Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Paul Bastian

Regarding #1:

We gathered a lot of feedback and many people agreed here ( 
https://github.com/vcstuff/draft-ietf-oauth-status-list/issues/74 ) that 
the title seems reasonable. If people do not agree now, I'm happy to 
discuss so in Prague.


Regarding #2:

I'm sorry that we forgot to publish -00 as is after the adoption. One of 
the co-authors was unavailable and we had barely any time to discuss 
things before the cutoff. However, calling these changes "significant" 
is an overstatement in my opinion. We merged three commits which 
included acknowledgements, renaming Verifier to Relying Part and an IANA 
consideration. As we were in time troubles, we decided it seemed 
reasonable not to revert these as we considered them not significant.


Best regards,
Paul

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Orie Steele
inline:

On Mon, Oct 23, 2023 at 11:04 AM Kristina Yasuda  wrote:

> > I find the new name "OAuth Status List" confusing. While I understand
> wanting to remove "JWT" and "CWT" from the name, I was not aware of that
> discussion during the call for adoption. I would suggest renaming this to
> "OAuth Token Status List" instead.
>
>
>
> I would suggest removing “OAuth” from the title of the draft and make it
> “Token Status List”. “OAuth Token Status List” sounds like status list
> mechanism defined in this draft is only for the tokens used in
> OAuth/RFC6749, which it is not.
>
>
>

+1


> > I also noticed that there are significant changes to the draft between
> the individual and working group versions. Typically it is better to post a
> verbatim copy of the individual draft as the adopted version, and then make
> changes in a -01 version.
>
>
>
> Huge +1.
>

+1


>
> Best,
>
> Kristina
>
>
>
>
>
> *From:* OAuth  *On Behalf Of * Michael Jones
> *Sent:* Monday, October 23, 2023 10:29 PM
> *To:* rifaat.s.ietf ; Aaron Parecki <
> aa...@parecki.com>
> *Cc:* oauth 
> *Subject:* Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List
>
>
>
> To Aaron’s naming points, I would be fine changing the title in the draft
> from “OAuth Status List” to “OAuth Token Status List”, if there’s working
> group consensus to do so.  We could have that discussion in Prague.
>
>
>
> The name change was motivated by feedback from multiple sources that the
> old name “JWT and CWT Status List” was too specific in token types, seeming
> to unnecessarily tie our hands.
>
>
>
> That said, I don’t think we need to change the draft identifier
> “draft-ietf-oauth-status-list”.  I doubt that there’s another kind of
> status list happening in the working group that might cause confusion. ;-)
> Besides, the draft identifier is actually ephemeral.  Should the working
> group draft progress, it will be replaced by an RFC number.
>
>
>
>        Cheers,
>
>                    -- Mike
>
>
>
> *From:* OAuth  *On Behalf Of *Rifaat Shekh-Yusef
> *Sent:* Monday, October 23, 2023 7:48 AM
> *To:* Aaron Parecki 
> *Cc:* oauth 
> *Subject:* Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List
>
>
>
> I also noticed you didn't mark it as replacing the individual draft in
> datatracker. You can email supp...@ietf.org and request that they mark it
> as replacing
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so
> that the history tracks better.
>
>
>
> I fixed that.
>
>
>
> Regards,
>
>  Rifaat
>
>
>
>
>
> On Mon, Oct 23, 2023 at 10:35 AM Aaron Parecki  wrote:
>
> Tobias, Paul, Christian,
>
>
>
> I just noticed the new working group adopted version of this draft:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/
>
>
>
> I posted this comment on Github, but I'll repeat it here for others. I
> find the new name "OAuth Status List" confusing. While I understand wanting
> to remove "JWT" and "CWT" from the name, I was not aware of that discussion
> during the call for adoption. I would suggest renaming this to "OAuth Token
> Status List" instead.
>
>
>
> I also noticed you didn't mark it as replacing the individual draft in
> datatracker. You can email supp...@ietf.org and request that they mark it
> as replacing
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
> so that the history tracks better.
>
>
>
> I also noticed that there are significant changes to the draft between the
> individual and working group versions. Typically it is better to post a
> verbatim copy of the individual draft as the adopted version, and then make
> changes in a -01 version.
>
>
>
> Thanks!
>
>
>
> Aaron
>
>
>
>
>
>
>
> On Sat, Oct 14, 2023 at 5:56 AM Rifaat Shekh-Yusef <
> rifaat.s.i...@gmail.com> wrote:
>
> All,
>
>
>
> Based on the feedback to this call for adoption, we declare this document
> adopted as a WG document.
>
>
>
>
>
> Authors,
>
>
>
> Please, submit this as a working group document at your earliest
> convenience.
>
>
>
> Regards,
>
>  Rifaat & Hannes
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Oct 3, 2023 at 8:51 PM John Bradley  wrote:
>
> +1 for adoption
>
>
>
> On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef 
> wrote:
>
> All,
>
> This is

