Closed peppelinux closed 8 months ago
This is a good catch as in some scenarios the iat
attribute can reveal something about a user's data. So having it selective-disclosable is good. Nevertheless, benefits are almost nullified because of the exp
attribute, which is exposed to the same or worse issues - and we cannot hide its value because is a mandatory field for JWT.
Anyway, I agree it's worth being included in our implementation.
About the methodology: I'm not happy about us following other's pull requests and issues. I know the reference it's still a draft and I see the value of keeping up with the changes.
I think a better approach would be to open the issue once a new version is released. I foresee these possible benefits:
What do you guys think? Should we try for the next iterations?
our milestone brings as many changes we can to tag our release for our version, the stable release is the one we tag
here https://github.com/italia/eudi-wallet-it-docs/blob/versione-corrente/docs/en/pid-eaa-data-model.rst#L78
we have to align to this https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/202