Jacob, I believe we can always create a CDDL and support other media types in the same way as https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ supports CBOR/JSON if this is required in the future. [https://static.ietf.org/dt/12.9.0/ietf/images/ietf-logo-card.png]<https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/> Token Status List<https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/> This specification defines status list data structures and processing rules for representing the status of tokens secured by JSON Object Signing and Encryption (JOSE) or CBOR Object Signing and Encryption(COSE), such as JSON Web Tokens (JWTs), CBOR Web Tokens (CWTs) and ISO mdoc. The status list token data structures themselves are also represented as JWTs or CWTs. datatracker.ietf.org
________________________________ From: OAuth <oauth-boun...@ietf.org> on behalf of Jacob Ward <jacob.w...@spruceid.com> Sent: Wednesday, April 3, 2024 8:08 PM To: Daniel Fett <mail=40danielfett...@dmarc.ietf.org> Cc: oauth <oauth@ietf.org> Subject: Re: [OAUTH-WG] Type Metadata for SD-JWT VC EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Hi Daniel, I'm not sure anyone has published a draft yet, but given that there is a draft for SD-CWT I wouldn't be surprised if SD-CWT VC appears at some point. With that in mind, has there been any discussion on having an encoding-agnostic specification of this metadata, rather than JSON specific? Thanks, Jacob On Wed, Apr 3, 2024 at 8:22 AM Daniel Fett <mail=40danielfett...@dmarc.ietf.org<mailto:40danielfett...@dmarc.ietf.org>> wrote: Hi all, as discussed during IETF 119, we would like to introduce what we call Type Metadata to SD-JWT VC. For a bit of context, the intention is to provide a mechanism to provide information about credential types (e.g., a JSON schema, display/rendering information, a name and description to be used by developers, etc.). Type Metadata can be organized in a hierarchical structure using "extends" relationships. The need for such a mechanism developed from discussions around the 'vct' (Verifiable Credentials Type) identifier<https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/181> in SD-JWT VC and again in the context of the EUDI Wallet<https://github.com/danielfett/sd-jwt-vc-dm>. I drafted a first tentative design in this specification<https://vcstuff.github.io/sd-jwt-vc-types/draft-fett-oauth-sd-jwt-vc-types.html> and we now want to revisit that and start moving pieces of that over to SD-JWT VC. The first PR<https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/220> introduces the basic Type Metadata structures including the extension and integrity protection mechanisms. It lacks many of the features we would like to see in an MVP, so we plan to release a new draft only after introducing a few more features<https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/224> in follow-on PRs. We would like to invite you to review the PR and let us know if there is any feedback! I also plan to discuss this in more detail at an unconference session at the OAuth Security Workshop. -Daniel, Brian, Oliver _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