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Kristina Yasuda
> I find the new name "OAuth Status List" confusing. While I understand wanting 
> to remove "JWT" and "CWT" from the name, I was not aware of that discussion 
> during the call for adoption. I would suggest renaming this to "OAuth Token 
> Status List" instead.

I would suggest removing “OAuth” from the title of the draft and make it “Token 
Status List”. “OAuth Token Status List” sounds like status list mechanism 
defined in this draft is only for the tokens used in OAuth/RFC6749, which it is 
not.

> I also noticed that there are significant changes to the draft between the 
> individual and working group versions. Typically it is better to post a 
> verbatim copy of the individual draft as the adopted version, and then make 
> changes in a -01 version.

Huge +1.

Best,
Kristina


From: OAuth  On Behalf Of Michael Jones
Sent: Monday, October 23, 2023 10:29 PM
To: rifaat.s.ietf ; Aaron Parecki 
Cc: oauth 
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

To Aaron’s naming points, I would be fine changing the title in the draft from 
“OAuth Status List” to “OAuth Token Status List”, if there’s working group 
consensus to do so.  We could have that discussion in Prague.

The name change was motivated by feedback from multiple sources that the old 
name “JWT and CWT Status List” was too specific in token types, seeming to 
unnecessarily tie our hands.

That said, I don’t think we need to change the draft identifier 
“draft-ietf-oauth-status-list”.  I doubt that there’s another kind of status 
list happening in the working group that might cause confusion. ;-)  Besides, 
the draft identifier is actually ephemeral.  Should the working group draft 
progress, it will be replaced by an RFC number.

   Cheers,
   -- Mike

From: OAuth mailto:oauth-boun...@ietf.org>> On Behalf 
Of Rifaat Shekh-Yusef
Sent: Monday, October 23, 2023 7:48 AM
To: Aaron Parecki mailto:aa...@parecki.com>>
Cc: oauth mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I also noticed you didn't mark it as replacing the individual draft in 
datatracker. You can email supp...@ietf.org<mailto:supp...@ietf.org> and 
request that they mark it as replacing 
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so 
that the history tracks better.

I fixed that.

Regards,
 Rifaat


On Mon, Oct 23, 2023 at 10:35 AM Aaron Parecki 
mailto:aa...@parecki.com>> wrote:
Tobias, Paul, Christian,

I just noticed the new working group adopted version of this draft: 
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/

I posted this comment on Github, but I'll repeat it here for others. I find the 
new name "OAuth Status List" confusing. While I understand wanting to remove 
"JWT" and "CWT" from the name, I was not aware of that discussion during the 
call for adoption. I would suggest renaming this to "OAuth Token Status List" 
instead.

I also noticed you didn't mark it as replacing the individual draft in 
datatracker. You can email supp...@ietf.org<mailto:supp...@ietf.org> and 
request that they mark it as replacing 
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so 
that the history tracks better.

I also noticed that there are significant changes to the draft between the 
individual and working group versions. Typically it is better to post a 
verbatim copy of the individual draft as the adopted version, and then make 
changes in a -01 version.

Thanks!

Aaron



On Sat, Oct 14, 2023 at 5:56 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

Based on the feedback to this call for adoption, we declare this document 
adopted as a WG document.


Authors,

Please, submit this as a working group document at your earliest convenience.

