docs/blog-post.md lists formal RFC submission as an explicit near-term goal: "What it does not yet have: … a formal RFC submission. Those come next." The spec is v1.0 and stable enough for external review, but hasn't been submitted anywhere for structured feedback.
Work required:
- Clean up
docs/specification.md to strict RFC 2119 MUST/SHOULD/MAY language throughout
- Add IANA considerations section (new URI scheme
pap://, media type application/pap+json)
- Add security considerations section (replay attacks, scope escalation, key compromise)
- Submit as an IETF Internet-Draft to the
oauth or dispatch working group, or to the W3C Credentials CG
- Alternatively: open a public comment period as a GitHub Discussions thread first
- Tag the review request with a deadline (e.g., 60 days)
References: docs/specification.md, docs/blog-post.md, SECURITY.md
docs/blog-post.mdlists formal RFC submission as an explicit near-term goal: "What it does not yet have: … a formal RFC submission. Those come next." The spec is v1.0 and stable enough for external review, but hasn't been submitted anywhere for structured feedback.Work required:
docs/specification.mdto strict RFC 2119 MUST/SHOULD/MAY language throughoutpap://, media typeapplication/pap+json)oauthordispatchworking group, or to the W3C Credentials CGReferences:
docs/specification.md,docs/blog-post.md,SECURITY.md