fix: CWT.cti, editorials and IANA refs

draft-demarco-oauth-status-assertions.md

@@ -31,7 +31,9 @@ author:
     email: fa.marino@ipzs.it
 
 normative:
+  RFC2046: RFC2046
   RFC6749: RFC6749
+  RFC6838: RFC6838
   RFC7515: RFC7515
   RFC7516: RFC7516
   RFC7517: RFC7517
@@ -71,7 +73,7 @@ normative:
       org: "IANA"
     title: "CBOR Web Token (CWT) Claims"
     target: "https://www.iana.org/assignments/cwt/cwt.xhtml"
-  CWT.typ: I-D.ietf-cose-typ-header-parameter
+  RFC9596: RFC9596
   IANA-HASH-REG:
     title: "IANA - Named Information Hash Algorithm Registry"
     target: "https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg"
@@ -96,7 +98,9 @@ informative:
       org: "OpenID Foundation"
     title: "OpenID for Verifiable Credential Presentation"
     target: "https://openid.net/specs/openid-4-verifiable-presentations-1_0.html"
-
+  RFC6066:
+    title: "Transport Layer Security (TLS) Extensions: Extension Definitions"
+    target: "https://datatracker.ietf.org/doc/html/rfc6066"
 
 
 --- abstract
@@ -117,7 +121,7 @@ without requiring to query any third-party entities.
 Status Assertions ensure the non-revocation of digital
 credentials, whether in JSON Web Tokens (JWT) or CBOR Web Tokens (CWT)
 format. Status Assertions function
-similarly to OCSP Stapling, allowing clients to present to the
+similarly to OCSP Stapling ([RFC6066]), allowing clients to present to the
 relying parties
 time-stamped assertions provided by the credential issuer.
 The approach outlined in this specification enables the
@@ -127,7 +131,7 @@ enhancing privacy, reducing latency, and
 faciliting offline verification.
 
 The figure below illustrates the process by which a client,
-such as a Wallet Instance,
+such as a wallet instance,
 requests and obtains a Status Assertion from the credential issuer.
 
 ~~~ ascii-art
@@ -142,8 +146,7 @@ requests and obtains a Status Assertion from the credential issuer.
 **Figure 1**: Status Assertion Issuance Flow.
 
 The figure below illustrates the process by which a client
-presents the Status Assertion along with the corresponding digital credential,
-to prove the non-revocation status of the digital credential to a verifier.
+presents the Status Assertion along with the corresponding digital credential.
 
