Thanks for the response Martijn! We would really like to get this change in before the cut-off next Monday since it seems to be one of the last open discussion points. The current proposal in the PR scopes the usage of the EKU OID to mechanisms that register in the JWT/CWT status mechanisms registries established by this draft and I do believe that is a reasonable compromise.
Are there any strong objections to that proposal? Otherwise we would propose to merge the PR (https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/284) on Monday. Best regards, Christian > On 3. Jul 2025, at 21:55, Martijn Haring > <martijn_haring=40apple....@dmarc.ietf.org> wrote: > > Hi all, > > I’m sending this message on behalf of ISO/IEC JTC1 SC17 WG10: > > WG10 would like to express their support for allowing the OID to be utilized > for other entries within the status mechanism registry. > > WG10 is currently working on the second revision of ISO/IEC 18013-5, which > will include support for the status mechanism. This revision will support two > mechanisms: the Status List mechanism, as defined in the Token Status List > specification, and a very similar mechanism called the “Identifier List” > mechanism. > > The Identifier List mechanism is based on the Token List specification, with > the exception that it contains a list of revoked identifiers. However, it > otherwise uses the exact same structures. > > To ensure that the Token Status List specification is as close as possible to > the Token List specification and to be compliant with a potential future IETF > standard that would standardize the Identifier List mechanism, WG10 has > collaborated with the editors of the Token Status List specification. > > Therefore, it would be ideal if the same OID could be used for both the > status list and identifier list implementations, rather than specifying an > OID for the identifier list within the ISO specification. > > Additionally, WG10 intends to modify the definition in a future revision of > ISO/IEC 18013-5 to refer to an IETF specification if the IETF has specified > the identifier list mechanism in the future in a way that’s compliant with > the current mechanism in ISO/IEC 18013-5. It would be unfortunate if the need > to specify an OID within the ISO/IEC 18013-5 specification would make this > process more challenging. > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