Regards,
 Rifaat & Hannes






On Tue, Oct 3, 2023 at 8:51 PM John Bradley 
mailto:ve7...@ve7jtb.com>> wrote:
+1 for adoption

On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

This is an official call for adoption for the JWT and CWT Status List draft:
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply on the mailing list and let us know if you are in favor or 
against adopting this draft as WG document, by Oct 13th.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Michael Jones
To Aaron’s naming points, I would be fine changing the title in the draft from 
“OAuth Status List” to “OAuth Token Status List”, if there’s working group 
consensus to do so.  We could have that discussion in Prague.

The name change was motivated by feedback from multiple sources that the old 
name “JWT and CWT Status List” was too specific in token types, seeming to 
unnecessarily tie our hands.

That said, I don’t think we need to change the draft identifier 
“draft-ietf-oauth-status-list”.  I doubt that there’s another kind of status 
list happening in the working group that might cause confusion. ;-)  Besides, 
the draft identifier is actually ephemeral.  Should the working group draft 
progress, it will be replaced by an RFC number.

   Cheers,
   -- Mike

From: OAuth  On Behalf Of Rifaat Shekh-Yusef
Sent: Monday, October 23, 2023 7:48 AM
To: Aaron Parecki 
Cc: oauth 
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I also noticed you didn't mark it as replacing the individual draft in 
datatracker. You can email supp...@ietf.org<mailto:supp...@ietf.org> and 
request that they mark it as replacing 
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so 
that the history tracks better.

I fixed that.

Regards,
 Rifaat


On Mon, Oct 23, 2023 at 10:35 AM Aaron Parecki 
mailto:aa...@parecki.com>> wrote:
Tobias, Paul, Christian,

I just noticed the new working group adopted version of this draft: 
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/

I posted this comment on Github, but I'll repeat it here for others. I find the 
new name "OAuth Status List" confusing. While I understand wanting to remove 
"JWT" and "CWT" from the name, I was not aware of that discussion during the 
call for adoption. I would suggest renaming this to "OAuth Token Status List" 
instead.

I also noticed you didn't mark it as replacing the individual draft in 
datatracker. You can email supp...@ietf.org<mailto:supp...@ietf.org> and 
request that they mark it as replacing 
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so 
that the history tracks better.

I also noticed that there are significant changes to the draft between the 
individual and working group versions. Typically it is better to post a 
verbatim copy of the individual draft as the adopted version, and then make 
changes in a -01 version.

Thanks!

Aaron



On Sat, Oct 14, 2023 at 5:56 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

Based on the feedback to this call for adoption, we declare this document 
adopted as a WG document.


Authors,

Please, submit this as a working group document at your earliest convenience.

Regards,
 Rifaat & Hannes






On Tue, Oct 3, 2023 at 8:51 PM John Bradley 
mailto:ve7...@ve7jtb.com>> wrote:
+1 for adoption

On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

This is an official call for adoption for the JWT and CWT Status List draft:
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply on the mailing list and let us know if you are in favor or 
against adopting this draft as WG document, by Oct 13th.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Rifaat Shekh-Yusef
>
> I also noticed you didn't mark it as replacing the individual draft in
> datatracker. You can email supp...@ietf.org and request that they mark it
> as replacing
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so
> that the history tracks better.
>

I fixed that.

Regards,
 Rifaat


On Mon, Oct 23, 2023 at 10:35 AM Aaron Parecki  wrote:

> Tobias, Paul, Christian,
>
> I just noticed the new working group adopted version of this draft:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/
>
> I posted this comment on Github, but I'll repeat it here for others. I
> find the new name "OAuth Status List" confusing. While I understand wanting
> to remove "JWT" and "CWT" from the name, I was not aware of that discussion
> during the call for adoption. I would suggest renaming this to "OAuth Token
> Status List" instead.
>
> I also noticed you didn't mark it as replacing the individual draft in
> datatracker. You can email supp...@ietf.org and request that they mark it
> as replacing
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
> so that the history tracks better.
>
> I also noticed that there are significant changes to the draft between the
> individual and working group versions. Typically it is better to post a
> verbatim copy of the individual draft as the adopted version, and then make
> changes in a -01 version.
>
> Thanks!
>
> Aaron
>
>
>
> On Sat, Oct 14, 2023 at 5:56 AM Rifaat Shekh-Yusef <
> rifaat.s.i...@gmail.com> wrote:
>
>> All,
>>
>> Based on the feedback to this call for adoption, we declare this document
>> adopted as a WG document.
>>
>>
>> Authors,
>>
>> Please, submit this as a working group document at your earliest
>> convenience.
>>
>> Regards,
>>  Rifaat & Hannes
>>
>>
>>
>>
>>
>>
>> On Tue, Oct 3, 2023 at 8:51 PM John Bradley  wrote:
>>
>>> +1 for adoption
>>>
>>> On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef <
>>> rifaat.s.i...@gmail.com> wrote:
>>>
 All,

