draft-ietf-oauth-selective-disclosure-jwt-13

-13

• WGLC (part 1) updates
• Rewrote introduction
• Added note on algorithm for Holder's verification of the SD-JWT

draft-ietf-oauth-selective-disclosure-jwt-12

-12

• Clarify, add context, or otherwise improve the examples
• Editorial and reference fixes
• Better introduce the phrase processed SD-JWT payload in the end of Sec 8.1 on Verifying the SD-JWT
• Moved considerations around unlinkability to the top of the Privacy Considerations section
• Remove the brief discussion of publishing private key(s) to attempt to reduce the value of leaked or stolen data

draft-ietf-oauth-selective-disclosure-jwt-11

-11

• Add a paragraph attempting to better frame the risks and difficulties around Issuer/Verifier unlinkability (i.e., a government issuer or huge service provider compelling collusion)
• Tightened the exposition

draft-ietf-oauth-selective-disclosure-jwt-10

-10

• Add a section clarifying recursive disclosures and their interdependencies
• Editorial updates/fixes

draft-ietf-oauth-selective-disclosure-jwt-09

-09

• Distinguished SD-JWT from SD-JWT+KB
• Provide ABNF for the SD-JWT, SD-JWT+KB, and various constituent
  parts
• New structure for JSON-serialized SD-JWTs/KB-JWTs to better align
  with JAdES.
• Attempt to better explain how salt in the Disclosure makes
  guessing the preimage of the digest infeasible
• Consolidate salt entropy and length security consideration
  subsections
• Unnumbered most of the examples for improved clarity
• More definitive language around the exclusive use of the cnf claim
  for enabling Key Binding

draft-ietf-oauth-selective-disclosure-jwt-08

-08

• Make RFCs 0020 and 7515 normative references
• Be a bit more prescriptive in suggesting RFC7800 cnf/jwk be used to convey the Key Binding key
• Editorial changes aimed at improved clarity
• Improve unlinkability considerations, mention that different KB keys must be used
• Remove the explicit prohibition on HMAC
• Remove mention of unspecified key binding methods and the Enveloping SD-JWTs section
• Editorial updates aimed at more consistent treatment of a Disclosure vs the contents of a Disclosure
• Update PID example
• Be more explicit that the VCDM and SD-JWT VC examples are only illustrative and do not define anything

draft-ietf-oauth-selective-disclosure-jwt-07

-07

• Reference RFC4086 in security considerations about salt entropy
• Update change controller for the Structured Syntax Suffix registration from IESG to IETF per IANA suggestion
• Strengthen security considerations around claims controlling the validity of the SD-JWT not being selectively disclosable
• Expand/rework considerations on the choice of hash algorithm
• Clarify validation around no duplicate digests in the payload (directly or recursively) and no unused disclosures at the end of processing
• Better describe and illustrate the tilde separated format
• Change claim name from _sd_hash to sd_hash

draft-ietf-oauth-selective-disclosure-jwt-06

-06

• Added hash of Issuer-signed part and Disclosures in KB-JWT
• Fix minor issues in some examples
• Added IANA media type registration request for the JSON Serialization
• More precise wording around storing artifacts with sensitive data
• The claim name _sd or ... must not be used in a disclosure.
• Added JWT claims registration requests to IANA
• Ensure claims that control validity are checked after decoding payload
• Restructure sections around data formats and Example 1
• Update JSON Serialization to remove the kb_jwt member and allow for the disclosures to be conveyed elsewhere
• Expand the Enveloping SD-JWTs section to also discuss enveloping JSON serialized SD-JWTs