You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-oauth-status-list.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -605,6 +605,7 @@ A malicious Issuer could bypass the privacy benefits of the herd privacy by gene
605
605
Once the Relying Party receives the Referenced Token, this enables him to request the Status List to validate its status through the provided `uri` parameter and look up the corresponding `index`. However, the Relying Party may persistently store the `uri` and `index` of the Referenced Token to request the Status List again at a later time. By doing so regularly, the Relying Party may create a profile of the Referenced Token's validity status. This behaviour may be intended as a feature, e.g. for a KYC process that requires regular validity checks, but might also be abused in cases where this is not intended and unknown to the Holder, e.g. profiling the suspension of a driving license or checking the employment status of an employee credential.
606
606
607
607
This behaviour could be mitigated by:
608
+
608
609
- adding authorization rules to the Status List, see [](#security-authorization).
609
610
- regular re-issuance of the Referenced Token, see [](#implementation-lifecycle).
610
611
@@ -653,7 +654,7 @@ IANA "JSON Web Token Claims" registry {{IANA.JWT}} established by {{RFC7519}}.
653
654
<br/>
654
655
655
656
* Claim Name: `status_list`
656
-
* Claim Description: A status list containing up-to-date status information on multiple other JWTs encoded as a bitarray.
657
+
* Claim Description: A status list containing up-to-date status information on multiple tokens.
657
658
* Change Controller: IETF
658
659
* Specification Document(s): [](#status-list-token-jwt) of this specification
659
660
@@ -690,7 +691,7 @@ Specification Document(s):
690
691
### Initial Registry Contents
691
692
692
693
* Status Method Value: `status_list`
693
-
* Status Method Description: A status list containing up-to-date status information on multiple other JWTs encoded as a bitarray.
694
+
* Status Method Description: A status list containing up-to-date status information on multiple tokens.
694
695
* Change Controller: IETF
695
696
* Specification Document(s): [](#referenced-token-jwt) of this specification
696
697
@@ -713,7 +714,7 @@ IANA "CBOR Web Token (CWT) Claims" registry {{IANA.CWT}} established by {{RFC839
713
714
714
715
* Claim Name: `status_list`
715
716
* Claim Key: TBD (requested assignment 65533)
716
-
* Claim Description: A status list containing up-to-date status information on multiple other CWTs encoded as a bitarray.
717
+
* Claim Description: A status list containing up-to-date status information on multiple tokens.
717
718
* Change Controller: IETF
718
719
* Specification Document(s): [](#status-list-token-cwt) of this specification
719
720
@@ -750,7 +751,7 @@ Specification Document(s):
750
751
### Initial Registry Contents
751
752
752
753
* Status Method Value: `status_list`
753
-
* Status Method Description: A status list containing up-to-date status information on multiple other CWTs encoded as a bitarray.
754
+
* Status Method Description: A status list containing up-to-date status information on multiple tokens.
754
755
* Change Controller: IETF
755
756
* Specification Document(s): [](#referenced-token-cwt) of this specification
756
757
@@ -875,6 +876,7 @@ for their valuable contributions, discussions and feedback to this specification
0 commit comments