I very much support moving the Token Status List draft forward. Gluu (via Janssen Project) has already implemented the draft spec and we've found it to be an invaluable new tool in our toolbox.
Mike -------------------------------------- Michael Schwartz Gluu Founder/CEO https://www.linkedin.com/in/nynymike On Mon, Apr 7, 2025 at 11:11 PM <[email protected]> wrote: > Send OAuth mailing list submissions to > [email protected] > > To subscribe or unsubscribe via email, send a message with subject or > body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of OAuth digest..." > > Today's Topics: > > 1. Re: Second WGLC for Token Status List (Brian Campbell) > 2. Re: Second WGLC for Token Status List (Steffen Schwalm) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 7 Apr 2025 13:49:27 -0600 > From: Brian Campbell <[email protected]> > Subject: [OAUTH-WG] Re: Second WGLC for Token Status List > To: Steffen Schwalm <[email protected]> > Cc: "[email protected]" > <[email protected]>, oauth <[email protected]> > Message-ID: > <CA+k3eCTmf= > [email protected]> > Content-Type: multipart/alternative; > boundary="0000000000004922c80632358abc" > > On Thu, Apr 3, 2025 at 11:33 AM Steffen Schwalm <[email protected] > > > wrote: > > > I strongly oppose against moving forward the specification as Issues > still > > open. > > > > > > > > 1. There´s no documented decision on the well-known x509 issue – > > beside the wishes of the authors > > > > > Having seen and participated in discussion of the issue on the mailing > list, at "unofficial" events with WG participants, and at official events > with WG participants - the decision was very clearly based on the wishes of > the rough consensus of the WG participants. Speaking as an individual, of > course. > > > > > > 1. > > 2. Still wait for information from chairs where and how to solve issue > > when not in TokenStatusList > > 3. Means TokenStatusList contains privacy issue in case used for > > Attestatiosn of attributes in eIDAS > > > > > > > > > > > > *Von:* Kristina Yasuda <[email protected]> > > *Gesendet:* Mittwoch, 2. April 2025 00:22 > > *An:* ANTHONY NADALIN <[email protected]> > > *Cc:* [email protected]; oauth <[email protected]> > > *Betreff:* [OAUTH-WG] Re: Second WGLC for Token Status List > > > > > > > > *Caution:* This email originated from outside of the organization. > > Despite an upstream security check of attachments and links by Microsoft > > Defender for Office, a residual risk always remains. Only open > attachments > > and links from known and trusted senders. > > > > I support moving this specification forward. It is a crucial building > > block for lifecycle management of different tokens/credentials. > > > > > > > > On Tue, Apr 1, 2025 at 9:42 PM ANTHONY NADALIN <[email protected]> > > wrote: > > > > support this moving forward as we need this in ISO > > > > > > > > Get Outlook for Android <https://aka.ms/AAb9ysg> > > ------------------------------ > > > > *From:* [email protected] <torsten= > > [email protected]> > > *Sent:* Tuesday, April 1, 2025 11:38:22 AM > > *To:* oauth <[email protected]>; Rifaat Shekh-Yusef < > [email protected]> > > *Subject:* [OAUTH-WG] Re: Second WGLC for Token Status List > > > > > > > > Hi, > > > > I support moving this spec forward. > > > > > > > > best regards, > > > > Torsten. > > > > Am 24. März 2025, 13:41 +0100 schrieb Rifaat Shekh-Yusef < > > [email protected]>: > > > > All, > > > > This is a *second WG Last Call* for the *Token Status List* document: > > https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ > > > > Please, review this document and reply on the mailing list if you have > any > > comments or concerns, by *April 7th*. > > > > Regards, > > Rifaat & Hannes > > > > > > > > _______________________________________________ > > OAuth mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > _______________________________________________ > > OAuth mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > _______________________________________________ > > OAuth mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > > -- > _CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately > by e-mail and delete the message and any file attachments from your > computer. Thank you._ > -------------- next part -------------- > A message part incompatible with plain text digests has been removed ... > Name: not available > Type: text/html > Size: 9477 bytes > Desc: not available > > ------------------------------ > > Message: 2 > Date: Tue, 8 Apr 2025 06:08:37 +0000 > From: Steffen Schwalm <[email protected]> > Subject: [OAUTH-WG] Re: Second WGLC for Token Status List > To: Brian Campbell <[email protected]> > Cc: "[email protected]" > <[email protected]>, oauth <[email protected]> > Message-ID: <[email protected] > P191.PROD.OUTLOOK.COM> > Content-Type: multipart/alternative; boundary="_000_AM8P191MB129903 > 8E6AD6ECA9752809F2FAB52AM8P191MB1299EURP_" > > Hi Brian, > > thanks a lot for your mail. As far as I know informal meetings and > assumptions of alleged consensus are no basement for trustworthy decisions > on open