[OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt

Steffen Schwalm <Steffen.Schwalm@msg.group> Wed, 13 November 2024 21:34 UTC

Return-Path: <Steffen.Schwalm@msg.group>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17BE0C180B49 for <oauth@ietfa.amsl.com>; Wed, 13 Nov 2024 13:34:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=msg.group
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ft8vRy3aLYME for <oauth@ietfa.amsl.com>; Wed, 13 Nov 2024 13:34:23 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2083.outbound.protection.outlook.com [40.107.22.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA786C14F6FD for <oauth@ietf.org>; Wed, 13 Nov 2024 13:34:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yqPQltB8e5eXG8PhPO7YubEcQagpmITIbfibWhbJU3GubrmEZ/j5Jh9GkVgE9zkzUK+avXVv6IkNnsH2j1tQh+kVQj9mhGVWsoAq9+SOJ28QOXLcVkbAyN0y/JoUAWhbe3mwhWoU3BnXXsVJ55DuC3Pb6N9bhqrCA17VJtOpUNTQkxti03Gui8UIEtz8QsLhcslyY9P4dQb48NCZ9nkXyLEYIa99hWgyCBYruEG96bPEuvBBlf5BSYpHa9cs3NdH0FYiJTe2I2B9Q7MI4yybionZizt1L9cW1e4BNL4NjbJSMBm8ac1dhx2zpZ3exZEvWd0YDvuK+PxKM3QBDvQy5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CAwnm4KvHFYMapnwInOH0Db1lvfpAhzVhC275R9jvvs=; b=WDWV+1i+Wsjmd+QPFfJj6vfRSS/W8SeTRDPh06hWWp9WSRj3WCT+D4EqN4jGfNowcem0IcdOPn0fmve7v0neaPXn0Y9Fgpibvvxf5EA2hXsZSQwZt7J5N5YUeuI2RdRI4fxa7vq557gi0xyLYGaWWZFOWPE7GqWOmsx4DvvZ7mDEBS4OEV+DtjXzY+M03/AJAQSzmp19VYuyRRT9Nb7lt0BCSK7RB+udf1jT6eFcDjebcDQwzTgNFWvABpCNtnlkeoJKK8oP844GsjcNYSffIRz9N5acbEp4r3ZhoeWmSycFmy/cgix5RdQKfsJuZdKVW2nJzfxLfcOzFJrqg5CuOA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=msg.group; dmarc=pass action=none header.from=msg.group; dkim=pass header.d=msg.group; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=msg.group; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CAwnm4KvHFYMapnwInOH0Db1lvfpAhzVhC275R9jvvs=; b=lQwA0MJYCKATv+NIe1GkaH0xgp6IEuTzSc72yjHYXZU1fmCv1CRCaVZCFiCLx01ndkTbgtG1ZLu8V2Az0sCtoj1+vSaX1xiRWNbMQOuMxalsB7yX34IZxrelWhV51V2+pCz7VxA7dx13ptxN0oXPNSxBNY661hJUXlufLQWJQyWE5nyK0T0LeFhze/4lRRm6TqqKf/tTD3S1U6A6+b23KqdAv7x5C7Cb1hrEsoU9d3GViLmLi3FstKiPvPtJiZZhVCI0M1vffAsIdzdod/jRWfsM+IlmQHO6oNzPHmXaEeSCBqdNSAGrGA5Nv+DGAmKftL/1cZByqvp9kXIMqYxioQ==
Received: from AM8P191MB1299.EURP191.PROD.OUTLOOK.COM (2603:10a6:20b:1e4::17) by AS4P191MB2063.EURP191.PROD.OUTLOOK.COM (2603:10a6:20b:4b2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8137.28; Wed, 13 Nov 2024 21:34:19 +0000
Received: from AM8P191MB1299.EURP191.PROD.OUTLOOK.COM ([fe80::252c:da1d:9d86:7765]) by AM8P191MB1299.EURP191.PROD.OUTLOOK.COM ([fe80::252c:da1d:9d86:7765%4]) with mapi id 15.20.8158.013; Wed, 13 Nov 2024 21:34:18 +0000
From: Steffen Schwalm <Steffen.Schwalm@msg.group>
To: Daniel Fett <mail=40danielfett.de@dmarc.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt
