Telechat Review of draft-ietf-oauth-selective-disclosure-jwt-19
review-ietf-oauth-selective-disclosure-jwt-19-artart-telechat-thompson-2025-05-15-00
| Request | Review of | draft-ietf-oauth-selective-disclosure-jwt |
|---|---|---|
| Requested revision | No specific revision (document currently at 22) | |
| Type | Telechat Review | |
| Team | ART Area Review Team (artart) | |
| Deadline | 2025-05-20 | |
| Requested | 2025-04-23 | |
| Authors | Daniel Fett , Kristina Yasuda , Brian Campbell | |
| I-D last updated | 2025-11-19 (Latest revision 2025-05-29) | |
| Completed reviews |
Genart IETF Last Call review of -17
by Thomas Fossati
(diff)
Opsdir IETF Last Call review of -19 by Tirumaleswar Reddy.K (diff) Secdir IETF Last Call review of -17 by Shawn M Emery (diff) Artart IETF Last Call review of -18 by Henry S. Thompson (diff) Artart Telechat review of -19 by Henry S. Thompson (diff) |
|
| Assignment | Reviewer | Henry S. Thompson |
| State | Completed | |
| Request | Telechat review on draft-ietf-oauth-selective-disclosure-jwt by ART Area Review Team Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/art/ef0_Ve_QJ9ZAgbFHnGQipcsocjA | |
| Reviewed revision | 19 (document currently at 22) | |
| Result | Ready w/nits | |
| Completed | 2025-05-15 |
review-ietf-oauth-selective-disclosure-jwt-19-artart-telechat-thompson-2025-05-15-00
I framed my only major point as a recommendation, not a requirement, and that
recommendation was, effectively, declined in subsequent emails.
So, I'll reduce that (over) long screed with my points (b)--(d):
b) Replace the first two bullets in the algorithm description, with
* JSON-encode the array, producing a UTF-8 byte sequence.
* base64url-encode the resulting byte sequence. The resulting
string is the Disclosure.
c) Be careful never to use "string" when "(UTF-8) byte sequence"
is meant, starting in 4.2.2 with
The Disclosure string is created by JSON-encoding this array
and base64url-encoding the resulting byte sequence as
described in Section 4.2.1
d) In the second media type registration in 12.2
"represented as a JSON Object" ->
'represented as UTF-8 encoded "JSON text" as defined in [RFC8259]'