Mohamed Boucadair has entered the following ballot position for draft-ietf-oauth-selective-disclosure-jwt-19: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi Daniel, Kristina, and Brian, Thank you for the effort put into this specification. The theory of operation is well-explained with clear role and adequate cross references to link the various actions. Thanks to Tiru Reddy for the OPSDIR review. I'm echoing below two main points, but I trust the authors will follow-up with Tiru for all the points he raised. # Error reporting and troubleshooting In environments with multiple parties involved (e.g., issuer, holder, verifier), failures may be hard to identify. It would be useful to describe how error reporting and troubleshooting can be handled in a privacy-preserving way. # Computation overhead Consider including discussion on the computational and network overhead associated with SD-JWT. # Nits Please find below some very minor nits: # Please expand “JWTs” in the title. # get rid of “often” in the introduction s/is often secured/can be secured s/is often used/is used # The discussion about RPs was confusing to me as I didn’t find any such mention in RFC7515/7519, but finally find it in OpenID.Core. Also, it wasn’t clear to me at that point how this relates the Issuer/Holder/Verifier roles defined in the specification. Cheers, Med _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