Thread-Index: AQHbNg+ja8FCONL2fku7gNvzujBvA7K1t8Rw
Date: Wed, 13 Nov 2024 21:34:18 +0000
Message-ID: <AM8P191MB1299BB5A33EF566AC23B9EC2FA5A2@AM8P191MB1299.EURP191.PROD.OUTLOOK.COM>
References: <173153074770.1068691.9710905485591752899@dt-datatracker-5f77bcf4bd-4q5pd> <41e7b267-f119-4ef9-bce1-5f8db2b9589a@danielfett.de>
In-Reply-To: <41e7b267-f119-4ef9-bce1-5f8db2b9589a@danielfett.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_ActionId=6d5b09d8-82d4-4c83-9373-e5aad662a099;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_ContentBits=0;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_Enabled=true;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_Method=Standard;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_Name=Alle Personen (kein Schutz) - Any persons (no protection);MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_SetDate=2024-11-13T21:21:04Z;MSIP_Label_0e821cde-48ad-4065-9a7a-ac3e26dfc9d5_SiteId=763b2760-45c5-46d3-883e-29705bba49b7;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=msg.group;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AM8P191MB1299:EE_|AS4P191MB2063:EE_
x-ms-office365-filtering-correlation-id: f813062a-e2da-49ea-e549-08dd042aee3a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|4022899009|1800799024|366016|8096899003|38070700018;
x-microsoft-antispam-message-info: Fu4k0Ekx/wUxTIV1HoDhMAU9h9+jwA8URIliDfz5DgFEbBrWtBh9wGUTyyJwl6KogOm/YRZLLavqXC6094uRugXyMirfsC18CzxBhJ+HdKAMD3ehwJL4qPuEaanmBiMRQtHJOHTFHM8kP4yGeufR8h6loMV/NhpdqNHX6xX3ixmRrkVKIbPsE0HktSpg2G8V9eeB65A3/yFg0APHDhfudzwSNfHwPXIFzcRDHaT+sfz8MGEbodafjGKAltXuVGSnWQJW+nQUaMKLZrA+MbMl1XemmootDqDH3EmAkIq61BoR8yRd7OuVvLKPXvyf5G+f09tTxJIVc18WnrKUdkVO5RGfGzG5poQEbuVqcoPmGPZXnws4gbXegpEOkTyPHadZvyje46ZkIdQ55yqlDkyHSrvN6PSL3AbUtAweOPGYLVwxTQWbFQlEy5JTIQy3R+7Smf7tHSq5tKnwjSE4cMmO6rzMoHSyR52Z/lifpv1XA8ldEbsOZn3gpAgqIDZBobrBk3N8yfr+g0miYudfapKZCg474ORGRfEwwpVjktpG4TsTORfadQNYaMmPrcg/bUhcNSpW1Ocm7+8+W+GeuByZgInTevOGE7mkGG7O+mZSLyBMAtl83sExSXdir/zHR75ERjBKu1QwXLRHTf0w3yoBS9z9/YKF3Zt6xOfmeS9Bc2gYK0jWdk/XEagfD6XCXKDpj9ZJA/1S3Kr36jq5I6hhICL4x2oVx1/JiMq5sd4vvCAkBenlFFkuIObkqTERNltssipATvZesOZabskdaxCuCQKL7R1YxMzKzptIGRix/1vl+BwtTSyAZXFCjuxvckaAXu6CPJmXLCN/RnUsIsx70MCqyrm7AkVkAIlLqx3z9ZLBd2Yfls8wT4GUk0uPFmKPGF2/Saijbu8M0PY6UaB8gt+D9cn3uU6Hzu9W4ZTUm3sRVTzXd5XQe5T0ThWqzmHa2FjfJrjecsM3J/WPNj2Hf5Ig9UUaeHea1QuJtg4g8GSzKA1P0qDKLWQY8N6C/lz22VfPwYKkWZyyfS8I13C4spIBeIGDYKM4ZRWOjOhiCJHwcI9jdA6nPap1dbr7id1HTaBvEngPTEdIlI/cER28L5JrXtRRC1eLN1PUmkGAI9hPFNnICOHfaZNUPz9Lexz4rAN3q9zOyH3u22LFs87AzITh2IYk1FZs1KZ9CjuXHSvj6QUK+3JjfHTDm4pO/oH24OIsZulgRYTOgSOqtupgyIsjoDYnGRdFXMgZKDp/mgJ48Pl81BuO8XwnNnXH3ZSRWetsRpFXLosO1rTbbA/O1Ll9kzBpUi24lVkfZBkRcMKx5CZzpilcsHrEogFGQe0d/lIMN4zo4ae1shMOJw6rCg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM8P191MB1299.EURP191.