Releases: oauth-wg/oauth-selective-disclosure-jwt
Releases · oauth-wg/oauth-selective-disclosure-jwt
draft-ietf-oauth-selective-disclosure-jwt-14
-14
- Address WGLC (part 2) comments
- Note that the Hash Function Claim value is case-sensitive
- Update the
typ
value in the SD-JWT VC example todc+sd-jwt
to align with anticipated changes in the SD-JWT VC draft.
draft-ietf-oauth-selective-disclosure-jwt-13
-13
- WGLC (part 1) updates
- Rewrote introduction
- Added note on algorithm for Holder's verification of the SD-JWT
draft-ietf-oauth-selective-disclosure-jwt-12
-12
- Clarify, add context, or otherwise improve the examples
- Editorial and reference fixes
- Better introduce the phrase processed SD-JWT payload in the end of Sec 8.1 on Verifying the SD-JWT
- Moved considerations around unlinkability to the top of the Privacy Considerations section
- Remove the brief discussion of publishing private key(s) to attempt to reduce the value of leaked or stolen data
draft-ietf-oauth-selective-disclosure-jwt-11
-11
- Add a paragraph attempting to better frame the risks and difficulties around Issuer/Verifier unlinkability (i.e., a government issuer or huge service provider compelling collusion)
- Tightened the exposition
draft-ietf-oauth-selective-disclosure-jwt-10
-10
- Add a section clarifying recursive disclosures and their interdependencies
- Editorial updates/fixes
draft-ietf-oauth-selective-disclosure-jwt-09
-09
- Distinguished SD-JWT from SD-JWT+KB
- Provide ABNF for the SD-JWT, SD-JWT+KB, and various constituent
parts - New structure for JSON-serialized SD-JWTs/KB-JWTs to better align
with JAdES. - Attempt to better explain how salt in the Disclosure makes
guessing the preimage of the digest infeasible - Consolidate salt entropy and length security consideration
subsections - Unnumbered most of the examples for improved clarity
- More definitive language around the exclusive use of the cnf claim
for enabling Key Binding
draft-ietf-oauth-selective-disclosure-jwt-08
-08
- Make RFCs 0020 and 7515 normative references
- Be a bit more prescriptive in suggesting RFC7800 cnf/jwk be used to convey the Key Binding key
- Editorial changes aimed at improved clarity
- Improve unlinkability considerations, mention that different KB keys must be used
- Remove the explicit prohibition on HMAC
- Remove mention of unspecified key binding methods and the Enveloping SD-JWTs section
- Editorial updates aimed at more consistent treatment of a Disclosure vs the contents of a Disclosure
- Update PID example
- Be more explicit that the VCDM and SD-JWT VC examples are only illustrative and do not define anything
draft-ietf-oauth-selective-disclosure-jwt-07
-07
- Reference RFC4086 in security considerations about salt entropy
- Update change controller for the Structured Syntax Suffix registration from IESG to IETF per IANA suggestion
- Strengthen security considerations around claims controlling the validity of the SD-JWT not being selectively disclosable
- Expand/rework considerations on the choice of hash algorithm
- Clarify validation around no duplicate digests in the payload (directly or recursively) and no unused disclosures at the end of processing
- Better describe and illustrate the tilde separated format
- Change claim name from
_sd_hash
tosd_hash
draft-ietf-oauth-selective-disclosure-jwt-06
-06
- Added hash of Issuer-signed part and Disclosures in KB-JWT
- Fix minor issues in some examples
- Added IANA media type registration request for the JSON Serialization
- More precise wording around storing artifacts with sensitive data
- The claim name _sd or ... must not be used in a disclosure.
- Added JWT claims registration requests to IANA
- Ensure claims that control validity are checked after decoding payload
- Restructure sections around data formats and Example 1
- Update JSON Serialization to remove the kb_jwt member and allow for the disclosures to be conveyed elsewhere
- Expand the Enveloping SD-JWTs section to also discuss enveloping JSON serialized SD-JWTs