W3C home > Mailing lists > Public > public-credentials@w3.org > June 2022

Re: [MINUTES] W3C CCG Verifiable Credentials API Call - 2022-06-28

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Wed, 29 Jun 2022 09:45:01 -0400
To: public-credentials@w3.org
Message-ID: <3ed00d05-036c-e303-d1d3-e051bbfd169e@digitalbazaar.com>
On 6/29/22 5:39 AM, David Chadwick wrote:
> I can answer a couple of questions that were asked about the verification
> of JWTs during the meeting.

Thanks David, that was what I had expected some folks in the VC-JWT community
to be doing.

It does, unfortunately, mean that there is an interplay that is not currently
documented between the JWT-based properties and the VP-based proof properties.
If that is the approach the OpenID work wants to pursue, then there will be an
interplay between:

domain and aud
challenge and nonce

The usage of both will have to be clearly articulated in normative language
/somewhere/.

I've noted your comments in the issue here:

https://github.com/w3c-ccg/vc-api/issues/292#issuecomment-1169992669

> in example 28, a JWT VC. Perhaps this is an editorial error?

Yes, looks like an error to me. I'll have to dig into the commit history to
see who provided that example and ask them if that's what they meant to do.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Wednesday, 29 June 2022 13:45:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 29 June 2022 13:45:22 UTC