Re: [OAUTH-WG] SD-JWT does not meet standard security definitions

On Thu, Aug 24, 2023, 1:32 PM Kristina Yasuda wrote: > > First of all, BBS and SD-JWT are not comparable apple to apple. BBS is a > signature scheme and it needs to be combined with few other things like JWP > or BBS data integrity proof type (https://www.w3.org/TR/vc-di-bbs/) with > JSON-LD

Re: [OAUTH-WG] SD-JWT does not meet standard security definitions

First of all, BBS and SD-JWT are not comparable apple to apple. BBS is a signature scheme and it needs to be combined with few other things like JWP or BBS data integrity proof type (https://www.w3.org/TR/vc-di-bbs/) with JSON-LD payload. While SD-JWT is a mechanism that can be used with any

Re: [OAUTH-WG] SD-JWT does not meet standard security definitions

On Thu, Aug 24, 2023 at 3:44 AM Daniel Fett wrote: > > Thanks, Hannes. > > The fact that technologies like AnonCreds are based on such old principles, > yet they are not uniformly standardized, often times limited to a few > implementations that may or may not be secure, are full of security

Re: [OAUTH-WG] SD-JWT does not meet standard security definitions

Thanks, Hannes. The fact that technologies like AnonCreds are based on such old principles, yet they are not uniformly standardized, often times limited to a few implementations that may or may not be secure, are full of security footguns, lack hardware support, and are just extremely hard or

[OAUTH-WG] (no subject)

___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] SD-JWT does not meet standard security definitions

Hi Watson, deploying technologies can be complex because the incentives need to align. Not everything that looks great on paper gets adopted in the time frame or manner we like. In this specific case U-Prove has not been seen excitement in the industry. There are reasons but it is difficult to

Re: [OAUTH-WG] SD-JWT does not meet standard security definitions

On 2023-08-24 02:02, Michael Prorock wrote: "Who exactly has an environment where any of the already existing pairing implementations, or a forthcoming BBS signature scheme wouldn't be available?" I have customers who are required to send regulatory trade data that may have redactions with

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption too24 aug. 2023 kl. 08:31 skrev Vladimir Dzhuvinov : I support adoption. Vladimir Dzhuvinov On 23/08/2023 20:01, Rifaat Shekh-Yusef wrote: All, This is an official call for adoption for

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption. Vladimir Dzhuvinov On 23/08/2023 20:01, Rifaat Shekh-Yusef wrote: All, This is an official call for adoption for the *Protected Resource Metadata* draft: https://datatracker.ietf.org/doc/draft-jones-oauth-resource-metadata/ Please, reply on the mailing list and let us

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption > On Aug 23, 2023, at 11:44 PM, Aaron Parecki > wrote: > > I support adoption. > > Aaron > > > On Wed, Aug 23, 2023 at 8:02 PM Rifaat Shekh-Yusef > wrote: >> All, >> >> This is an official call for adoption for the Protected Resource

Re: [OAUTH-WG] Call for adoption - Protected Resource Metadata

I support adoption of this draft. On Thu, 24 Aug 2023 at 06:41, Tobias Looker wrote: > I support adoption of this draft. > > > > Thanks, > > [image: MATTR website] > > > > *Tobias Looker* > > MATTR > > +64 273 780 461 > tobias.looker@mattr.global > > [image: MATTR