Skip to content

Commit 04bd6ab

Browse files
tplookerc2bo
tplooker
and
c2bo
authored
Update draft-ietf-oauth-status-list.md
Co-authored-by: Christian Bormann <[email protected]>
1 parent 1cf0c12 commit 04bd6ab

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

draft-ietf-oauth-status-list.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -1035,7 +1035,7 @@ There are strong privacy concerns that have to be carefully taken into considera
10351035

10361036
## Status Types {#privacy-status-types}
10371037

1038-
As previously explained, there is the potential risk of observability by Relying Parties and Outsiders. That means that any Status Type that transports special information about a Token can leak information to other parties. This documents defines one additional Status Type with "SUSPENDED" that conveys such additional information. Depending on the use-case, suspended could for example provide information that an authorization in the Token is suspended, but the token itself is still valid.
1038+
As previously explained, there is the potential risk of observability by Relying Parties (see [](#privacy-relying-party)) and Outsiders (see [](#privacy-outsider)). That means that any Status Type that transports special information about a Token can leak information to other parties. This documents defines one additional Status Type with "SUSPENDED" that conveys such additional information. Depending on the use-case, suspended could for example provide information that an authorization in the Token is suspended, but the token itself is still valid.
10391039

10401040
A concrete example would be a driver's license, where the digital driver's license might still be useful to prove other information about its holder, but suspended could signal that it should not be considered valid in the scope of being allowed to drive a car. This case could be solved by either introducing a special status type, or by revoking the Token and re-issuing with changed attributes. For such a case, the status type suspended might be dangerous as it would leak the information of a suspended driver's license even if the driver's license is used as a mean of identification and not in the context of driving a car. This could also allow for the unwanted collection of statistical data on the status of driver's licenses.
10411041

0 commit comments

Comments
 (0)