I gave the -12 revision a read. Thanks for the great work Brian, Kristina and Dr. Fett.
One thing that I find confusing is the term “Issuer-signed JWT”. Isn’t it self-evident that a signed JWT is signed by its Issuer (that is its creator as defined in the spec)? I think, the spec would read just fine if “Issuer-signed JWT” was replaced by “signed JWT”. Section 5.1 called “Issuer-signed JWT” could be renamed to “SD-JWT payload”, that’s after all what it’s about. Also, I noticed that currently the term “Issuer-signed JWT” is never formally specified. Speaking of terminology, I noticed that the TOC contains both “1.2 Conventions and Terminology” and “2. Terms and Definitions”. What’s the difference between terminology and terms? I suggest to rename the sections or merge them. On the subject of terminology, Disclosure is defined as > Disclosure: A JSON array containing a combination of a salt, a cleartext > claim name (present when the claim is a name/value pair and absent when the > claim is an array element), and a cleartext claim value, which is > base64url-encoded and used to calculate a digest for the respective claim. > The term Disclosure refers to the whole base64url-encoded string. I instinctively read “a cleartext claim value, which is base64url-encoded” and not the array being base64url-encoded. I suggest to emphasize the “base64url-encoded string” in the definition. For example, a Disclosure could be "A base64url-encoded string of a JSON array that contains a salt, a claim name (present when the claim is a name/value pair and absent when the claim is an array element), and a claim value. The Disclosure is used to calculate a digest for the respective claim.” Typo in 4.1 SD-JWT and Disclosures: > An SD-JWT MAY also contain clear-text claims that are always disclosed to the > Verifier. “clear-text” should say “cleartext”. Regards, Judith > On 3 Sep 2024, at 17:04, Brian Campbell > <bcampbell=40pingidentity....@dmarc.ietf.org> wrote: > > Thanks Rifaat & Hannes, > > In an effort to make the most up-to-date content available for the WGLC > period, a -12 revision was just recently published, which contains a number > of editorial improvements. > > https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html > > Respectfully, > Brian, Kristina, and Dr. Fett > > > > On Tue, Sep 3, 2024 at 4:40 AM Rifaat Shekh-Yusef <rifaat.s.i...@gmail.com > <mailto:rifaat.s.i...@gmail.com>> wrote: >> All, >> >> As per the discussion in Vancouver, this is a WG Last Call for the SD-JWT >> document. >> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html >> >> Please, review this document and reply on the mailing list if you have any >> comments or concerns, by Sep 17th. >> >> Regards, >> Rifaat & Hannes >> _______________________________________________ >> OAuth mailing list -- oauth@ietf.org <mailto:oauth@ietf.org> >> To unsubscribe send an email to oauth-le...@ietf.org >> <mailto:oauth-le...@ietf.org> > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately by > e-mail and delete the message and any file attachments from your computer. > Thank you._______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
