Skip to content

Commit 7cd5197

Browse files
paulbastianpaulbastian
committed
add implementation consideration for Default Values and Double Allocation
1 parent b019cbf commit 7cd5197

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

draft-ietf-oauth-status-list.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -632,10 +632,16 @@ TODO evaluate definition of Status List Provider?
632632

633633
The lifetime of a Status List (and the Status List Token) depends on the lifetime of its Referenced Tokens. Once all Referenced Tokens are expired, the Issuer may stop serving the Status List (and the Status List Token).
634634

635-
Referenced Tokens may be regularly re-issued to increase security or to mitigate linkability and prevent tracking by Relying Parties. In this case, every Referenced Token MUST have a fresh Status List entry.
635+
Referenced Tokens may be regularly re-issued to increase security or to mitigate linkability and limit tracking by the Relying Parties. In this case, every re-issued Referenced Token MUST have a fresh Status List entry.
636636

637637
Referenced Tokens may also be issued in batches, such that Holders can use individual tokens for every transaction. In this case, every Referenced Token MUST have a dedicated Status List entry. Revoking batch issued Referenced Tokens might reveal this correlation later on.
638638

639+
## Default Values and Double Allocation
640+
641+
The implementation is RECOMMENDED to initialize the Status List byte array with a default value and provide this as an initialization parameter to the Issuer. The Issuer is RECOMMENDED to use a default value that represents the most common value for its Referenced Tokens to avoid an update during issuance.
642+
643+
The implementation is RECOMMENDED to prevent double allocation, i.e. re-using the same `uri` and `index` for mulitple Referenced Tokens. The Issuer MUST prevent any unintended double allocation by using the Status List.
644+
639645
# IANA Considerations
640646

641647
## JSON Web Token Claims Registration
@@ -875,6 +881,7 @@ for their valuable contributions, discussions and feedback to this specification
875881

876882
-04
877883

884+
* add implementation consideration for Default Values and Double Allocation
878885
* add CORS considerations to the http endpoint
879886
* fix reference of Status List in CBOR format
880887
* added status_list CWT claim key assigned

0 commit comments

Comments
 (0)