Hi, I don't think there is anything specific to SD-JWT in Section 3.5. It all seems like generic JWT handling as profiled by various types of JWTs. Am I missing something JWT-specific here?
Thanks, -rohan On Wed, Dec 4, 2024 at 10:03 AM Watson Ladd <watsonbl...@gmail.com> wrote: > Some further thoughts: > > - Do all issuers need to support both to work with all verifiers? > - Is there a security risk if we trust issuers based on the iss string > and someone gets the domain associated and provides metadata while the > issued credentials used X509? > > Sincerely, > Watson > > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
