While not new, the subject of how an issuer signs an SD-JWT VC and how a verifier properly finds the public key and checks the signature has come more into focus recently. Slides 7 and 8 of the SD-JWT VC presentation at the Friday WG session <https://datatracker.ietf.org/meeting/122/materials/slides-122-oauth-sessb-sd-jwt-vc-00> of the last IETF were about PRs/issues/ideas in the area. During the session I'd indicated intent to work towards generally what was presented there. However, after the session some of the pesky details of life came up and I'd not gotten to acting on that intent. In the meantime, Oliver proposed some thoughts on the same topic in this google doc <https://docs.google.com/document/d/1rROkQ8V0azVpXrab7M2CmVkh5EKZxrm4rwYSlNbI2MY/edit?usp=sharing> that could pretty much obviate what I was otherwise planning on doing. While I did add a metric junkload of comments to that document, I do think it's conceptually the right direction and am now planning on working from the content and discussion therein as the basis for upcoming changes.
-- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