standardization and official standardization bodies like IETF as > the chairs confirmed several times. We are currently in WGLC, after > consensus found everybody will be happy to follow it. > > Independently from this: the subject is under clarification. Maybe we use > the time to solve the privacy issue TokenStatusList contains immanently if > used for (Q)EAA in eIDAS. > > Best > > Steffen > > > > > > > Von: Brian Campbell <[email protected]> > Gesendet: Montag, 7. April 2025 21:49 > An: Steffen Schwalm <[email protected]> > Cc: Kristina Yasuda <[email protected]>; ANTHONY NADALIN < > [email protected]>; [email protected]; oauth < > [email protected]> > Betreff: Re: [OAUTH-WG] Re: Second WGLC for Token Status List > > > Caution: This email originated from outside of the organization. Despite > an upstream security check of attachments and links by Microsoft Defender > for Office, a residual risk always remains. Only open attachments and links > from known and trusted senders. > > > On Thu, Apr 3, 2025 at 11:33 AM Steffen Schwalm <[email protected] > <mailto:[email protected]>> wrote: > I strongly oppose against moving forward the specification as Issues still > open. > > > 1. There´s no documented decision on the well-known x509 issue – beside > the wishes of the authors > > Having seen and participated in discussion of the issue on the mailing > list, at "unofficial" events with WG participants, and at official events > with WG participants - the decision was very clearly based on the wishes of > the rough consensus of the WG participants. Speaking as an individual, of > course. > > > > > 1. > 2. Still wait for information from chairs where and how to solve issue > when not in TokenStatusList > 3. Means TokenStatusList contains privacy issue in case used for > Attestatiosn of attributes in eIDAS > > > Von: Kristina Yasuda <[email protected]<mailto: > [email protected]>> > Gesendet: Mittwoch, 2. April 2025 00:22 > An: ANTHONY NADALIN <[email protected]<mailto:[email protected]>> > Cc: [email protected]<mailto: > [email protected]>; oauth <[email protected]<mailto: > [email protected]>> > Betreff: [OAUTH-WG] Re: Second WGLC for Token Status List > > > Caution: This email originated from outside of the organization. Despite > an upstream security check of attachments and links by Microsoft Defender > for Office, a residual risk always remains. Only open attachments and links > from known and trusted senders. > I support moving this specification forward. It is a crucial building > block for lifecycle management of different tokens/credentials. > > On Tue, Apr 1, 2025 at 9:42 PM ANTHONY NADALIN <[email protected] > <mailto:[email protected]>> wrote: > support this moving forward as we need this in ISO > > Get Outlook for Android<https://aka.ms/AAb9ysg> > ________________________________ > From: [email protected]<mailto: > [email protected]> <torsten= > [email protected]<mailto:[email protected]>> > Sent: Tuesday, April 1, 2025 11:38:22 AM > To: oauth <[email protected]<mailto:[email protected]>>; Rifaat Shekh-Yusef < > [email protected]<mailto:[email protected]>> > Subject: [OAUTH-WG] Re: Second WGLC for Token Status List > > Hi, > > I support moving this spec forward. > > best regards, > Torsten. > Am 24. März 2025, 13:41 +0100 schrieb Rifaat Shekh-Yusef < > [email protected]<mailto:[email protected]>>: > All, > > This is a second WG Last Call for the Token Status List document: > https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ > > Please, review this document and reply on the mailing list if you have any > comments or concerns, by April 7th. > > Regards, > Rifaat & Hannes > > _______________________________________________ > OAuth mailing list -- [email protected]<mailto:[email protected]> > To unsubscribe send an email to [email protected]<mailto: > [email protected]> > _______________________________________________ > OAuth mailing list -- [email protected]<mailto:[email protected]> > To unsubscribe send an email to [email protected]<mailto: > [email protected]> > _______________________________________________ > OAuth mailing list -- [email protected]<mailto:[email protected]> > To unsubscribe send an email to [email protected]<mailto: > [email protected]> > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately > by e-mail and delete the message and any file attachments from your > computer. Thank you. > -------------- next part -------------- > A message part incompatible with plain text digests has been removed ... > Name: not available > Type: text/html > Size: 17026 bytes > Desc: not available > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > > > ------------------------------ > > End of OAuth Digest, Vol 198, Issue 21 > ************************************** > -- *CONFIDENTIALITY NOTICE* This message may contain confidential or legally privileged information. If you are not the intended recipient, please immediately advise the sender by reply e-mail that you received this message, and delete this e-mail from your system. Thank you for your cooperation
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
