzZI6MGLVVg--
X-Sonic-MF: <nadalin@prodigy.net>
X-Sonic-ID: 654cf0ec-c037-4e9b-b29b-c15c7c7ddfe7
Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.gq1.yahoo.com with HTTP; Tue, 20 Feb 2024 16:32:23 +0000
Received: by hermes--production-gq1-5c57879fdf-7pjsc (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID b1dccf4db9f19acea2cd3e8f59247a0d; Tue, 20 Feb 2024 16:32:19 +0000 (UTC)
From: nadalin@prodigy.net
To: 'Orie Steele' <orie@transmute.industries>
Cc: 'Roman Danyliw' <rdd@cert.org>, 'oauth' <oauth@ietf.org>
References: <BN2P110MB110725C85B7253C421DDFE71DC4BA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <BN2P110MB1107C4999047DB10B00E71ECDC4BA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAK2Cwb4okK1T67-4KyZTKBc846wcP7MVizZ2QYgJJFAcUcPz9w@mail.gmail.com> <07e701da6046$40e704b0$c2b50e10$@prodigy.net> <CAN8C-_JjmwhT3+347WybBV4J0f0ki0XH7GzYrMxozDxk25cVzQ@mail.gmail.com> <175f01da639c$e7c77ef0$b7567cd0$@prodigy.net> <CAN8C-_+=jsA35PdtsbnOeBg799_g84RfGSVX6do3xE+S1sLSyw@mail.gmail.com>
In-Reply-To: <CAN8C-_+=jsA35PdtsbnOeBg799_g84RfGSVX6do3xE+S1sLSyw@mail.gmail.com>
Date: Tue, 20 Feb 2024 08:32:18 -0800
Message-ID: <1b6601da641a$5f55b270$1e011750$@prodigy.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_1B67_01DA63D7.51399E60"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIOsEhqi/t9H2NGLATiCNmpI1/XrAGrwh8gAlXIWE0CqE+0SQFmikdoAi2a0PYCL9eeQ7BHZVrw
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/hRMuL406cwb-bhbzMKsMXvYSezc>
Subject: Re: [OAUTH-WG] FW: Call for consensus on SPICE charter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 16:33:36 -0000

Introduction

Digital credentials are essential to identity, authorization, licenses, certificates, and digitization use cases that are part of modernization efforts targeting efficiency and transparency.

A digital credential expresses claims or attributes about a subject, such as their name or age, and their cryptographic keys. Some sets of claim names have already been defined by the IETF and other standards development groups (e.g., OpenID Foundation).

Digital credentials typically involve at least three entities but can include more:

*	An "issuer", an entity (person, device, organization, or software agent) that constructs and secures digital credentials.
*	A "holder", an entity (person, device, organization, or software agent) that controls the disclosure of credentials.
*	A "verifier", an entity (person, device, organization, or software agent) that verifies and validates secured digital credentials.

In some contexts, holders may be willing either to partially disclose some values of their attributes or to demonstrate some properties about their attributes without disclosing their values. When disclosed by an entity, a proof of the digital credential needs to be provided and verified, so that only the legitimate holder of the digital credential can take advantage of its possession.

Some holders may wish to carry more than one digital credential. These credentials, together with associated key material, can be stored in an identity digital wallet.

The W3C has published the 'Verifiable Credentials Data Model v2.0' specification (VCDM) with data serialization in JSON-LD. In this charter, the VCDM defined concept of “verifiable credential” and “verifiable presentation” is captured using the wording "digital credential" and "digital presentation" respectively.

Goal

The SPICE WG will profile existing IETF technologies and address residual gaps that would enable their use in digital credentials and presentations based upon JWT and CWT technologies.

*	The JOSE WG is already standardizing a token format for unlinkability & selective disclosure in the form of JWP/CWP (draft-ietf-jose-json-web-proof <https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/> ). The SPICE WG will profile these token formats for use with digital credentials.
*	The OAUTH WG is already standardizing a token format for unlinkability & selective disclosure in the form of SD-JWT/SD-JWT-VC (draft-ietf-oauth-selective-disclosure-jwt <https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/>  and draft-ietf-oauth-sd-jwt-vc <https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/> ). The SPICE WG will define SD-CWT/SD-CWT-VC, analogs for these JWT-based tokens but based on CWT.

The SPICE WG will coordinate with the RATS, OAuth, JOSE, COSE and SCITT working groups that develop architecture, patterns and definition documents related to the identity and credential space. The SPICE WG will build on cryptographic primitives defined in the CFRG (e.g., BBS Signatures) and will not define novel cryptographic schemes.

The SPICE WG will not develop digital credentials for any particular use case. The SPICE WG will create general-purpose profiles which will enable credential issuers, holders and verifiers to easily build on existing IETF CWT and JWT technologies.