 This is an official call for adoption for the *JWT and CWT Status List*
 draft:
 https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

 Please, reply *on the mailing list *and let us know if you are in *favor
 *or* against *adopting this draft as WG document, by *Oct 13th*.

 Regards,
  Rifaat & Hannes
 ___
 OAuth mailing list
 OAuth@ietf.org
 https://www.ietf.org/mailman/listinfo/oauth

>>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Denis

Hi  Aaron,


Tobias, Paul, Christian,

I just noticed the new working group adopted version of this draft: 
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/


I posted this comment on Github, but I'll repeat it here for others. I 
find the new name "OAuth Status List" confusing.
While I understand wanting to remove "JWT" and "CWT" from the name, I 
was not aware of that discussion during the call for adoption.

I would suggest renaming this to "OAuth Token Status List" instead.


I would rather say that "Token Status List" would be a better renaming 
for a version -01, since the token does need to be a JWT, nor a CWT.


Denis

I also noticed you didn't mark it as replacing the individual draft in 
datatracker. You can email supp...@ietf.org and request that they mark it
as replacing 
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ 
so that the history tracks better.


I also noticed that there are significant changes to the draft between 
the individual and working group versions.
Typically it is better to post a verbatim copy of the individual draft 
as the adopted version, and then make changes in a -01 version.


Thanks!

Aaron



On Sat, Oct 14, 2023 at 5:56 AM Rifaat Shekh-Yusef 
 wrote:


All,

Based on the feedback to this call for adoption, we declare this
document adopted as a WG document.


Authors,

Please, submit this as a working group document at your earliest
convenience.

Regards,
 Rifaat & Hannes






On Tue, Oct 3, 2023 at 8:51 PM John Bradley  wrote:

+1 for adoption

On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef
 wrote:

All,

This is an official call for adoption for the *JWT and CWT
Status List* draft:

https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply *on the mailing list *and let us know if you
are in *favor *or*against *adopting this draft as WG
document, by *Oct 13th*.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-23 Thread Aaron Parecki
Tobias, Paul, Christian,

I just noticed the new working group adopted version of this draft:
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/

I posted this comment on Github, but I'll repeat it here for others. I find
the new name "OAuth Status List" confusing. While I understand wanting to
remove "JWT" and "CWT" from the name, I was not aware of that discussion
during the call for adoption. I would suggest renaming this to "OAuth Token
Status List" instead.

I also noticed you didn't mark it as replacing the individual draft in
datatracker. You can email supp...@ietf.org and request that they mark it
as replacing
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so
that the history tracks better.

I also noticed that there are significant changes to the draft between the
individual and working group versions. Typically it is better to post a
verbatim copy of the individual draft as the adopted version, and then make
changes in a -01 version.

Thanks!

Aaron



On Sat, Oct 14, 2023 at 5:56 AM Rifaat Shekh-Yusef 
wrote:

> All,
>
> Based on the feedback to this call for adoption, we declare this document
> adopted as a WG document.
>
>
> Authors,
>
> Please, submit this as a working group document at your earliest
> convenience.
>
> Regards,
>  Rifaat & Hannes
>
>
>
>
>
>
> On Tue, Oct 3, 2023 at 8:51 PM John Bradley  wrote:
>
>> +1 for adoption
>>
>> On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef 
>> wrote:
>>
>>> All,
>>>
>>> This is an official call for adoption for the *JWT and CWT Status List*
>>> draft:
>>> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>>>
>>> Please, reply *on the mailing list *and let us know if you are in *favor
>>> *or* against *adopting this draft as WG document, by *Oct 13th*.
>>>
>>> Regards,
>>>  Rifaat & Hannes
>>> ___
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-14 Thread Rifaat Shekh-Yusef
All,

Based on the feedback to this call for adoption, we declare this document
adopted as a WG document.


