There was a lot of content in the recommendation[1] and subsequent emails[2] but some of all that did result in changes[3] to the draft that attempted to improve its clarity. Much of the text that is the target of the suggestions in points (b)--(d) has changed in draft -19[4] and no longer appears in the document.
[1] https://mailarchive.ietf.org/arch/msg/oauth/w98wSVpZo-KTE4JQ4DIluiRFbWc/ [2] https://mailarchive.ietf.org/arch/msg/oauth/4mfdwkhezw3DKXvuLta8KOREPOE/ https://mailarchive.ietf.org/arch/msg/oauth/sJE3zI2o39wU9g-oEgTjfK3EHHM/ https://mailarchive.ietf.org/arch/msg/oauth/xsfUR6M_1FTyqIhz64mZuN2zNpY/ https://mailarchive.ietf.org/arch/msg/oauth/p34mEMzYIhT-8SzD8alpQCejVis/ https://mailarchive.ietf.org/arch/msg/oauth/b2_8lA2Y5aIHG3liwH1jQTIOtR4/ https://mailarchive.ietf.org/arch/msg/oauth/hd1CKEIdVodkRKmdNx-vhlTrLt0/ https://mailarchive.ietf.org/arch/msg/oauth/dZc49zn8WeTErwBhJeJ2lFGDMyY/ [3] https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/573 [4] https://author-tools.ietf.org/iddiff?url1=draft-ietf-oauth-selective-disclosure-jwt-18&url2=draft-ietf-oauth-selective-disclosure-jwt-19&difftype=--html On Thu, May 15, 2025 at 5:43 AM Henry Thompson via Datatracker < [email protected]> wrote: > Document: draft-ietf-oauth-selective-disclosure-jwt > Title: Selective Disclosure for JWTs (SD-JWT) > Reviewer: Henry Thompson > Review result: Ready with Nits > > I framed my only major point as a recommendation, not a requirement, and > that > recommendation was, effectively, declined in subsequent emails. > > So, I'll reduce that (over) long screed with my points (b)--(d): > > b) Replace the first two bullets in the algorithm description, with > > * JSON-encode the array, producing a UTF-8 byte sequence. > > * base64url-encode the resulting byte sequence. The resulting > string is the Disclosure. > > c) Be careful never to use "string" when "(UTF-8) byte sequence" > is meant, starting in 4.2.2 with > > The Disclosure string is created by JSON-encoding this array > and base64url-encoding the resulting byte sequence as > described in Section 4.2.1 > > d) In the second media type registration in 12.2 > "represented as a JSON Object" -> > 'represented as UTF-8 encoded "JSON text" as defined in > [RFC8259]' > > > > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
