Reconsider tacit endorsement of a rent-seeking standards publication model #393
Description
The TLDR is that I believe the ISO mention/reference in SD-JWT VC should be further contextualized as being in no way an endorsement of the non-transparent, access-restricted standards development process and fee-gated publication model. Or even just removed.
Opinions, I have them https://mailarchive.ietf.org/arch/msg/spice/4xr2I1IX_A4T_cDxlUUufH5QdIM/
[SPICE] Re: CBOR/CWT parts in OAuth Token Status List
Brian Campbell bcampbell@pingidentity.com Tue, 10 February 2026 01:31 UTCShow header
My perspective on non-transparent, access-restricted standards development
and fee-gated publication models has not changed since last week
https://mailarchive.ietf.org/arch/msg/spice/nYhBMowGdrKeW6BgWqf1t9svRjI/,
and I again suggest that there be no references to such specifications at
all.I am well aware, by the way, that some work with which I'm closely involved
has reference to ISO/IEC 18013-5:2021. RFC9901/SD-JWT mentions it here
https://datatracker.ietf.org/doc/html/rfc9901#section-10.1-10
https://datatracker.ietf.org/doc/html/rfc9901#section-10.1-10but
basically just says "this also exists and has the same limitations" while
SD-JWT VC mentions it here
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-14#section-11
but as just one of a list of many credential formats. The context of both
feels less like any endorsement of the paywalled ISO document.
Although this conversation has me reconsidering some and thinking the
mention in SD-JWT VC could be further contextualized as such or even
removed.
[Edit Feb 13] to mention that this was mentioned as part of WGLC https://mailarchive.ietf.org/arch/msg/oauth/LwIGmhiYL_Me5Dpg16J9178DEOM/