Authors,

Please, submit this as a working group document at your earliest
convenience.

Regards,
 Rifaat & Hannes






On Tue, Oct 3, 2023 at 8:51 PM John Bradley  wrote:

> +1 for adoption
>
> On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef 
> wrote:
>
>> All,
>>
>> This is an official call for adoption for the *JWT and CWT Status List*
>> draft:
>> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>>
>> Please, reply *on the mailing list *and let us know if you are in *favor
>> *or* against *adopting this draft as WG document, by *Oct 13th*.
>>
>> Regards,
>>  Rifaat & Hannes
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-07 Thread Bastian, Paul
As one of the authors of this draft, I support the adoption.


Best regards,

Paul
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-03 Thread John Bradley
+1 for adoption

On Sat, Sep 30, 2023, 9:53 AM Rifaat Shekh-Yusef 
wrote:

> All,
>
> This is an official call for adoption for the *JWT and CWT Status List*
> draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>
> Please, reply *on the mailing list *and let us know if you are in *favor *
> or* against *adopting this draft as WG document, by *Oct 13th*.
>
> Regards,
>  Rifaat & Hannes
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-03 Thread Vladimir Dzhuvinov

+1 for the adoption so we can explore this as a WG document

+1 to Brian's comment to consider the application to tokens in general 
(unless the authors have plans for JWT / CWT specific features)


Vladimir Dzhuvinov

On 03/10/2023 00:10, Brian Campbell wrote:

I support adoption.

I do think the document would be more appropriately scoped with more 
focus on the status list itself and less so on the JWT/CWT signed 
representations thereof. As such, I'd suggest maybe using a less 
specific docname without the jwt-cwt bit if/when it moves to a WG 
draft. Something like draft-ietf-oauth-token-status-list.







On Sat, Sep 30, 2023 at 6:53 AM Rifaat Shekh-Yusef 
 wrote:


All,

This is an official call for adoption for the *JWT and CWT Status
List* draft:
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply *on the mailing list *and let us know if you are in
*favor *or*against *adopting this draft as WG document, by *Oct 13th*.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


/CONFIDENTIALITY NOTICE: This email may contain confidential and 
privileged material for the sole use of the intended recipient(s). Any 
review, use, distribution or disclosure by others is strictly 
prohibited.  If you have received this communication in error, please 
notify the sender immediately by e-mail and delete the message and any 
file attachments from your computer. Thank you./


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

smime.p7s
Description: S/MIME Cryptographic Signature
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-03 Thread Hannes Tschofenig



It's unfortunate that the spec does not cite previous work, which the
authors and undoubtedly aware of, the same comment was made at the
microphone at the last IETF.



Orie is right that we have to take prior work into account.


I am saying this in response to this call for adoption but it applies to
all our documents.


Ciao

Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-03 Thread Tobias Looker
As one of the authors of this draft I support adoption.

Thanks,
[MATTR website]<https://mattr.global/>

Tobias Looker
MATTR
+64 273 780 461
tobias.looker@mattr.global<mailto:first.last@mattr.global>
[MATTR website]<https://mattr.global/>
[MATTR on LinkedIn]<https://www.linkedin.com/company/mattrglobal>
[MATTR on Twitter]<https://twitter.com/mattrglobal>
[MATTR on Github]<https://github.com/mattrglobal>

This communication, including any attachments, is confidential. If you are not 
the intended recipient, you should not read it – please contact me immediately, 
destroy it, and do not copy or use any part of this communication or disclose 
anything about it. Thank you. Please note that this communication does not 
designate an information system for the purposes of the Electronic Transactions 
Act 2002.

