Thank you Roman for the super prompt and thorough review!
We went ahead and published draft -10 incorporating your feedback and the
changes described below. We are happy to make further changes as necessary,
of course.
Comments Inline
>** The text uses the phrase "authentication level" a few
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Step-up Authentication Challenge Protocol
Authors : Vittorio Bertocci
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Step-up Authentication Challenge Protocol
Authors : Vittorio Bertocci
Hi Kai! The selective disclosure draft has a take on how to preserve
privacy which I think is promising and seems fitting for some scenarios
that I work with.
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-02.html
Regarding RAR I guess that handling the privacy issues
Hi Justin (and Brian),
(I somehow only received the reply from Brian and not the one from Justin.)
I agree that the privacy issue is broader than RAR itself as any claim inside
of the JWT could potentially hold private information.
Although I understand that nested JWTs can be used to encrypt