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(4022899009)(1800799024)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sDEi+i6ILhf9na9pGMku9vvRc1QX4omTqpuU3TPcK/rTE2fb3Yy9n29/bnlrJvxxtZLEyEDJy1QcM3UrNrCJSXYOeWXPTVILcNKP4qjdkaGOkkbxiOG41+h2EzAAJhq5kqx79bUSJAEAcIeV5BP4WxmaqebUkvHRlby0otPc1HJSt4KC6kyvUWBHxrnmu/4AEpiKJkUw7woiuAjUlp+72988HpqsEAENkEVZ03M92IwPjZBDpZjOiFnmMzY/LQrw47gdN1C7Ev4KMHrtxwv/fyR0BI+Hz74RPAmhBNcFd1yQ2yrAWYYa+vh7tWUlgULG3K5nx+XiTGRYgNLIGP6QhhlSJooVz1m6Xf0blEMDq4k+3eYY+aE9mBMcRQ3OnGY2QeQBj78EUq9GnrzBSzsvIk01wtRqodEqNWCxJkoP5ztyLct5sEFom4LMZ5j2Oc6y/A2It4EO65HsUOEoz3J5GcWohiTkKqiJg/raIKl+w5sWN2A7qGeU1um7MOU6n02PeTO2BIMMdVzViPMcXr2aXzUb3hlyn2raI+LExtOTqCg2gxkRcvAQKnBJlou/DAOViEaEOCtRNwtGH1X1s/Jo6gzC9EjTuB5QElFjOyOWji9sZZ2fseXRMCe/ZOU2XrXfPCyY6OXbY2Vle7gbxez0FxOfCXbXSO7D/zyoQ2c9TbzPw8IWRz5IjZ2TMvdMj2A4tVZM10IXfxN4hKTEamYjZxrZhJT61bAbhYCPak8KFfYAp4djPFky27VDi8u226X45QEGay638ZklAc6l9BJXBNAUPeVqIkbyWJOiItZekxQ+bF8ssp4+6Z9ZG/pIvWpKccZfB2elCAyLNJ66JgZ3bQOLsCGVgjPcTaJ12Mi+v1KLv+FYkCXKKunWBZpdenuf+YapmLjBZ7ZBWwHR63dyf4xMCavxklZz6Hlkd4H9/JWTXuCZU4Q7nWoGMkj5nYgDKcm8NmdmMoGm8lOk73ZXOyoqo+D+UBJ9BIP5aYhlcKr68WW6kREM2M5KvaKviXRYYGXnIKtddnPOrq9jKa9Hp23ml3hKEcHgFH52Pzr+LYaEnElaPBlkqReej9DymMdxBrnekxnHpeckocMiDKjG9Xe9T0IOm/pazBS30wFS16OpYMfjOFATcut9Dm543zKkVvSL02wkjjnuxYj9G8Bjt2goQK3JiO0kZIU0qCPWBtsVl02NMfmqnzvTlpHFcvrOEj4JSAEVlSEzDkErf7HIzaVZObElQb9L9vGzBhKE/5UaRa4Y8welDu7mvDEeP3A30LAPCTnWIptKjEHsU+WLMh9T7Patbyi/xT0JLKBbqI6fnhEQWhazARQoO4rHgXnCiFDpDKKV0kTN1NvDMkWkQBLrCl2pGLDb1Wg9Shmg047R+2XeF8TXwgs4kZ/R74c/sFd6Rh3+xCiy2lZov4dhwQ4jaUe9OGcP33ZomqaIkVDPsg7QyRng/QKEXfy/Y36vF0+yHBhUl3MhzfuR6zdNfXCQ4SXyN7+nDTtuFqYgAedakZ8nli4yPVZjcqj1x4uOjJa6OoOnRyNohHkHm5E5Ga2xSZHjUasSXq5kf+QWH2FRRo6xUS7VzphrV4mxlGJd0iHABjL9Eeg0JsZK7VcQ4A==
Content-Type: multipart/alternative; boundary="_000_AM8P191MB1299BB5A33EF566AC23B9EC2FA5A2AM8P191MB1299EURP_"
MIME-Version: 1.0
X-OriginatorOrg: msg.group
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P191MB1299.EURP191.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f813062a-e2da-49ea-e549-08dd042aee3a
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2024 21:34:18.8005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 763b2760-45c5-46d3-883e-29705bba49b7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /qqcSC0ArI9zERwm81+nyo4XcXm7mY2Z5XO6jMdUYCUl7UqNwTJpmWJC6dtSF4iaINodcRgJ4Ln7g3JWj5ScjgUfF6D3xh7JLeF+VWeiCk4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P191MB2063
Message-ID-Hash: RXC3FE63Y4SAE4IKLCO3TQXAKLFRFCFY
X-Message-ID-Hash: RXC3FE63Y4SAE4IKLCO3TQXAKLFRFCFY
X-MailFrom: Steffen.Schwalm@msg.group
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/vKElQksaCUxzBQAxd5G5kb6wfZ4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Hi Daniel,