 ~~~ ascii-art
 +-- ----------------+                             +----------+
@@ -154,6 +157,11 @@ to prove the non-revocation status of the digital credential to a verifier.
 ~~~
 **Figure 2**: Status Assertion Presentation Flow.
 
+In summary, the credential issuer provides the client with a
+Status Assertion, which is linked to a Digital Credential. This enables
+the client to present both the digital credential and its
+Status Assertion to a verifier as proof of the digital credential's
+validity status.
 
 # Conventions and Definitions
 
@@ -168,23 +176,19 @@ defined by JSON Web Token (JWT) {{RFC7519}},
 the term "CBOR Web Token (CWT)" defined in {{RFC8392}}, "Client" as
 defined {{RFC6749}}, "Verifiable Presentation" defined in [@OpenID4VP].
 
-Holder:
-: An entity that receives Verifiable Credentials and has
-control over them to present them to the Verifiers as Verifiable Presentations.
-
 Digital Credential:
 : A set of one or more claims about a subject made by a Credential Issuer.
 Alternative names are "Verifiable Credential" or "Credential".
 
+Holder:
+: An entity that possesses Verifiable Credentials and has
+control over them to present them to the Verifiers as Verifiable Presentations.
+
 Credential Issuer:
 : Entity that is responsible for the issuance of the Digital Credentials.
 The Issuer is responsible for the lifecycle of their issued
 Digital Credentials and their validity status.
 
-Holder:
-: An entity that receives Verifiable Credentials and has control over
-them to present them to the Verifiers as Verifiable Presentations.
-
 Verifier:
 : Entity that relies on the validity of the Digital Credentials presented to it.
 This Entity, also known as a Relying Party, verifies the authenticity and
@@ -218,7 +222,7 @@ This could potentially infringe upon the End-User's right to privacy,
 as outlined in
 [ECHR-ART8] and
 in the the European Union's General Data Protection Regulation
-([GDPR]),
+[GDPR],
 by creating a detailed profile of the End-User's
 Digital Credential status without explicit consent for
 such continuous surveillance.
@@ -280,12 +284,6 @@ affirming the authenticity and rightful possession of the Credential.
 
 # Status Assertion Request
 
-The Credential Issuer provides the Wallet Instance with a Status Assertion,
-which is bound to a Digital Credential.
-This allows the Wallet Instance to present it, along with the
-Digital Credential itself,
-to a Verifier as proof of the Digital Credential's non-revocation status.
-
 The following diagram shows the Wallet Instance requesting a
 Status Assertion to a Credential Issuer,
 related to a specific Credential issued by the same Credential Issuer.
@@ -324,11 +322,11 @@ Status Assertion Request object.
 to the confirmation claim assigned by the Issuer and contained within
 the Digital Credential.
 
-When the JWT or CWT format are used, the JWT/CWT MUST contain the parameters defined in the following table.
+The Status Assertion Request object MUST contain the parameters defined in the following table.
 
 | Header | Description | Reference |
 | --- | --- | --- |
-| **typ** | It MUST be set to `status-assertion-request+jwt` when JWT format is used. It MUST be set to `status-assertion-request+cwt` when CWT format is used. | {{RFC7516}} Section 4.1.1 |
+| **typ** | It MUST be set to `status-assertion-request+jwt` when JWT format is used. It MUST be set to `status-assertion-request+cwt` when CWT format is used. | {{RFC7516}} Section 4.1.1, [RFC9596] |
 | **alg** | A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST NOT be set to `none` or any symmetric algorithm (MAC) identifier. | {{RFC7516}} Section 4.1.1 |
 
 | Payload | Description | Reference |
@@ -338,11 +336,12 @@ When the JWT or CWT format are used, the JWT/CWT MUST contain the parameters def
 | **exp** | UNIX Timestamp with the expiration time of the JWT. It MUST be superior to the value set for `iat` . | {{RFC9126}}, {{RFC7519}}, {{RFC7515}} |
 | **iat** | UNIX Timestamp with the time of JWT/CWT issuance. | {{RFC9126}}, {{RFC7519}} |
 | **jti** | Unique identifier for the JWT.  | {{RFC7519}} Section 4.1.7 |
+| **cti** | Unique identifier for the CWT.  | {{RFC7519}} Section 4.1.7 |
 | **credential_hash** | Hash value of the Digital Credential the Status Assertion is bound to. | this specification |
 | **credential_hash_alg** | The Algorithm used of hashing the Digital Credential to which the Status Assertion is bound. The value SHOULD be set to `sha-256`. | this specification |
 
 Below is a non-normative example of a Status Assertion Request with
-the JWT headers and payload are represented without applying signature and
+the JWT headers and payload represented without applying signature and
 encoding:
 
 ~~~
@@ -790,37 +789,24 @@ Digital Credential ecosystem.
 This specification requests registration of the following Claims in the
 IANA "JSON Web Token Claims" registry [IANA.JWT] established by {{RFC7519}}.
 
-*  Claim Name: `credential_format`
-*  Claim Description: The Digital Credential format the Status Assertion is bound to.
-*  Change Controller: IETF
-*  Specification Document(s):  [[ (#digital-credential-proof-of-possession) of this specification ]]
-
-<br/>
-
-*  Claim Name: `credential`
-*  Claim Description: The Digital Credential the Status Assertion is bound to.
-*  Change Controller: IETF
-*  Specification Document(s):  [[ (#digital-credential-proof-of-possession) of this specification ]]
-
-<br/>
 
 *  Claim Name: `credential_hash`
 *  Claim Description: Hash value of the Digital Credential the Status Assertion is bound to.
 *  Change Controller: IETF
-*  Specification Document(s):  [[ (#status-assertion) of this specification ]]
+*  Specification Document(s): [this specification](#status-assertion)
 
 <br/>
 
 *  Claim Name: `credential_hash_alg`
 *  Claim Description: The Algorithm used of hashing the Digital Credential to which the Status Assertion is bound.
 *  Change Controller: IETF
-*  Specification Document(s):  [[ (#status-assertion) of this specification ]]
+*  Specification Document(s): [this specification](#status-assertion)
 
 ## Media Type Registration
 
-This section requests registration of the following media types [@RFC2046] in
+This section requests registration of the following media types [RFC2046] in
 the "Media Types" registry [IANA.MediaTypes] in the manner described
-in [@RFC6838].
+in [RFC6838].
 
