On Wed, May 21, 2025 at 2:53 PM Mike Bishop via Datatracker < [email protected]> wrote:
> Mike Bishop has entered the following ballot position for > draft-ietf-oauth-selective-disclosure-jwt-19: No Objection > > COMMENT: > ---------------------------------------------------------------------- > > Thank you for your work on this document. It looks solid; my comments > below are > intended to improve the document and can be incorporated at the discretion > of > the authors and the responsible AD. > Thanks Mike, I will endeavor to coordinate with my co-authors and responsible AD to appropriately exercise that discretion. As others have noted, introduce the term SD-JWT in the Introduction and > fully > expand it in the title of the document. It also feels slightly strange > that the > title of the document is only one of the two primary formats defined > within it. > Is there a title that would encompass both? > > SD-JWT and KB-JWT probably don't need definitions in the Terminology > section, > as they've already been introduced in 1.1 and the entire document is their > definition. > > Section 3: > - "For data that the Holder does not want to reveal to the Verifier, the > Holder > MUST NOT send Disclosures or reveal the salt values in any other way." This > isn't a normative requirement, it's a statement of what this specification > enabled. For data that the Holder does not want to reveal to the Verifier, > it > can withhold the associated Disclosure and the Verifier will not be able to > recover the content from the JWT. - Remove "(for those who celebrate)" > > Section 4.1: The payload here is specifically a JWT, not just a "JSON > structure" or "JSON object", no? Use that more specific term, if so. The terminology in all this can get confusing but the payload is a JSON object. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
