Closed bc-pi closed 1 month ago
Add a paragraph attempting to better frame the risks and difficulties around Issuer/Verifier unlinkability (i.e., a government issuer or huge service provider compelling collusion).
This is an attempt to add some reasonable text in consideration of the conversation in this thread https://mailarchive.ietf.org/arch/msg/oauth/fDYIWVE50nhW6F8IO_jeUafKABo/
the new paragraph shows up in the middle of this section https://drafts.oauth.net/oauth-selective-disclosure-jwt/more-unlinkability-considerations/draft-ietf-oauth-selective-disclosure-jwt.html#name-unlinkability
and of course a (not so) little note in the history https://drafts.oauth.net/oauth-selective-disclosure-jwt/more-unlinkability-considerations/draft-ietf-oauth-selective-disclosure-jwt.html#appendix-C-2
I think this PR addresses the conversation on the list accurately.
PR has been open long enough for a single paragraph addition to the privacy considerations
Add a paragraph attempting to better frame the risks and difficulties around Issuer/Verifier unlinkability (i.e., a government issuer or huge service provider compelling collusion).
This is an attempt to add some reasonable text in consideration of the conversation in this thread https://mailarchive.ietf.org/arch/msg/oauth/fDYIWVE50nhW6F8IO_jeUafKABo/
the new paragraph shows up in the middle of this section https://drafts.oauth.net/oauth-selective-disclosure-jwt/more-unlinkability-considerations/draft-ietf-oauth-selective-disclosure-jwt.html#name-unlinkability
and of course a (not so) little note in the history https://drafts.oauth.net/oauth-selective-disclosure-jwt/more-unlinkability-considerations/draft-ietf-oauth-selective-disclosure-jwt.html#appendix-C-2