Torsten: I have a question re the example in section 3.3. of the sd-jwt vc spec. Why does the unsecured payload does not contain iss, exp, and so on? I would expect those claims need to be present and be processed on the application layer.
me: In the example, iat etc. are added only when the actual credential is created. This is not meant to define anything about how this is processed (especially because this shows the input, not the output that the verifier processes).
Torsten: That's not clear (at least for me) from the text. I would suggest to add then examples for the output, too.
danielfett
commented
11 months ago
Torsten: I have a question re the example in section 3.3. of the sd-jwt vc spec. Why does the unsecured payload does not contain iss, exp, and so on? I would expect those claims need to be present and be processed on the application layer.
me: In the example, iat etc. are added only when the actual credential is created. This is not meant to define anything about how this is processed (especially because this shows the input, not the output that the verifier processes).
Torsten: That's not clear (at least for me) from the text. I would suggest to add then examples for the output, too.