Merge pull request #203 from oauth-wg/tl/issue-182

Resolution for issue 182
oauth-wg · Nov 29, 2024 · 732ce21 · 732ce21
2 parents 8423ed2 + f0efd7b
commit 732ce21
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/draft-ietf-oauth-status-list.md b/draft-ietf-oauth-status-list.md
@@ -727,6 +727,8 @@ Content-Type: application/statuslist+jwt
 
 Status List Aggregation is an optional mechanism to retrieve a list of URIs to all Status List Tokens, allowing a Relying Party to fetch all relevant Status Lists for a specific type of Referenced Token or Issuer. This mechanism is intended to support fetching and caching mechanisms and allow offline validation of the status of a reference token for a period of time.
 
+If a Relying Party encounters an invalid Status List referenced in the response from the Status List Aggregation endpoint, it SHOULD continue processing the other valid Status Lists referenced in the response.
+
 There are two options for a Relying Party to retrieve the Status List Aggregation.
 An Issuer MAY support any of these mechanisms:
 
@@ -1219,6 +1221,7 @@ for their valuable contributions, discussions and feedback to this specification
 * remove unsigned options (json/cbor) of status list
 * add section about mixing status list formats and media type
 * fixes from IETF review
+* add guidance around aggregation endpoint
 
 -05