Re: [OAUTH-WG] Call for adoption - SD-JWT

Brian Campbell <bcampbell@pingidentity.com> Wed, 10 August 2022 19:23 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BAB7C14CF05 for <oauth@ietfa.amsl.com>; Wed, 10 Aug 2022 12:23:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xykgh1qEQ3po for <oauth@ietfa.amsl.com>; Wed, 10 Aug 2022 12:23:17 -0700 (PDT)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7911BC14CF13 for <oauth@ietf.org>; Wed, 10 Aug 2022 12:23:17 -0700 (PDT)
Received: by mail-yb1-xb31.google.com with SMTP id e127so24837694yba.12 for <oauth@ietf.org>; Wed, 10 Aug 2022 12:23:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=v4NibYKQPidxyuPKeu25g+vHPe3yzLDp0c8+Fn0Wlc4=; b=KNSQKlr3Lk3XhxLHaenNhtN8Zf7QtcLXD+xcB3S1sEGtEWUUcIsU8bt5vpvEOTLY+J 27SvvoWmv4Fn4GYrFyeoxxbfnqJhHTZEeUuD0rrq+p4e6c0wirG4GyAxzl/LxRN3/jM1 PtgO9ZGE4QMtpOpuT2uwXKj5B9RtgKaElpNW2B7UCBsV3OVoxRCrVhbKFQu+T3gOZ9ta yTUy8IV1RRTBTqniD6pSVcmywWVWe94OfzxaMyjFktdSYs0q3xGoj4tWf90Dm4j1Z/1g aNbThF3rOlXr1HF/7RPTYQUQCzl5ZOlqJlbXZ9pNaF1/2iTnZtv+d2oFYqYKD6vPzkb6 sJpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=v4NibYKQPidxyuPKeu25g+vHPe3yzLDp0c8+Fn0Wlc4=; b=lNL8kvYuMA1jJ/TSJf8GENWgy6wsWr8Kfg4/tLQY++12GDR737soaqsOhVDEbV42dE FCKlq5h7p+8Dv/E43iCL/xzTShadmPboTjJi8eL2i7oqNIJwUAkxKkEy1GvosDoh46hO RJs+ip2szJzBD5TlOKXA7xzsjwWrLytsw7SQnRsS9mAw9MRU2b+EZZQMw75mo82v7THI JcNU8n4Fo/7x6NTzh1dvd6BIM4nd+T5zyqGVdXKGwNB2fzO+7Ke0mBDJA2txC30z4fhH t3SoPibaaSlI8RWoT1qiVimlSaqy4mHx+//V/VWEqDarRJ3Iv1Na4u+nhPpjzHKd06CE 3XXA==
X-Gm-Message-State: ACgBeo3d4CVvZFcCqB2u5G7yIk6Ks75asdxYxE3A1X0ObTnICyhKIIcO oeD0hKdtGjvGlWAqgoAKtH9yLrbmukg/i330H5sr/dZTWieoVz/FNb5IO3PfiPnPMHUUF2Rj61O 3BFYg+J3XbI67ZA==
X-Google-Smtp-Source: AA6agR6J7cwlhfHgifp8YYCbXDG5TK6F40n6FVETjkIID+KM8I9QhH/x2mkF+5xknulVLPynB2iBSXu8+lAjyf5SSnk=
X-Received: by 2002:a05:6902:1145:b0:67b:7c9b:2f6b with SMTP id p5-20020a056902114500b0067b7c9b2f6bmr25331263ybu.256.1660159396468; Wed, 10 Aug 2022 12:23:16 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP9xSXWKV=0nj803fW9xdqgguLWLOpMMQd0Uw3P16LQpfQ@mail.gmail.com> <CABzCy2C_o48+tyqpatFu73bXEZ193pvsVuvurV8q821kN8jT0A@mail.gmail.com>
In-Reply-To: <CABzCy2C_o48+tyqpatFu73bXEZ193pvsVuvurV8q821kN8jT0A@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 10 Aug 2022 13:22:41 -0600
Message-ID: <CA+k3eCSx6Oonq-9EPdwjpCYSiVehbYMj+ds9fAM2gE7Pbw72xw@mail.gmail.com>
To: Nat Sakimura <sakimura@gmail.com>
Cc: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000018f28505e5e7fbc2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/r7rycivLAo22fzQlbZIHR8qPANs>
Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 19:23:21 -0000

As Nat and others have mentioned, JWT itself
<https://datatracker.ietf.org/doc/rfc7519/> is a product of this WG. While
JWT had applications in OAuth, it was developed as a more general purpose
token format and has seen widespread usage. Working on a general purpose
selective disclosure mechanism for JWT in this WG seems appropriate
considering that history.

On Sun, Aug 7, 2022 at 8:53 AM Nat Sakimura <sakimura@gmail.com> wrote:

> I support the adoption of SD-JWT. This is a natural and important
> extension to JWT which is a product of this WG and meets some of the
> use-cases that we left out years ago with relatively simple cryptographic
> techniques.
>
> On Fri, Jul 29, 2022 at 9:17 AM Rifaat Shekh-Yusef <
> rifaat.s.ietf@gmail.com> wrote:
>
>> All,
>>
>> This is a call for adoption for the *SD-JWT* document
>>
>> https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/
>>
>> Please, provide your feedback on the mailing list by *August 12th*.
>>
>> Regards,
>>  Rifaat & Hannes
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._