Skip to content

Releases: oauth-wg/oauth-selective-disclosure-jwt

draft-ietf-oauth-selective-disclosure-jwt-14

15 Nov 18:44
c95bc07
Compare
Choose a tag to compare

-14

  • Address WGLC (part 2) comments
  • Note that the Hash Function Claim value is case-sensitive
  • Update the typ value in the SD-JWT VC example to dc+sd-jwt to align with anticipated changes in the SD-JWT VC draft.

draft-ietf-oauth-selective-disclosure-jwt-13

18 Oct 15:40
f3e77f2
Compare
Choose a tag to compare

-13

  • WGLC (part 1) updates
  • Rewrote introduction
  • Added note on algorithm for Holder's verification of the SD-JWT

draft-ietf-oauth-selective-disclosure-jwt-12

03 Sep 14:39
4694e6b
Compare
Choose a tag to compare

-12

  • Clarify, add context, or otherwise improve the examples
  • Editorial and reference fixes
  • Better introduce the phrase processed SD-JWT payload in the end of Sec 8.1 on Verifying the SD-JWT
  • Moved considerations around unlinkability to the top of the Privacy Considerations section
  • Remove the brief discussion of publishing private key(s) to attempt to reduce the value of leaked or stolen data

draft-ietf-oauth-selective-disclosure-jwt-11

22 Aug 16:58
4f48862
Compare
Choose a tag to compare

-11

  • Add a paragraph attempting to better frame the risks and difficulties around Issuer/Verifier unlinkability (i.e., a government issuer or huge service provider compelling collusion)
  • Tightened the exposition

draft-ietf-oauth-selective-disclosure-jwt-10

08 Jul 10:51
b430ada
Compare
Choose a tag to compare

-10

  • Add a section clarifying recursive disclosures and their interdependencies
  • Editorial updates/fixes

draft-ietf-oauth-selective-disclosure-jwt-09

13 Jun 17:12
e61cc92
Compare
Choose a tag to compare

-09

  • Distinguished SD-JWT from SD-JWT+KB
  • Provide ABNF for the SD-JWT, SD-JWT+KB, and various constituent
    parts
  • New structure for JSON-serialized SD-JWTs/KB-JWTs to better align
    with JAdES.
  • Attempt to better explain how salt in the Disclosure makes
    guessing the preimage of the digest infeasible
  • Consolidate salt entropy and length security consideration
    subsections
  • Unnumbered most of the examples for improved clarity
  • More definitive language around the exclusive use of the cnf claim
    for enabling Key Binding

draft-ietf-oauth-selective-disclosure-jwt-08

04 Mar 17:15
a6b8fe9
Compare
Choose a tag to compare

-08

  • Make RFCs 0020 and 7515 normative references
  • Be a bit more prescriptive in suggesting RFC7800 cnf/jwk be used to convey the Key Binding key
  • Editorial changes aimed at improved clarity
  • Improve unlinkability considerations, mention that different KB keys must be used
  • Remove the explicit prohibition on HMAC
  • Remove mention of unspecified key binding methods and the Enveloping SD-JWTs section
  • Editorial updates aimed at more consistent treatment of a Disclosure vs the contents of a Disclosure
  • Update PID example
  • Be more explicit that the VCDM and SD-JWT VC examples are only illustrative and do not define anything

draft-ietf-oauth-selective-disclosure-jwt-07

11 Dec 17:33
bc5da6b
Compare
Choose a tag to compare

-07

  • Reference RFC4086 in security considerations about salt entropy
  • Update change controller for the Structured Syntax Suffix registration from IESG to IETF per IANA suggestion
  • Strengthen security considerations around claims controlling the validity of the SD-JWT not being selectively disclosable
  • Expand/rework considerations on the choice of hash algorithm
  • Clarify validation around no duplicate digests in the payload (directly or recursively) and no unused disclosures at the end of processing
  • Better describe and illustrate the tilde separated format
  • Change claim name from _sd_hash to sd_hash

draft-ietf-oauth-selective-disclosure-jwt-06

23 Oct 16:16
2b68756
Compare
Choose a tag to compare

-06

  • Added hash of Issuer-signed part and Disclosures in KB-JWT
  • Fix minor issues in some examples
  • Added IANA media type registration request for the JSON Serialization
  • More precise wording around storing artifacts with sensitive data
  • The claim name _sd or ... must not be used in a disclosure.
  • Added JWT claims registration requests to IANA
  • Ensure claims that control validity are checked after decoding payload
  • Restructure sections around data formats and Example 1
  • Update JSON Serialization to remove the kb_jwt member and allow for the disclosures to be conveyed elsewhere
  • Expand the Enveloping SD-JWTs section to also discuss enveloping JSON serialized SD-JWTs