Another follow up to my previous follow ups (sorry!): Kristina has added to that PR that was previously mentioned with changes aimed at addressing all (I think) of the DISCUSS comments: https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/575
And I just did this PR with changes aimed at some of the non-blocking comments: https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/577 On Thu, May 22, 2025 at 11:07 AM Brian Campbell <[email protected]> wrote: > As a follow up to my prior follow up, Kristina's PR > https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/575 has > prospective changes aimed at addressing some of your comments and plans to > add a few more such changes. > > On Thu, May 22, 2025 at 8:51 AM Brian Campbell <[email protected]> > wrote: > >> a follow up on just one item is >> >> On Tue, May 20, 2025 at 4:20 PM Brian Campbell < >> [email protected]> wrote: >> >>> ** Section 7.1 >>>> * the Issuer-signed JWT is valid, i.e., it is signed by the Issuer, >>>> the signature is valid, it is not expired, it is not suspended or >>>> revoked, etc., and >>>> >>>> Where are the validation procedures specified? Is that Section 7.2 of >>>> RFC7519? >>>> I’m concerned by the “etc”. >>>> >>> >>> It's a fair concern! The two bullets at the beginning of 7.1 aren't >>> meant to be comprehensive, however, rather just giving a general idea of >>> what needs to happen. The full set of verification steps follows in the >>> numbered list. >>> >> >> Kristina, in this PR >> https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/575/files, >> suggests simply changing that bullet in 7.1 to "the Issuer-signed JWT is >> valid, and" which seems like it'd be a reasonable outcome there as well. >> Maybe better than reasonable. >> >> >> >> > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
