Document: draft-ietf-oauth-selective-disclosure-jwt
Title: Selective Disclosure for JWTs (SD-JWT)
Reviewer: Henry Thompson
Review result: Ready with Nits
I framed my only major point as a recommendation, not a requirement, and that
recommendation was, effectively, declined in subsequent emails.
So, I'll reduce that (over) long screed with my points (b)--(d):
b) Replace the first two bullets in the algorithm description, with
* JSON-encode the array, producing a UTF-8 byte sequence.
* base64url-encode the resulting byte sequence. The resulting
string is the Disclosure.
c) Be careful never to use "string" when "(UTF-8) byte sequence"
is meant, starting in 4.2.2 with
The Disclosure string is created by JSON-encoding this array
and base64url-encoding the resulting byte sequence as
described in Section 4.2.1
d) In the second media type registration in 12.2
"represented as a JSON Object" ->
'represented as UTF-8 encoded "JSON text" as defined in [RFC8259]'
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
