[OAUTH-WG] Fwd: [media-types] Last tracker issue for mediaman-suffixes
Orie Steele <orie@transmute.industries> Tue, 20 February 2024 16:20 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33721C151081 for <oauth@ietfa.amsl.com>; Tue, 20 Feb 2024 08:20:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFXxQP67q0NF for <oauth@ietfa.amsl.com>; Tue, 20 Feb 2024 08:20:07 -0800 (PST)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E2CC151065 for <oauth@ietf.org>; Tue, 20 Feb 2024 08:20:07 -0800 (PST)
Received: by mail-pg1-x52c.google.com with SMTP id 41be03b00d2f7-5dbcfa0eb5dso5246971a12.3 for <oauth@ietf.org>; Tue, 20 Feb 2024 08:20:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1708446006; x=1709050806; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=IR3FaeegmX2kZY36VJ5dihD9ECg3JTfI1UHcVnp7fTI=; b=fVsuCfdQG2niWAYWC7znpnMXmqa+oeXXY/Z0NVgT555YK/a4RnhF54WMTV2roDK6lY 0xRLeTYz3Gsnm/EgnQzTtKlyXtm+PpEjwPN6aI+gc3l12oucLZHE3UZulzLtUUBQ09Mf 71YmedR/1O5sT5TN7gC3qkGdsg5DwYA0vg51WOFF8P/cAkIGRAvntaPUAHc96Q7c9l8f i8bl06sceRH10WxS1HBLJKh8l83Ih1Ay8Asrld2yOx3mHKc6rrixsCGTB7xbKNdZgkha p0/mPAuWg9YCLSJzfJL2TntjRiWuNrqIT45r30hOwQqwh8v/Tw88O7qF0GFC/hF8kUaG EA8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708446006; x=1709050806; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IR3FaeegmX2kZY36VJ5dihD9ECg3JTfI1UHcVnp7fTI=; b=TQRputysdHhK5Zj3oLqMEViAYpRnrnt7RMaDtaXo5vIE5sy6vtfJ5vHjaXpOOk1f0C wd4PoFdpG82aEq/fy+ly2pHYUeAAZnnGdT/wxoG//NzPcY0/mRjMw8N2uUsaPQcPzzeq tpoyYLvqq+c4y42h2ZTrmyJAiaFet/hmk1temyYDYgqm+3NZetWF19CC2sL2EtI8bhJm HctSUsD1Vkaxs02HG+HFgDYWpQ6oee4s6Dm/lfqFrGMuVYxetnASS73LXs96PcTjsqss Kxk/PPoR0ksJPYRRacCywqVueH0/Reu0azZ3juMah992/i81Lqo00BAmfnWr9H6Lw/O4 CFUg==
X-Gm-Message-State: AOJu0Yw6UvwvpejF5ojKuA0VXbyFGEymDbFsoj5ZEmxqG+GZqB63TF6A 9fX9LPP7BWjdAyh8RaLuRo7MY8Jnm/dPStbR2dSX6aTVg+jX3WFXvs8RMX5O1Q9o0nAVJPz47AS nyPCwqSY4qYka4TLOmCB7lFUTYRPK/vGYv4kf3RFZ0pqY+TvFa0g=
X-Google-Smtp-Source: AGHT+IEe4eNJ/T8EQtxNZESBF8K8VqdHZi7fNxcQa4WqkZLStDLrQPigXj+KJg053g3UgQExiK3Wn/WGm6Fudms+gTc=
X-Received: by 2002:a17:90a:5309:b0:299:9e88:8099 with SMTP id x9-20020a17090a530900b002999e888099mr4198491pjh.46.1708446006461; Tue, 20 Feb 2024 08:20:06 -0800 (PST)
MIME-Version: 1.0
References: <CAMBN2CQbfAW2pmmxZZgbBOTUzY+TdYe5S8ve5cX_R30PXZJ=+w@mail.gmail.com> <CAN8C-_JGre8jtAenDCrV7JSwJWPhf9K7K6HiC4_cX6E+YLru+Q@mail.gmail.com>
In-Reply-To: <CAN8C-_JGre8jtAenDCrV7JSwJWPhf9K7K6HiC4_cX6E+YLru+Q@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 20 Feb 2024 10:19:55 -0600
Message-ID: <CAN8C-_J5=FJb5FNx-FTSO33B88wfcgZCUfBoauOaVo8vWF9=9w@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000555fc40611d29591"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/nuegyBKTyplzjpk34aI4kniaqsI>
Subject: [OAUTH-WG] Fwd: [media-types] Last tracker issue for mediaman-suffixes
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 16:20:12 -0000
See the following PR related to registrations of media types that rely on multiple structured suffixes, for example: application/foo+bar+cose would require `+bar+cose` , `+cose` application/foo+bar+jwt would require `+bar+jwt`, `+bar+jwt` application/foo+bar+sd-jwt would require `+bar+sd-jwt`, `+sd-jwt` Manu, please make sure I translated the text from the PR to examples meaningful to the JOSE, COSE and OAuth working groups. If you feel this message should be reviewed by other lists, for example: - https://openid.net/wg/digital-credentials-protocols/ - https://www.w3.org/community/wicg/ Please forward a link along to them. For context, the intention of the W3C VCWG appears to be to register a lot of media types relying on structured suffixes: For example: application/vc+ld+json - https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240218/#iana-considerations application/vp+ld+json - https://www.w3.org/TR/2024/CRD-vc-data-model-2.0-20240218/#iana-considerations