ietf-rats-wg / draft-ietf-rats-uccs Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Appendix A uses .feature for the JC<> generic. That is defined in RFC 9165, not RFC 8610 so a reference to it is needed.
Seems like you'd want UCCS or UJCS EARs -- lots of B2B over TLS for attestation results I'd expect.
As written, there's no option for this because CWT/JWT is a requirement.
I've mentioned this in email; thought it should be here also for the record
This is a request to add support for UJCS (unsigned JSON tokens).
If UJCS support is not added, then the JSON definitions should either be removed or their presence explained in prose.
UCCS-message = UCCS-tagged-message / UCCS-untagged-message
UCCS-tagged-message = #6.601(cwt-claims-set)
UCCS-untagged-message = cwt-claims-set
Then where is cwt-claims-set defined? Seems like it would be OK to define it in the UCCS draft. Right now I define eat-claims-set in EAT and that includes some of the CWT claims. However, I'm OK for all that to move to UCCS. EAT needs a normative reference to UCCS anyway and it would be better to avoid a circular reference between EAT and UCCS.
Lest we forget: https://mailarchive.ietf.org/arch/msg/rats/sxmbwzg5nfyP8m7epGVk8dTUI7M/
Note: although this was a review for birkholz-02, I don't think the points raised have been addressed in birkholz-03 (which I guess it's equivalent to rats-00).
(As per Ned Smith's message of November 8, 2022)
I've mentioned this in email; thought it should be here for the record
Like COSE, EAT and most CDDL message/token definitions, there should be a definition for tagged-uccs and untagged-uccs.
I've mentioned this in email; thought it should be here for the record
EAT defines a socket where new token formats plug-in. This draft should provide the CDDL to hook UCCS into the socket.
Additionally, if UJCS is supported here, a type string for the JSON token selector needs to be defined.
JWT has this null cipher construct for unsigned JSON claims-sets. It seems wasteful and ill conceived to me especially in light of UCCS.
EAT is successfully defining claims in both JSON and CBOR.
Why not make UCCS in to a CDDL definition of the basic claims in CWT and JWT and define simpler way to do unsigned claims in JSON format? You already have all the security considerations.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.