Second, how to do batch issuance of the credential (honestly, of any credential
format: not just SD-JWT VCs but also mdocs and JWT-VCs) and whether it can be
done low cost is out of scope of the credential format (or any of its
components) specification itself. Btw when using OpenID4VCI (an extension of
oauth), batch issuing SD-JWTs does not need a blind signature and I do not know
what you mean by exhaustion of the supply of tokens, there are only access
token and refresh token involved in a usual manner.
So the issuer knows what it signed? Then it's capable of linking all
presentations to each other because the signature and message is shown
to each verifier even if different commitments are opened each time.
That's a serious problem. Separately, if each SD-JWT is one use only,
then the issuer needs to be available for refresh once the tokens are
all used, which is a troublesome proposition. It's a very different
model from a one time issuance. VC usecases are likely to lend
themselves to things that don't look like oauth in terms of
availability, and as we learned from OCSP running services that must
be up is hard.
In most of the EUID wallet usecases, the issuer has to know what it is
signing anyway so its not a problem in anyway aggravated by the choice
of format and/or signature mechanism.
Cheers Leif
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
