oauth-wg · paulbastian · Jan 9, 2024 · Dec 10, 2023 · Dec 15, 2023 · Dec 16, 2023
@@ -34,6 +34,8 @@ normative:
   RFC9110: RFC9110
   RFC9111: RFC9111
 informative:
+  RFC6749: RFC6749
+  RFC7662: RFC7662
 
 --- abstract
 
@@ -46,8 +48,11 @@ The status list data structures themselves are also represented as JWTs or CWTs.
 
 JSON Web Tokens (JWTs) {{RFC7519}} and CBOR Web Tokens (CWTs) {{RFC8392}} as secure token formats, have vast possible applications. Some of these applications can involve issuing a token whereby certain semantics about the token can change over time, which are important to be able to communicate to relying parties in an interoperable manner, such as whether the token is considered invalidated or suspended by its issuer.
 
-This document defines Status List representations in JWT and CWT formats that describe the individual statuses of multiple Referenced Tokens, which themselves are also JWTs or CWTs. The statuses of all Referenced Tokens are conveyed via a bit array in the Status List. Each Referenced Token is allocated an index during issuance that represents its position within this bit array. The value of the bit(s) at this position correspond to the Referenced Token's status. The document also defines how an issuer of a Referenced Token references a Status List Token. Status Lists may be composed for expressing a range of Status Types. This document defines basic Status Types for the most common use cases as well as an extensibility mechanism for custom Status Types. The Status List Token may be used by an issuer in the Issuer-Holder-Verifier model to express the status of verifiable credentials (Referenced Tokens) issued by an issuer.
+This document defines Status List representations in JWT and CWT formats that describe the individual statuses of multiple Referenced Tokens, which themselves are also JWTs or CWTs. The statuses of all Referenced Tokens are conveyed via a bit array in the Status List. Each Referenced Token is allocated an index during issuance that represents its position within this bit array. The value of the bit(s) at this position correspond to the Referenced Token's status. The document also defines how an issuer of a Referenced Token references a Status List Token. Status Lists may be composed for expressing a range of Status Types. This document defines basic Status Types for the most common use cases as well as an extensibility mechanism for custom Status Types.
 
+An example for the usage of a Status List would be an "access token" as defined in section 1.4 of {{RFC6749}} where validity (after issuance, before expiration) is important meta information. A mechanism to gather this kind of information exists in the form of Token Introspection {{RFC7662}}, but requires direct interaction with the issuer, whereas this specification defines a mechanism using static information in the form of a status list.
+
+Another possible use case for the Status List is to express the status of verifiable credentials (Referenced Tokens) issued by an issuer in the Issuer-Holder-Verifier model.
 The following diagram depicts the basic conceptual relationship.
 
 ~~~ ascii-art
@@ -469,6 +474,7 @@ for their valuable contributions, discussions and feedback to this specification
 
 * Changing compression from gzip to zlib
 * Change typo in Status List Token sub claim description
+* Add access token as an example use-case
 
 -00