Closed awoie closed 8 months ago
bc-pi
commented
11 months ago I've read the text in https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2-3.5.2.1 that says "REQUIRED when Cryptographic Key Binding is to be supported." as cnf being optional or not required when key binding isn't needed. Perhaps we need to discuss and/or make things more clear?
awoie
commented
11 months ago Do you think we should also explain the OPTIONAL case or replace the REQUIRED with something else? CONDITIONAL is not a reserved word unfortunately.
paulbastian
commented
10 months ago I would propose to clarify this. From a quick reading this is not obviously optional and it does not match the other claims that only state REQUIRED/OPTIONAL without any conditions. As cryptographic binding is optional, I think this line should begin with "OPTIONAL. [...]"
bc-pi
commented
9 months ago I would propose to clarify this. From a quick reading this is not obviously optional and it does not match the other claims that only state REQUIRED/OPTIONAL without any conditions. As cryptographic binding is optional, I think this line should begin with "OPTIONAL. [...]"
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/213 attempts to do just that
Not all VCs require key binding. For those, cnf should be made optional.