A few hours before the impending pre-meeting Internet-Draft submission cut- off, a -12 revision of SD-JWT VC has been submitted to datatracker. Changes copied from the document history <https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-12#name-document-history> are listed below for convenience. This looks like a long list of changes, because it is, but I believe overall the changes are representative of simplification and improvement to the draft and not as significant as the size of the list would suggest.
-12 - Change lang to locale. While lang is more accurate, locale is what has traditionally been used in OpenID Connect and later related specs. - Remove JSON schema from Type Metadata - Introduce optional mandatory property for claims - Explicitly mention that Type Metadata can have additional stuff that has to be ignored if not understood - Clarify that an SD-JWT VC doesn't contain a KB-JWT but rather might have an associated one (which makes it a SD-JWT+KB and Brian is still not sure about the term or these words, but it's where we've ended up) - Remove the requirement to ignore unknown claims, as some applications may not want to follow this rule - Fix cnf claim and JWK references and move them to normative - List vct as one of the required values in type metadata and ensure that the use of the document integrity claims is clear - Remove discussion of status and Status Provider from the Introduction - Add a background_image property to the simple rendering aligned with the definition in OpenID4VCI - Recommend to use sd=always or sd=never to avoid ambiguity and introduce rules for sd and mandatory when extending types - Provide some guidance on versioning via the vct value - Add security considerations for trust in type metadata - Require data URIs for non-JSON types - Require x5c to be in the protected header - Clarify presentations of SD-JWT VC do not require KB - Updated/expanded example for Type Metadata - Be more consistent with style for lists of claims/parameters/properties - Update PID example to make clear that it is not normative - Clarification on processing of display metadata ---------- Forwarded message --------- From: <[email protected]> Date: Mon, Oct 20, 2025 at 10:27 AM Subject: New Version Notification for draft-ietf-oauth-sd-jwt-vc-12.txt To: Brian Campbell <[email protected]>, Daniel Fett < [email protected]>, Oliver Terbu <[email protected]> A new version of Internet-Draft draft-ietf-oauth-sd-jwt-vc-12.txt has been successfully submitted by Brian Campbell and posted to the IETF repository. Name: draft-ietf-oauth-sd-jwt-vc Revision: 12 Title: SD-JWT-based Verifiable Credentials (SD-JWT VC) Date: 2025-10-20 Group: oauth Pages: 62 URL: https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-12.txt Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/ HTML: https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-12.html HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-sd-jwt-vc-12 Abstract: This specification describes data formats as well as validation and processing rules to express Verifiable Credentials with JSON payloads with and without selective disclosure based on the SD-JWT [I-D.ietf-oauth-selective-disclosure-jwt] format. The IETF Secretariat -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
