[OAUTH-WG] [Errata Verified] RFC9449 (7646)

The following errata report has been verified for RFC9449, "OAuth 2.0 Demonstrating Proof of Possession (DPoP)". -- You may review the report below and at: https://www.rfc-editor.org/errata/eid7646 -- Status: Verified Type:

Re: [OAUTH-WG] [Editorial Errata Reported] RFC6749 (7642)

Hi Roman, We are unable to verify this erratum that the submitter marked as editorial. Please note that we have changed the “Type” of the following errata report to “Technical”. As Stream Approver, please review and set the Status and Type accordingly (see the definitions at https://www.rfc-e

[OAUTH-WG] OAuth and JWT/VC documents: a societal choice

Hi Roman and Torsten, This is a reply to the mail sent today by Torsten on the OAuth mailing list where I modified the name of the thread to add  ": a societal choice". I also send a blind copy to the SPICE BoF. Lest us go away from nails and screws and take a higher view, e.g., using an air

Re: [OAUTH-WG] [Editorial Errata Reported] RFC9449 (7646)

Agree, this errata report looks correct. On Mon, Sep 18, 2023 at 1:27 AM Daniel Fett wrote: > The erratum looks correct to me. > > -Daniel > Am 18.09.23 um 08:57 schrieb RFC Errata System: > > The following errata report has been submitted for RFC9449, > "OAuth 2.0 Demonstrating Proof of Possess

Re: [OAUTH-WG] OAuth and JWT/VC documents

Torsten, Thanks for sharing this excellent framing. I agree with everything you said. Please correct me if I'm wrong about anything in this summary: 1. Keep working on JWT based credential formats at OAuth (implicit, don't expand OAuth charter to work on CWT credential formats ?) 2. If a new wo

Re: [OAUTH-WG] OAuth and JWT/VC documents

I agree with Brian's comments. It's clear to me that SD-JWT has benefited a lot from the expertise of the OAuth WG. OS On Fri, Sep 15, 2023, 4:12 PM Brian Campbell wrote: > Hi Roman, > > I'm going to dodge some of the bigger picture questions but wanted to give > a bit of historical context/

Re: [OAUTH-WG] OAuth and JWT/VC documents

Hi Roman, I’m writing this post on behalf of the group of co-authors who proposed the following drafts for adoption by the OAuth WG: draft-ietf-oauth-attestation-based-client-auth draft-ietf-oauth-sd-jwt-vc draft-looker-oauth-jwt-cwt-status-list We have brought these drafts to the IETF because

Re: [OAUTH-WG] OAuth and JWT/VC documents

Hi Brian, The main questions raised by Roman were: What's the body of work around SD/JWT/VC that should be done and how much work will that be? What needs to be done first? The topic is about SD-JWT-VC (draft-ietf-oauth-sd-jwt-vc). It is not about SD-JWT (draft-ietf-oauth-selective-di

Re: [OAUTH-WG] OAuth and JWT/VC documents

Hi  Hannes, Sorry for this late response. The SPICE BoF (and other activities) kept me quite busy. Hi Denis, OAuth defines 4 roles, see Section 1.1 of RFC 6749. A RO is a role supported by a (human) user. In the three party model there is likely a human behind the holder as well. You c

Re: [OAUTH-WG] [Editorial Errata Reported] RFC9449 (7646)

The erratum looks correct to me. -Daniel Am 18.09.23 um 08:57 schrieb RFC Errata System: The following errata report has been submitted for RFC9449, "OAuth 2.0 Demonstrating Proof of Possession (DPoP)". -- You may review the report below and at: https://www.