From: OAuth  on behalf of Kristina Yasuda 

Date: Tuesday, 3 October 2023 at 2:41 AM
To: Orie Steele , rifaat.s.ietf 

Cc: oauth 
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List
EXTERNAL EMAIL: This email originated outside of our organisation. Do not click 
links or open attachments unless you recognise the sender and know the content 
is safe.

I support adoption, but we also implemented a similar spec and have similar 
observations/reservations as Orie.
Really hope this draft can build up on the learnings to date and be a 
significant improvement..

From: OAuth  On Behalf Of Orie Steele
Sent: Saturday, September 30, 2023 6:10 AM
To: rifaat.s.ietf 
Cc: oauth 
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption.

We have implementations of a similar spec and we don't think it would be good 
for vendors to have to support both, but that's not under control of OAuth... 
we hope there will be significant improvements made, after adoption to justify 
a separate spec, aside from CWT being generally better than JWT.

Many of these improvements have already been discussed on the other spec, and 
with the authors.

It's unfortunate that the spec does not cite previous work, which the authors 
and undoubtedly aware of, the same comment was made at the microphone at the 
last IETF.

We look forward to reviewing drafts and implementing the spec to compare it's 
performance vs the existing W3C work item, which I mentioned on a previous 
thread.

If the performance is not substantially better I don't think the draft should 
become an RFC, but I'm happy to help make it better if that's possible... and 
this working group has the expertise to improve this work, so I think 
transferring control to the working group makes sense.

OS






On Sat, Sep 30, 2023, 7:53 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

This is an official call for adoption for the JWT and CWT Status List draft:
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply on the mailing list and let us know if you are in favor or 
against adopting this draft as WG document, by Oct 13th.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-02 Thread Kristina Yasuda
I support adoption, but we also implemented a similar spec and have similar 
observations/reservations as Orie.
Really hope this draft can build up on the learnings to date and be a 
significant improvement..

From: OAuth  On Behalf Of Orie Steele
Sent: Saturday, September 30, 2023 6:10 AM
To: rifaat.s.ietf 
Cc: oauth 
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support adoption.

We have implementations of a similar spec and we don't think it would be good 
for vendors to have to support both, but that's not under control of OAuth... 
we hope there will be significant improvements made, after adoption to justify 
a separate spec, aside from CWT being generally better than JWT.

Many of these improvements have already been discussed on the other spec, and 
with the authors.

It's unfortunate that the spec does not cite previous work, which the authors 
and undoubtedly aware of, the same comment was made at the microphone at the 
last IETF.

We look forward to reviewing drafts and implementing the spec to compare it's 
performance vs the existing W3C work item, which I mentioned on a previous 
thread.

If the performance is not substantially better I don't think the draft should 
become an RFC, but I'm happy to help make it better if that's possible... and 
this working group has the expertise to improve this work, so I think 
transferring control to the working group makes sense.

OS






On Sat, Sep 30, 2023, 7:53 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

This is an official call for adoption for the JWT and CWT Status List draft:
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply on the mailing list and let us know if you are in favor or 
against adopting this draft as WG document, by Oct 13th.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-02 Thread Nat Sakimura
+1

Nat Sakimura
On 2 Oct 2023, 22:11 +0100, Brian Campbell 
, wrote:
> I support adoption.
>
> I do think the document would be more appropriately scoped with more focus on 
> the status list itself and less so on the JWT/CWT signed representations 
> thereof. As such, I'd suggest maybe using a less specific docname without the 
> jwt-cwt bit if/when it moves to a WG draft. Something like 
> draft-ietf-oauth-token-status-list.
>
>
>
>
>
>
> > On Sat, Sep 30, 2023 at 6:53 AM Rifaat Shekh-Yusef 
> >  wrote:
> > > All,
> > >
> > > This is an official call for adoption for the JWT and CWT Status List 
> > > draft:
> > > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
> > >
> > > Please, reply on the mailing list and let us know if you are in favor or 
> > > against adopting this draft as WG document, by Oct 13th.
> > >
> > > Regards,
> > >  Rifaat & Hannes
> > > ___
> > > OAuth mailing list
> > > OAuth@ietf.org
> > > https://www.ietf.org/mailman/listinfo/oauth
>
> CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
> material for the sole use of the intended recipient(s). Any review, use, 
> distribution or disclosure by others is strictly prohibited.  If you have 
> received this communication in error, please notify the sender immediately by 
> e-mail and delete the message and any file attachments from your computer. 
> Thank you.___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-02 Thread Denis

I am in favor of the adoption, with reservations and observations.

