Thanks Carsten for pointing that out. I've created issue 570 <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/570> to track this and, with the support of a different tool, tried to document why the use of () is equivalent to but also more correct than [].
In my own defense, I was somewhat reluctant to add ABNF at all. But some folks do find it useful. So, with the support of the ietf author tool for abnf, I was able to transmute the provided suggestion that was syntactically invalid and semantically incorrect into the content that's in the draft now (some of that saga was documented in issue 393) <https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/393>. And if that made you smile, I will celebrate. On Fri, May 2, 2025 at 11:29 PM Carsten Bormann <[email protected]> wrote: > > SD-JWT = JWT "~" *[DISCLOSURE "~"] > > made me smile... > I.e., Zero or more of [DISCLOSURE “~”], each of which is optional (can be > empty) due to the [] > > (Simple-minded ABNF validators tend to loop on something like this.) > > Anyway, I’m writing this to point out that languages such as ABNF should > never be used without tool support. > > Here, abnfgen [1][2] would be my tool of choice. > > Or, if that is too difficult to install, you can embed the ABNF in CDDL > and use a CDDL tool [3]: > > foo = text .abnf 'SD-JWT-KB > ALPHA = %x41-5A / %x61-7A ; A-Z / a-z > DIGIT = %x30-39 ; 0-9 > BASE64URL = 1*(ALPHA / DIGIT / "-" / "_") > JWT = BASE64URL "." BASE64URL "." BASE64URL > DISCLOSURE = BASE64URL > SD-JWT = JWT "~" *(DISCLOSURE "~") > KB-JWT = JWT > SD-JWT-KB = SD-JWT KB-JWT > ' > > (Fixed the [] in the above.) > > $ cddl sd-jwt.cddl generate 10 > > …yields a bunch of EDN (JSON) text strings: > > "_0_.-._J~P.O._J_" > "z_-_._i58.5a5_~_7.L.9-8_" > "-_2n.-d0.42~__._ueM.z3" > "yTw.--89.0l--~-_2.Y._8Y" > "9.-.-~__.7-_._" > "-.-5h1.-0R~B~K-7~-4.i5-_.42-" > "-__.-4.6_~bO~y~--9.0d-8.-U" > "-.4i-.3~_~5.--.3_" > "0.-k4.1H~-se6~-~_1.H-4_.q" > "3.-V.68-~-p5_.1U6_.Dl" > "-q2.-4AY.XY29~e-c8.-.-C" > "__.2--.--1~Y_c~_7V~9~-.Hxo.w" > > … with tilde characters clearly in view (even more clearly in [4]). > > Grüße, Carsten > > [1]: https://www.quut.com/abnfgen/ > [2]: https://www.quut.com/abnfgen/abnfgen.1.html > (`brew install abnfgen` for those who have homebrew) > [3]: https://www.rfc-editor.org/rfc/rfc8610#appendix-F > > [4]: _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
