I think we need to move all the VC and SD-JWT stuff into SPICE. A lot of security considerations can't be analyzed in isolation from the whole system, and that's not something the OAUTH framework can really consider or necessarily the assumption of participants.
Sincerely, Watson -- Astra mortemque praestare gradatim _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