My reservations and observations will be posted in another email under 
the following header:

"Reservations and observations about draft JWT and CWT Status List"

The basic idea looks useful for environments where:

    - the linkability of tokens between verifiers is desirable or 
required, or /and
- end-users are informed that the protocol leaks information that allows 
verifiers to link the tokens they receive.


Depending upon the architecture deployed by the token Issuer, the Issuer 
may be in a position to act as Big Brother,

i.e. allowing it to know where and when a token it has issued has been used.

Denis

I support adoption. I have questions about the specifics which I'll 
try to write up in the next week or so, but the basic idea seems 
useful. (The tl;dr of my thoughts is: have we learned everything we 
can do from the *many* iterations of similar mechanisms in the PKI 
space?)


-- Neil

On 30 Sep 2023, at 13:52, Rifaat Shekh-Yusef 
 wrote:


All,

This is an official call for adoption for the *JWT and CWT Status 
List* draft:

https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply *on the mailing list *and let us know if you are in 
*favor *or*against *adopting this draft as WG document, by *Oct 13th*.


Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-02 Thread Neil Madden
I support adoption. I have questions about the specifics which I'll try to 
write up in the next week or so, but the basic idea seems useful. (The tl;dr of 
my thoughts is: have we learned everything we can do from the *many* iterations 
of similar mechanisms in the PKI space?)

-- Neil

> On 30 Sep 2023, at 13:52, Rifaat Shekh-Yusef  wrote:
> 
> All,
> 
> This is an official call for adoption for the JWT and CWT Status List draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ 
> 
> 
> Please, reply on the mailing list and let us know if you are in favor or 
> against adopting this draft as WG document, by Oct 13th.
> 
> Regards,
>  Rifaat & Hannes
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-02 Thread Joseph Heenan
I support adoption.

Joseph


> On 30 Sep 2023, at 13:52, Rifaat Shekh-Yusef  wrote:
> 
> All,
> 
> This is an official call for adoption for the JWT and CWT Status List draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
> 
> Please, reply on the mailing list and let us know if you are in favor or 
> against adopting this draft as WG document, by Oct 13th.
> 
> Regards,
>  Rifaat & Hannes
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-10-01 Thread Daniel Fett

I support adoption.

Am 30.09.23 um 14:52 schrieb Rifaat Shekh-Yusef:

All,

This is an official call for adoption for the *JWT and CWT Status 
List* draft:

https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply *on the mailing list *and let us know if you are in 
*favor *or*against *adopting this draft as WG document, by *Oct 13th*.


Regards,
 Rifaat & Hannes

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--
Please use my new email address:m...@danielfett.de
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-09-30 Thread Michael Jones
I support adoption.



From: OAuth  on behalf of Amir Sharif 

Sent: Saturday, September 30, 2023 7:45:04 AM
To: Rifaat Shekh-Yusef ; oauth 
Subject: Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

I support the adoption.

On Sat, 30 Sep 2023 at 16:41, 
mailto:40lodderstedt@dmarc.ietf.org>>
 wrote:
+1 for adoption
Am 30. Sept. 2023, 15:33 +0200 schrieb Aaron Parecki 
mailto:40parecki@dmarc.ietf.org>>:
I support adoption


On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:
All,

This is an official call for adoption for the JWT and CWT Status List draft:
https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/

Please, reply on the mailing list and let us know if you are in favor or 
against adopting this draft as WG document, by Oct 13th.