Program of Work

The SPICE WG is expected to develop:

*	An informational Architecture that defines the terminology (e.g., Issuer, Holder,Verifier, Claims, Credentials, Presentations) and the essential communication patterns between roles, such as credential issuance, where an issuer delivers a credential to a holder, and presentation, where a holder delivers a presentation to a verifier.
*	Proposed standard documents for digital credential profiles covering JWP and CWP (from JOSE) that enable digital credentials with unlinkability and selective disclosure. This work will include registering claims that are in the JWT and CWT registries to enable digital credentials to transition from one security format to another (i.e., JSON/CBOR).
*	A proposed standard document defining SD-CWT, a profile of CWT inspired by SD-JWT (from OAuth) that enables digital credentials with unlinkability and selective disclosure.
*	A proposed standard Metadata Discovery protocol using HTTPS/CoAP for CBOR-based digital credentials to enable the 3 roles (issuers, holders and verifiers) to discover supported protocols and formats for keys, claims, credential types and proofs. The design will be inspired by the OAuth "vc-jwt-issuer" metadata work (draft-ietf-oauth-sd-jwt-vc <https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/> ) which supports ecosystems using JSON serialization.

Milestones

*	04-2025 - Submit an informational Architecture document to the IESG for publication
*	10-2025 - Submit a proposed standard document covering a JWP/CWP profile for digital credentials to the IESG for publication
*	10-2025 - Submit a proposed standard document defining SD-CWT to the IESG for publication
*	03-2026 - Submit a document as a proposed standard covering Metadata Discovery to the IESG for publication

 <https://datatracker.ietf.org/doc/charter-ietf-spice/00-00/#introduction> Introduction

 <https://datatracker.ietf.org/doc/charter-ietf-spice/00-00/#goal> Goal

 <https://datatracker.ietf.org/doc/charter-ietf-spice/00-00/#program-of-work> Program of Work

 <https://datatracker.ietf.org/doc/charter-ietf-spice/00-00/#milestones> Milestones

 

 

 

 

From: Orie Steele <orie@transmute.industries> 
Sent: Monday, February 19, 2024 6:15 PM
To: Anthony Nadalin <nadalin@prodigy.net>
Cc: Roman Danyliw <rdd@cert.org>; oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FW: Call for consensus on SPICE charter

 

Inline:

On Mon, Feb 19, 2024, 7:34 PM <nadalin@prodigy.net <mailto:nadalin@prodigy.net> > wrote:

Orie, thanks for the response

 

I’m still confused on this charter proposal as I read this charter it is to create architecture, patterns and definitions for electronic credentials. The charter should be free of any technology including W3C, if people want clarity about what an electronic credential is then they can help out with the definitions since that is an output, so I don’t agree with how W3C is mentioned in the charter. 

 

As you pointed out below, W3C has defined credentials that are simply public keys bound to an origin (used as authenticators), and issuer signed claims about a subject (like JWTs)

 

So far the people who have been most active seem interested in generalizing the "signed public key and attributes" version of a digital credential. That definition lines up well with JWT and CWT with the cnf claim, and mDoc (as I understand it).

 

Most of the value W3C VC Data Model provides is focused on creating a structure for the claims that go in the credential. The security of W3C VCs based on JWT, SD-JWT, and COSE comes from the IETF drafts not from W3C.

 

Some of the protocol connection points also come from IETF documents, for example aud, nonce and cnf.

 

Most of the value JWT and CWT provide, is through the public claims and private claims in the associated IANA registries. For example, this is where the cnf claim that ties proof of possession to credentials is registered.

 

It's my understanding that mdocs have a namespace approach to claims as well.

 

Creating conventions for claims in a credential format is profiling. iso mdoc is a profile of COSE Sign1 in that sense.

 

You can consider the W3C documents that rely on JWT, CWT and COSE as profiles of those IETF standards. Instead of using JWT or CWT claimsets, the W3C uses JSON-LD.

 

A major reason for spice forming was to explore alternative claims structures, and to align CWT and JWT conventions for credentials that DO NOT require JSON-LD.

 

The way I read the charter is that interested parties will work on various profiles to map/profile various technologies to the create architecture, patterns and definitions documents, this will be done with various members that submit drafts.

 

Relative to WebAuthn what is produced is a credential, its not a JWT or SD-JWT but as the charter reads that is not the only credentials under consideration, if this is the case then the charter severely lacks clarity on what is the goal.

 

I don't think there is utility in IETF creating a profile for webauthn based credentials, because they are not meant to be presented beyond the origin they are bound to.

 

 

ISO is just another standards org, W3C, OIDF, OASIS, etc work with ISO with no issues, I assume profile will be created by various members that submit drafts, if no one is interested in mDL/ISO then that’s fine.