application/vc+ld+json+jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vp+ld+json+jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vc+ld+json+sd-jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vp+ld+json+sd-jwt - https://w3c.github.io/vc-jose-cose/#media-types application/vc+ld+json+cose - https://w3c.github.io/vc-jose-cose/#media-types application/vp+ld+json+cose - https://w3c.github.io/vc-jose-cose/#media-types +jwt is already registered https://www.iana.org/assignments/media-type-structured-suffix/media-type-structured-suffix.xhtml ( https://www.rfc-editor.org/rfc/rfc8417.html#section-7.2 ) +ld+json is requested to be registered in https://w3c.github.io/json-ld-syntax/#structured-extension-ld-json (an W3C Editors draft) +sd-jwt is requested to be registered in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-07#name-structured-syntax-suffix-re (not yet an RFC) +cose is requested to be registered in https://datatracker.ietf.org/doc/html/draft-ietf-anima-constrained-voucher#section-16.5 (not yet an RFC) My understanding of the proposed PR text would be that there is no need to register additional structured suffixes to support the intention of the W3C VCWG, because: All the suffixes mentioned above are either already registered (+jwt), or in the process of being registered (+ld+json, +sd-jwt, +cose). After all the suffixes have been registered, it will then be possible to request registrations of subtypes that rely on them, namely: application/vc+... application/vp+... We may also see additional structured syntax suffixes registered for other security formats in the future, for example: application/cesr might register +cesr - https://mailarchive.ietf.org/arch/msg/i-d-announce/FvL1rLC1SCyTBRnu92At9Wncd2Y/ <https://mailarchive.ietf.org/arch/msg/i-d-announce/FvL1rLC1SCyTBRnu92At9Wncd2Y/> - https://www.iana.org/assignments/provisional-standard-media-types/provisional-standard-media-types.xhtml#Samuel_M._Smith I can imagine perhaps `+mdoc` in the future, or perhaps mdoc might use `+cose` since AFAIK, mdocs are cose-sign1 based credentials. I'd like to see the suffixes draft make it to WGLC (with more reviews), and appreciate Manu sending this email out in order to gather feedback with sufficient time to address it before 119. Regards, OS ---------- Forwarded message --------- From: Manu Sporny <msporny@digitalbazaar.com> Date: Mon, Feb 19, 2024 at 12:44 PM Subject: [media-types] Last tracker issue for mediaman-suffixes To: IETF Media Types <media-types@ietf.org> The only item of concern that was raised during the last IETF was the notion that one wouldn't have to register "intermediate" suffixes[1]. The PR above corrects that by implementing what I believe many of the people in the room (and on the tracker) were arguing for, including Alexi and Darrel: https://github.com/ietf-wg-mediaman/suffixes/pull/21 That is the last PR for the last tracker issue for the mediaman-suffixes draft. Speaking as an Editor, I think we're done here with all of the items that we can get consensus on (we'll see if others disagree). Once I have enough reviews on the PR above (end of week, probably), I'll cut a new version of the draft and send it out for review (next weekend, probably) before the next IETF. -- manu [1]https://github.com/ietf-wg-mediaman/suffixes/issues/20 -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/ _______________________________________________ media-types mailing list media-types@ietf.org https://www.ietf.org/mailman/listinfo/media-types -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries> -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [OAUTH-WG] Fwd: [media-types] Last tracker issue … Orie Steele
- [OAUTH-WG] Fwd: [media-types] Last tracker issue … Orie Steele
- Re: [OAUTH-WG] [media-types] Last tracker issue f… Carsten Bormann