Regards,
 Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

--
Le informazioni contenute nella presente comunicazione sono di natura privata e 
come tali sono da considerarsi riservate ed indirizzate esclusivamente ai 
destinatari indicati e per le finalità strettamente legate al relativo 
contenuto. Se avete ricevuto questo messaggio per errore, vi preghiamo di 
eliminarlo e di inviare una comunicazione all’indirizzo e-mail del mittente.
--
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential and/or privileged material. If you 
received this in error, please contact the sender and delete the material.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-09-30 Thread Giuseppe De Marco
I support the adoption

Regards

Il sab 30 set 2023, 14:53 Rifaat Shekh-Yusef  ha
scritto:

> All,
>
> This is an official call for adoption for the *JWT and CWT Status List*
> draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>
> Please, reply *on the mailing list *and let us know if you are in *favor *
> or* against *adopting this draft as WG document, by *Oct 13th*.
>
> Regards,
>  Rifaat & Hannes
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-09-30 Thread Amir Sharif
I support the adoption.

On Sat, 30 Sep 2023 at 16:41, 
wrote:

> +1 for adoption
> Am 30. Sept. 2023, 15:33 +0200 schrieb Aaron Parecki  40parecki@dmarc.ietf.org>:
>
> I support adoption
>
>
> On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef <
> rifaat.s.i...@gmail.com> wrote:
>
>> All,
>>
>> This is an official call for adoption for the *JWT and CWT Status List*
>> draft:
>> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>>
>> Please, reply *on the mailing list* and let us know if you are in *favor*
>> or *against* adopting this draft as WG document, by *Oct 13th*.
>>
>> Regards,
>>  Rifaat & Hannes
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
--
Le informazioni contenute nella presente comunicazione sono di natura 
privata e come tali sono da considerarsi riservate ed indirizzate 
esclusivamente ai destinatari indicati e per le finalità strettamente 
legate al relativo contenuto. Se avete ricevuto questo messaggio per 
errore, vi preghiamo di eliminarlo e di inviare una comunicazione 
all’indirizzo e-mail del mittente.

--
The information transmitted is 
intended only for the person or entity to which it is addressed and may 
contain confidential and/or privileged material. If you received this in 
error, please contact the sender and delete the material.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-09-30 Thread torsten=40lodderstedt . net
+1 for adoption
Am 30. Sept. 2023, 15:33 +0200 schrieb Aaron Parecki 
:
> I support adoption
>
>
> > On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef 
> >  wrote:
> > > All,
> > >
> > > This is an official call for adoption for the JWT and CWT Status List 
> > > draft:
> > > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
> > >
> > > Please, reply on the mailing list and let us know if you are in favor or 
> > > against adopting this draft as WG document, by Oct 13th.
> > >
> > > Regards,
> > >  Rifaat & Hannes
> > > ___
> > > OAuth mailing list
> > > OAuth@ietf.org
> > > https://www.ietf.org/mailman/listinfo/oauth
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-09-30 Thread Aaron Parecki
I support adoption


On Sat, Sep 30, 2023 at 5:53 AM Rifaat Shekh-Yusef 
wrote:

> All,
>
> This is an official call for adoption for the *JWT and CWT Status List*
> draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>
> Please, reply *on the mailing list *and let us know if you are in *favor *
> or* against *adopting this draft as WG document, by *Oct 13th*.
>
> Regards,
>  Rifaat & Hannes
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

2023-09-30 Thread Orie Steele
I support adoption.

We have implementations of a similar spec and we don't think it would be
good for vendors to have to support both, but that's not under control of
OAuth... we hope there will be significant improvements made, after
adoption to justify a separate spec, aside from CWT being generally better
than JWT.

Many of these improvements have already been discussed on the other spec,
and with the authors.

It's unfortunate that the spec does not cite previous work, which the
authors and undoubtedly aware of, the same comment was made at the
microphone at the last IETF.

We look forward to reviewing drafts and implementing the spec to compare
it's performance vs the existing W3C work item, which I mentioned on a
previous thread.

If the performance is not substantially better I don't think the draft
should become an RFC, but I'm happy to help make it better if that's
possible... and this working group has the expertise to improve this work,
so I think transferring control to the working group makes sense.

OS







On Sat, Sep 30, 2023, 7:53 AM Rifaat Shekh-Yusef 
wrote:

> All,
>
> This is an official call for adoption for the *JWT and CWT Status List*
> draft:
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/
>
> Please, reply *on the mailing list *and let us know if you are in *favor *
> or* against *adopting this draft as WG document, by *Oct 13th*.
>
> Regards,
>  Rifaat & Hannes
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth