x.509 certificates: the SD-JWT VC contains the issuer's certificate along with a trust chain in the x5c JOSE header. In this case, the iss value MUST be an URL with a FQDN matching a dNSName Subject Alternative Name (SAN) [RFC5280] entry in the leaf certificate.
@nklomp I'd like to link to this in the Attestation Formats section as a possible issuer "Identifier" type for attestations
As described in HAIP Section 7.1: https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0.html#section-7.1
@nklomp I'd like to link to this in the Attestation Formats section as a possible issuer "Identifier" type for attestations