There was a lot of content in the recommendation[1] and subsequent emails[2] but some of all that did result in changes[3] to the draft that attempted to improve its clarity. Much of the text that is the target of the suggestions in points (b)--(d) has changed in draft -19[4] and no longer appears in the document.
On Thu, May 15, 2025 at 5:43 AM Henry Thompson via Datatracker <noreply@xxxxxxxx> wrote:
Document: draft-ietf-oauth-selective-disclosure-jwt
Title: Selective Disclosure for JWTs (SD-JWT)
Reviewer: Henry Thompson
Review result: Ready with Nits
I framed my only major point as a recommendation, not a requirement, and that
recommendation was, effectively, declined in subsequent emails.
So, I'll reduce that (over) long screed with my points (b)--(d):
b) Replace the first two bullets in the algorithm description, with
* JSON-encode the array, producing a UTF-8 byte sequence.
* base64url-encode the resulting byte sequence. The resulting
string is the Disclosure.
c) Be careful never to use "string" when "(UTF-8) byte sequence"
is meant, starting in 4.2.2 with
The Disclosure string is created by JSON-encoding this array
and base64url-encoding the resulting byte sequence as
described in Section 4.2.1
d) In the second media type registration in 12.2
"represented as a JSON Object" ->
'represented as UTF-8 encoded "JSON text" as defined in [RFC8259]'
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