 To indicate that the content is a JWT-based Status Assertion:
 
@@ -829,10 +815,10 @@ To indicate that the content is a JWT-based Status Assertion:
   * Required parameters: n/a
   * Optional parameters: n/a
   * Encoding considerations: binary; A JWT-based Status Assertion Request object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters.
-  * Security considerations: See (#Security) of [[ this specification ]]
+  * Security considerations: See (#Security) of [this specification](#security-considerations)
   * Interoperability considerations: n/a
-  * Published specification: [[ this specification ]]
-  * Applications that use this media type: Applications using [[ this specification ]] for requesting Status Assertions.
+  * Published specification: this specification
+  * Applications that use this media type: Applications using this specification for requesting Status Assertions.
   * Fragment identifier considerations: n/a
   * Additional information:
     * File extension(s): n/a
@@ -851,10 +837,10 @@ To indicate that the content is a CWT-based Status Assertion Request:
   * Required parameters: n/a
   * Optional parameters: n/a
   * Encoding considerations: binary
-  * Security considerations: See (#Security) of [[ this specification ]]
+  * Security considerations: See (#Security) of [this specification](#security-considerations)
   * Interoperability considerations: n/a
-  * Published specification: [[ this specification ]]
-  * Applications that use this media type: Applications using [[ this specification ]] for requesting Status Assertions.
+  * Published specification: this specification
+  * Applications that use this media type: Applications using this specification for requesting Status Assertions.
   * Fragment identifier considerations: n/a
   * Additional information:
     * File extension(s): n/a
@@ -873,10 +859,10 @@ To indicate that the content is a JWT-based Status Assertion:
   * Required parameters: n/a
   * Optional parameters: n/a
   * Encoding considerations: binary
-  * Security considerations: See (#Security) of [[ this specification ]]
+  * Security considerations: See (#Security) of [this specification](#security-considerations)
   * Interoperability considerations: n/a
-  * Published specification: [[ this specification ]]
-  * Applications that use this media type: Applications using [[ this specification ]] for issuing or presenting Status Assertions.
+  * Published specification: this specification
+  * Applications that use this media type: Applications using this specification for issuing or presenting Status Assertions.
   * Fragment identifier considerations: n/a
   * Additional information:
     * File extension(s): n/a
@@ -895,10 +881,10 @@ To indicate that the content is a CWT-based Status Assertion:
   * Required parameters: n/a
   * Optional parameters: n/a
   * Encoding considerations: binary
-  * Security considerations: See (#Security) of [[ this specification ]]
+  * Security considerations: See (#Security) of [this specification](#security-considerations)
   * Interoperability considerations: n/a
-  * Published specification: [[ this specification ]]
-  * Applications that use this media type: Applications using [[ this specification ]] for issuing or presenting Status Assertions.
+  * Published specification: this specification
+  * Applications that use this media type: Applications using this specification for issuing or presenting Status Assertions.
   * Fragment identifier considerations: n/a
   * Additional information:
     * File extension(s): n/a
@@ -917,10 +903,10 @@ To indicate that the content is a JWT-based Status Assertion Error:
   * Required parameters: n/a
   * Optional parameters: n/a
   * Encoding considerations: binary
-  * Security considerations: See (#Security) of [[ this specification ]]
+  * Security considerations: See (#Security) of [this specification](#security-considerations)
   * Interoperability considerations: n/a
-  * Published specification: [[ this specification ]]
-  * Applications that use this media type: Applications using [[ this specification ]] for issuing Status Assertions Request Errors.
+  * Published specification: this specification
+  * Applications that use this media type: Applications using this specification for issuing Status Assertions Request Errors.
   * Fragment identifier considerations: n/a
   * Additional information:
     * File extension(s): n/a
@@ -939,10 +925,10 @@ To indicate that the content is a CWT-based Status Assertion Error:
   * Required parameters: n/a
   * Optional parameters: n/a
   * Encoding considerations: binary
-  * Security considerations: See (#Security) of [[ this specification ]]
+  * Security considerations: See (#Security) of [this specification](#security-considerations)
   * Interoperability considerations: n/a
-  * Published specification: [[ this specification ]]
-  * Applications that use this media type: Applications using [[ this specification ]] for issuing Status Assertions Request Errors.
+  * Published specification: this specification
+  * Applications that use this media type: Applications using this specification for issuing Status Assertions Request Errors.
   * Fragment identifier considerations: n/a
   * Additional information:
     * File extension(s): n/a