 

I still think this charter needs more clarity as I point out

 

Can you suggest text?

 

 

From: Orie Steele <orie@transmute.industries <mailto:orie@transmute.industries> > 
Sent: Friday, February 16, 2024 10:11 AM
To: nadalin@prodigy.net <mailto:nadalin@prodigy.net> 
Cc: Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org> >; oauth <oauth@ietf.org <mailto:oauth@ietf.org> >
Subject: Re: [OAUTH-WG] FW: Call for consensus on SPICE charter

 

Hey Tony,

 

On Thu, Feb 15, 2024 at 1:36 PM <nadalin@prodigy.net <mailto:nadalin@prodigy.net> > wrote:

1) Do you support the charter text? Or do you have objections or blocking concerns (please describe what they might be and how you would propose addressing the concern)?

Not sure I support at this point, I understand the need for an architecture document with patterns and definitions, etc. 

There is a lot of work going on outside the IETF in this area such as the mDL work in ISO that already has patterns and definitions along with credential formats (mdoc)  and transports (ble/http/nfc). I don’t believe the IETF should ignore these efforts since most of the driving licence and passport communities/companies are adopting this as one of the standards that issuers and verifiers will use. The same is true for W3C WebAuthn.


WebAuthN cannot produce standard digital signatures, and so it cannot be used to produce standard digital credentials (for example it cannot be used to produce JWT or SD-JWT).
It could produce authentications for public keys that could be bound to credentials, but because of the origin binding in WebAuthN, this would not fit well with the "audience" typically used for digital credentials (usually there is no audience)

You might find this thread on possible relation between mDoc and CWT interesting:

https://mailarchive.ietf.org/arch/msg/spice/xiRpmd-Bexv94qentlGg1Snjw1A/


The architecture, patterns and definitions should be free from technology, I don't know why W3C is mentioned in the introduction as the only technology, this should not be in the introduction but along with other technologies such as mDL/mdoc, webauthn, etc when describing profiles. As the goal would be for interested parties to produce profiles of other technologies to fit the architecture document with patterns and definitions.


W3C is mentioned because some W3C members asked for a term other than "Verifiable Credentials" to be used... and they asserted the "Verifiable Credentials" implies the JSON-LD data model developed in W3C.

ISO was not emphasized because formal coordination would require contribution from ISO experts, and we have had relatively low engagement from them.
 


I believe that the WG if formed should also think about holder verification and patterns and attestations that can be used.

 

Interesting. I think this is covered under the metadata discovery deliverable, but if you feel it could be made more clear, please send text.

 

Also there needs to be a notion of a "reader/wallet/etc" that can potentially store credentials (not necessarily the user or verifier) and release/store credentials upon "user" consent.


This sounds like an application to me.
How do you see this related to "credential formats" or "issuer/holder/verifier metadata"?
 



There are other models than the 3 party that VCs use, so these also need to be considered in the architecture,  patterns and definitions documents to enable profiles for other technologies.


Agreed, OAuth JWTs/SD-JWTs, and ISO mDocs are examples we have discussed.
Are there others you would like to see considered?  



I believe in the 1st 3 items in Goals but  I don't believe it would be in the best interest to define a metatdata protocol, as this sounds like this would be a protocol for obtaining DID documents, there are already many protocols out there for metadata retrieval, not sure there is a need for another one, if one is needed for DIDs then that may be better done in W3C as this does not seem to fit well with the charter


Discovering attestations for wallets seems to fit here, why should URLs or URNs (DIDs) be specifically marked as out of scope?

For consideration, JWK / COSE Key Thumbprints are good alternatives to DIDs which have been standardized / are being standardized in the IETF:

- https://datatracker.ietf.org/doc/draft-ietf-cose-key-thumbprint/
 


This charter seems to be very scoped to W3C technology, I understand that interested parties will have to contribute if they want to have other technologies included but the charter in general does not seem to allow this, so removing specific technology will allow this to happen.

 

We chose to use "Digital Credential" and "Digital Presentation" specifically to keep the door open to CWT and COSE Sign1 structures which are used in IETF and ISO.
 



I would be happy to give provide specific text changes to the charter.


I think it would be great if you could offer text that refines your comment about format support, and holder/wallet metadata / attestations.
 



2) If you do support the charter text:


3) Are you willing to author or participate in the developed of the WG drafts?

yes

• Are you willing to review the WG drafts?

yes

• Are you interested in implementing the WG drafts?

I'm willing to see how we can use these outputs with the other industry technologies.


Thank you for your comments.
 



_______________________________________________
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org> 
https://www.ietf.org/mailman/listinfo/oauth




 

-- 

 

ORIE STEELE
Chief Technology Officer
www.transmute.industries <http://www.transmute.industries> 

 <https://transmute.industries/>

v2.23.0 | Report a Bug | By Email