Link up front: https://datatracker.ietf.org/doc/draft-lemmons-composite-claims/
This is new work I'd like to see if there is interest in. I have a specific need for these particular CWT claims, but they're completely general and not specific to my use-case. I have a draft linked above, but the core concept is that sometimes, you need to compose claims with boolean logic or encrypt the claim contents. For example: I am Chris or David, but I decline to tell you which. If that's ok with you, you can accept my credential. Or to encrypt a claim, consider: I have a bearer token with a claim about who I am, but it is encrypted, and a claim for what I am authorized to access, which is in the clear. A processor that only cares about the latter doesn't need a decryption key for the former, allowing the token to be processed by an entity without revealing the identity to the processor. And lastly, it defines a crit claim for cwts, which doesn't exist yet. I think this document should be very simple and direct in scope. It shouldn't need to go into detail about all the possible way these elements can be composed. It just needs to register the compositions and explain how they can be safely used and how they must be processed. What are your thoughts? Would it be worth a few minutes of agenda at 118 to explain and answer questions, if we have time available? _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
