Hello, As some of you are aware, W3C defines a JSON-LD Verifiable Credential format which supports the "3 role model".
The working group is currently developing several documents relevant to OAuth, that profile on top of SD-JWT. The primary ones I am reaching out regarding are: https://w3c.github.io/vc-data-model (the core date model defined in JSON-LD) https://w3c.github.io/vc-jose-cose (securing JSON payloads with SD-JWT and Cose Sign 1) https://w3c.github.io/vc-json-schema (validating json payloads with JSON Schema) https://w3c.github.io/vc-status-list-2021 (validating credential statuses with bitmaps) The latest drafts at W3C recommend SD-JWT as the primary mechanism to secure credentials, when not performing RDF canonicalization during the sign and verify operations. This means we expect to see the following examples in the specifications: 1. Examples of securing a verifiable credential with selective disclosure 2. Examples of securing a verifiable presentation with selective disclosure 3. Examples of securing a verifiable credential "status list" with selective disclosure 4. Examples of securing a verifiable credential "json schema" with selective disclosure As far as I know, sd-jwt examples are missing from all specs except for https://w3c.github.io/vc-jose-cose . If you have time to review any of these documents, I would appreciate your feedback. I am especially concerned on maintaining alignment between https://w3c.github.io/vc-jose-cose and https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc This alignment is especially critical given other work happening at W3C related to browser APIs and identity credentials: https://github.com/WICG/identity-credential/blob/main/identity-credential-proposal.md#w3c-verifiable-credentials Regards, OS -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
