You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-oauth-status-list.md
+33-38Lines changed: 33 additions & 38 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -652,6 +652,7 @@ A malicious Issuer could bypass the privacy benefits of the herd privacy by gene
652
652
Once the Relying Party receives the Referenced Token, this enables him to request the Status List to validate its status through the provided `uri` parameter and look up the corresponding `index`. However, the Relying Party may persistently store the `uri` and `index` of the Referenced Token to request the Status List again at a later time. By doing so regularly, the Relying Party may create a profile of the Referenced Token's validity status. This behaviour may be intended as a feature, e.g. for a KYC process that requires regular validity checks, but might also be abused in cases where this is not intended and unknown to the Holder, e.g. profiling the suspension of a driving license or checking the employment status of an employee credential.
653
653
654
654
This behaviour could be mitigated by:
655
+
655
656
- adding authorization rules to the Status List, see [](#security-authorization).
656
657
- regular re-issuance of the Referenced Token, see [](#implementation-lifecycle).
657
658
@@ -695,14 +696,14 @@ IANA "JSON Web Token Claims" registry {{IANA.JWT}} established by {{RFC7519}}.
695
696
* Claim Name: `status`
696
697
* Claim Description: Reference to a status or validity mechanism containing up-to-date status information on the JWT.
697
698
* Change Controller: IETF
698
-
* Specification Document(s): [](#status-claim) of this specification
699
+
* Specification Document(s): [](#status-claim) of this specification
699
700
700
701
<br/>
701
702
702
703
* Claim Name: `status_list`
703
-
* Claim Description: A status list containing up-to-date status information on multiple other JWTs encoded as a bitarray.
704
+
* Claim Description: A status list containing up-to-date status information on multiple tokens.
704
705
* Change Controller: IETF
705
-
* Specification Document(s): [](#status-list-token-jwt) of this specification
706
+
* Specification Document(s): [](#status-list-token-jwt) of this specification
706
707
707
708
<br/>
708
709
@@ -737,9 +738,9 @@ Specification Document(s):
737
738
### Initial Registry Contents
738
739
739
740
* Status Method Value: `status_list`
740
-
* Status Method Description: A status list containing up-to-date status information on multiple other JWTs encoded as a bitarray.
741
+
* Status Method Description: A status list containing up-to-date status information on multiple tokens.
741
742
* Change Controller: IETF
742
-
* Specification Document(s): [](#referenced-token-jwt) of this specification
743
+
* Specification Document(s): [](#referenced-token-jwt) of this specification
743
744
744
745
## CBOR Web Token Claims Registration
745
746
@@ -754,15 +755,15 @@ IANA "CBOR Web Token (CWT) Claims" registry {{IANA.CWT}} established by {{RFC839
754
755
* Claim Key: TBD (requested assignment 65535)
755
756
* Claim Description: Reference to a status or validity mechanism containing up-to-date status information on the CWT.
756
757
* Change Controller: IETF
757
-
* Specification Document(s): [](#status-claim) of this specification
758
+
* Specification Document(s): [](#status-claim) of this specification
758
759
759
760
<br/>
760
761
761
762
* Claim Name: `status_list`
762
763
* Claim Key: TBD (requested assignment 65533)
763
-
* Claim Description: A status list containing up-to-date status information on multiple other CWTs encoded as a bitarray.
764
+
* Claim Description: A status list containing up-to-date status information on multiple tokens.
764
765
* Change Controller: IETF
765
-
* Specification Document(s): [](#status-list-token-cwt) of this specification
766
+
* Specification Document(s): [](#status-list-token-cwt) of this specification
766
767
767
768
<br/>
768
769
@@ -797,9 +798,9 @@ Specification Document(s):
797
798
### Initial Registry Contents
798
799
799
800
* Status Method Value: `status_list`
800
-
* Status Method Description: A status list containing up-to-date status information on multiple other CWTs encoded as a bitarray.
801
+
* Status Method Description: A status list containing up-to-date status information on multiple tokens.
801
802
* Change Controller: IETF
802
-
* Specification Document(s): [](#referenced-token-cwt) of this specification
803
+
* Specification Document(s): [](#referenced-token-cwt) of this specification
803
804
804
805
## Media Type Registration
805
806
@@ -813,15 +814,13 @@ To indicate that the content is an JSON-based Status List:
813
814
* Subtype name: statuslist+json
814
815
* Required parameters: n/a
815
816
* Optional parameters: n/a
816
-
* Encoding considerations: binary; A JSON-based Status List is a JSON Object.