great work! Looking at [1] and [2] there`s obviously no consensus – which implies a breach of Sections 1.2, 5 and 9.2 of the IETF Directives on Internet Standards Process. An assumption is great but not sufficient as in any standardization body. According to IETF rules the consensus shall be ensured before announcement of new version.

The profiling you suggest is technically the worst solution as it leads directly to additional effort to ensure interoperability between fundamental standard and its profiles and extend complexity unnecessarily. Means the inclusion of DID in SD-JWT-VC shall be discussed with the relevant experts such as Markus Sabadello, Alen Horvat etc. Decision making based on actual consensus not assumed one.

Formal appeal acc. Section 6.5 of IETF Directives on Internet Standards Process will follow in case the IETF directives will still be ignored.

Best
Steffen

Von: Daniel Fett <mail=40danielfett.de@dmarc.ietf.org>
Gesendet: Mittwoch, 13. November 2024 21:03
An: oauth@ietf.org
Betreff: [OAUTH-WG] Re: I-D Action: draft-ietf-oauth-sd-jwt-vc-06.txt


Caution: This email originated from outside of the organization. Despite an upstream security check of attachments and links by Microsoft Defender for Office, a residual risk always remains. Only open attachments and links from known and trusted senders.

Hi all,

we are happy to announce version -06 of SD-JWT VC. In this release, we're updating the media type from application/vc+sd-jwt to application/dc+sd-jwt (for background, see Brian's excellent summary at the IETF meeting last week [0]).

This version also removes references to DIDs in the specification, while leaving the door open for those who want to define a profile of SD-JWT VC using DIDs. The previously provided text on DIDs was underspecified and therefore not helpful, and a more complete specification would exceed the scope of this document while interoperability issues would remain. We think that those ecosystems wanting to use DIDs are best served by defining a profile for doing so.

We would like to point out that there are concerns about this step raised both in the respective issue [1] and in the pull request [2]. While it is our understanding from various discussions that there is a consensus for the removal of the references to DIDs in the group, this change had not been discussed here on the mailing list before. So we'd like to take this opportunity to do that now.

As a minor point, this version adds the “Status” field for the well-known URI registration per IANA early review.

-Daniel



[0] https://www.youtube.com/watch?v=LvIBqlHkuXY

[1] https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250

[2] https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/251
Am 13.11.24 um 21:45 schrieb internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>:

Internet-Draft draft-ietf-oauth-sd-jwt-vc-06.txt is now available. It is a

work item of the Web Authorization Protocol (OAUTH) WG of the IETF.



   Title:   SD-JWT-based Verifiable Credentials (SD-JWT VC)

   Authors: Oliver Terbu

            Daniel Fett

            Brian Campbell

   Name:    draft-ietf-oauth-sd-jwt-vc-06.txt

   Pages:   53

   Dates:   2024-11-13



Abstract:



   This specification describes data formats as well as validation and

   processing rules to express Verifiable Credentials with JSON payloads

   with and without selective disclosure based on the SD-JWT

   [I-D.ietf-oauth-selective-disclosure-jwt] format.



The IETF datatracker status page for this Internet-Draft is:

https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/



There is also an HTML version available at:

https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-06.html



A diff from the previous version is available at:

https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-sd-jwt-vc-06



Internet-Drafts are also available by rsync at:

rsync.ietf.org::internet-drafts





_______________________________________________

OAuth mailing list -- oauth@ietf.org<mailto:oauth@ietf.org>

To unsubscribe send an email to oauth-leave@ietf.org<mailto:oauth-leave@ietf.org>