(the description is probably directly taken from sd-jwt#section5.3 )
While this is true for a generic sd-jwt+kb, I think that in the context of oid4vp the value of aud MUST match the identifier of the Verifier (that is, the Relying Party). However, this is a personal conjecture as to my knowledge it is not openly mandated anywhere, it is just hinted in a small footnote in oid4vp at the very bottom of appendix B.4.4 see link with highlighted text
The Key Binding JWT of the vp token has a parameter
aud(audience of the JWT) which is described as (current wording)How the value is represented is up to the protocol used and out of scope of this specification.Line reference https://github.com/italia/eudi-wallet-it-docs/blob/b38eefd985151779eb2698f0310463128d2c43f4/docs/en/remote-flow.rst?plain=1#L492(the description is probably directly taken from sd-jwt#section5.3 )
While this is true for a generic sd-jwt+kb, I think that in the context of oid4vp the value of
audMUST match the identifier of the Verifier (that is, the Relying Party). However, this is a personal conjecture as to my knowledge it is not openly mandated anywhere, it is just hinted in a small footnote in oid4vp at the very bottom of appendix B.4.4 see link with highlighted text