It's not that the people I have spoken to didn't like the idea of SD-JWT. It's just on a different layer than JWPs, using a different approach, different crypto, providing different features, and on a different timeline. There's no compelling reason to have both in the same WG. There are nonetheless good reasons to have SD-JWT. Having SD-JWT in OAuth WG is not an attempt to "backdoor" anything in!
I also didn't say that we should adopt SD-JWT because it has been implemented. You took my statement out of context. I wanted to underline that the spec is practically feature-complete and can be implemented today, providing the features promised. Meanwhile, JWP is not there yet. But, SD-JWT is not in production yet. If the OAuth WG decides that substantial changes are required, now is the best time for that. Also, I wanted to highlight with my statement that SD-JWT is easy to implement due to its simplicity. -Daniel Am 5. August 2022 11:28:49 MESZ schrieb Warren Parad <wparad=40rhosys...@dmarc.ietf.org>: >Maybe they have a good reason for not wanting it, and then we shouldn't be >the WG that backdoor's it in. Also: "other people have already implemented >it" is a cognitive fallacy, so let's not use that as a justification we >have to make the standard. > >We should get a concrete reason why a WG that seems like the appropriate >one, thinks it wouldn't make sense. If it is just a matter of timing, then >whatever. But if there are concrete recommendations from that group, I >would love to hear them. > >On Fri, Aug 5, 2022 at 10:26 AM Daniel Fett <fett= >40danielfett...@dmarc.ietf.org> wrote: > >> Am 05.08.22 um 10:22 schrieb Warren Parad: >> >> > and nobody involved in the JWP effort thinks that SD-JWT should be in >> that WG once created >> >> Why? >> >> For the reasons listed, I guess? >> >> Also, mind the "As far as I am aware" part, but I don't remember any >> discussions in that direction at IETF114. >> >> -Daniel >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth