On Wed, Dec 4, 2024, 11:30 AM Rohan Mahy wrote:
> Hi,
> I don't think there is anything specific to SD-JWT in Section 3.5. It all
> seems like generic JWT handling as profiled by various types of JWTs. Am I
> missing something JWT-specific here?
>
Why wouldn't we just cite the relevant JWT thin
Hi,
I don't think there is anything specific to SD-JWT in Section 3.5. It all
seems like generic JWT handling as profiled by various types of JWTs. Am I
missing something JWT-specific here?
Thanks,
-rohan
On Wed, Dec 4, 2024 at 10:03 AM Watson Ladd wrote:
> Some further thoughts:
>
> - Do all
Some further thoughts:
- Do all issuers need to support both to work with all verifiers?
- Is there a security risk if we trust issuers based on the iss string
and someone gets the domain associated and provides metadata while the
issued credentials used X509?
Sincerely,
Watson
_
On Tue, Dec 3, 2024 at 2:16 PM Brian Campbell
wrote:
>
>
>
> On Tue, Dec 3, 2024 at 12:03 PM Watson Ladd wrote:
>>
>> What exactly does one do with an iss that has an HTTPS URL? Seems like
>> we say two different things must happen.
>
>
> Do you mean what is said in this issue
> https://github.c
On Tue, Dec 3, 2024 at 12:03 PM Watson Ladd wrote:
> What exactly does one do with an iss that has an HTTPS URL? Seems like
> we say two different things must happen.
>
Do you mean what is said in this issue
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/281, which I assume was
inspired by y