817
-
* Security considerations: See (#Security) of \[ this specification \]
817
+
* Encoding considerations: See [](#status-list-json) of this specification
818
+
* Security considerations: See [](#Security) of this specification
818
819
* Interoperability considerations: n/a
819
-
* Published specification: \[ this specification \]
820
-
* Applications that use this media type: Applications using \[ this specification \] for updated status information of tokens
820
+
* Published specification: this specification
821
+
* Applications that use this media type: Applications using this specification for updated status information of tokens
821
822
* Fragment identifier considerations: n/a
822
-
* Additional information:
823
-
* File extension(s): n/a
824
-
* Macintosh file type code(s): n/a
823
+
* Additional information: n/a
825
824
* Person & email address to contact for further information: Paul Bastian, paul.bastian@posteo.de
826
825
* Intended usage: COMMON
827
826
* Restrictions on usage: none
@@ -835,15 +834,13 @@ To indicate that the content is an JWT-based Status List:
835
834
* Subtype name: statuslist+jwt
836
835
* Required parameters: n/a
837
836
* Optional parameters: n/a
838
-
* Encoding considerations: binary; A JWT-based Status List is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters.
839
-
* Security considerations: See (#Security) of \[ this specification \]
837
+
* Encoding considerations: See [](#status-list-token-jwt) of this specification
838
+
* Security considerations: See [](#Security) of this specification
840
839
* Interoperability considerations: n/a
841
-
* Published specification: \[ this specification \]
842
-
* Applications that use this media type: Applications using \[ this specification \] for updated status information of tokens
840
+
* Published specification: this specification
841
+
* Applications that use this media type: Applications using this specification for updated status information of tokens
843
842
* Fragment identifier considerations: n/a
844
-
* Additional information:
845
-
* File extension(s): n/a
846
-
* Macintosh file type code(s): n/a
843
+
* Additional information: n/a
847
844
* Person & email address to contact for further information: Paul Bastian, paul.bastian@posteo.de
848
845
* Intended usage: COMMON
849
846
* Restrictions on usage: none
@@ -857,15 +854,13 @@ To indicate that the content is an CBOR-based Status List:
857
854
* Subtype name: statuslist+cbor
858
855
* Required parameters: n/a
859
856
* Optional parameters: n/a
860
-
* Encoding considerations: binary; A CBOR-based Status List is a CBOR Object.
861
-
* Security considerations: See (#Security) of \[ this specification \]
857
+
* Encoding considerations: See [](#status-list-cbor) of this specification
858
+
* Security considerations: See [](#Security) of this specification
862
859
* Interoperability considerations: n/a
863
-
* Published specification: \[ this specification \]
864
-
* Applications that use this media type: Applications using \[ this specification \] for updated status information of tokens
860
+
* Published specification: this specification
861
+
* Applications that use this media type: Applications using this specification for updated status information of tokens
865
862
* Fragment identifier considerations: n/a
866
-
* Additional information:
867
-
* File extension(s): n/a
868
-
* Macintosh file type code(s): n/a
863
+
* Additional information: n/a
869
864
* Person & email address to contact for further information: Paul Bastian, paul.bastian@posteo.de
870
865
* Intended usage: COMMON
871
866
* Restrictions on usage: none
@@ -879,15 +874,13 @@ To indicate that the content is an CWT-based Status List:
879
874
* Subtype name: statuslist+cwt
880
875
* Required parameters: n/a
881
876
* Optional parameters: n/a
882
-
* Encoding considerations: binary;
883
-
* Security considerations: See (#Security) of \[ this specification \]
877
+
* Encoding considerations: See [](#status-list-token-cwt) of this specification
878
+
* Security considerations: See [](#Security) of this specification
884
879
* Interoperability considerations: n/a
885
-
* Published specification: \[ this specification \]
886
-
* Applications that use this media type: Applications using \[ this specification \] for updated status information of tokens
880
+
* Published specification: this specification
881
+
* Applications that use this media type: Applications using this specification for updated status information of tokens
887
882
* Fragment identifier considerations: n/a
888
-
* Additional information:
889
-
* File extension(s): n/a
890
-
* Macintosh file type code(s): n/a
883
+
* Additional information: n/a
891
884
* Person & email address to contact for further information: Paul Bastian, paul.bastian@posteo.de
892
885
* Intended usage: COMMON
893
886
* Restrictions on usage: none
@@ -923,6 +916,8 @@ for their valuable contributions, discussions and feedback to this specification
0 commit comments