My experience has been that greater specificity is appreciated. I think consensus (where “consensus” != “unanimity”) is the most significant measure of whether a “draft is complete” (and that the ADs are satisfied).
I’m not arguing that the more specific text be included. I’m saying do not be overly concerned if it is. Pierce CONFIDENTIAL From: Dean Saxe <[email protected]> Sent: Thursday, January 9, 2025 2:29 PM To: Paul Bastian <[email protected]> Cc: [email protected] Subject: [OAUTH-WG] Re: Reminder: Alternative text for sd-jwt privacy considerations. EXTERNAL EMAIL I agree with you, Paul. A statement that this is not anonymous should be sufficient. -dhs -- Dean H. Saxe, CIDPRO<https://idpro.org/cidpro/> Principal Engineer Office of the CTO Beyond Identity [email protected]<mailto:[email protected]> On Jan 9, 2025, at 12:10 PM, Paul Bastian <[email protected]<mailto:[email protected]>> wrote: It seems to me saying "SD-JWT is not an anonymous credential system according to <link>" then seems sufficient, as most of the other text is already present in the thorough unlinkability section. Also I see that it gets increasingly difficult, if drafts have to enumerate all the things that they are not, this is a slippery slope that may never be complete. Best, Paul On 1/9/25 8:32 PM, Watson Ladd wrote: On Thu, Jan 9, 2025 at 10:39 AM Dean Saxe <[email protected]<mailto:[email protected]>> wrote: I’m struggling with the same thing. If there’s somewhere that this is described/documented it should be linked from the text. I added the same comment to the PR. https://www.google.com/url?q=https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535%23issuecomment-2580990520&source=gmail-imap&ust=1737058221000000&usg=AOvVaw2ZJTyUSYKf5i67EjayhT9A We can link to CL01, but I think there might be some easier to understand presentations. Will look. -dhs -- Dean H. Saxe, CIDPRO Principal Engineer Office of the CTO Beyond Identity [email protected]<mailto:[email protected]> On Jan 9, 2025 at 10:20:56 AM, Paul Bastian <[email protected]<mailto:[email protected]>> wrote: Hi Watson, Could you please link the standard security notation for anonymous credentials that you are referring to? Best, Paul _______________________________________________ OAuth mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> _______________________________________________ OAuth mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
