CWT proof requirements - Githubissues

TakahikoKawasaki commented 1 year ago

Regarding the proof in a credential request defined in OID4VCI. The "Proof Types" section in the current snapshot of the specification lists JWT proof requirements and CWT proof requirements as follows.

JWT proof requirements:

typ
alg
kid
jwk
x5c
iss
aud
iat
nonce

CWT proof requirements:

Label 1 (alg)
Label 3 (content type)
Label COSE_Key
Label 33 (x5chain)
Claim Key 3 (aud)
Claim Key 6 (iat)
Claim Key 10 (Nonce)

The CWT proof does not have requirements that correspond to kid and iss requirements for the JWT proof. Is this difference intentional?

awoie commented 1 year ago

Can you clarify how this would relate to the VC-SD-JWT specification? Or does this relate to OpenID4VCI only?

tlodderstedt commented 1 year ago

@TakahikoKawasaki That is a good question. May I ask you to raise this issue on the OID4VCI spec?

TakahikoKawasaki commented 1 year ago

openid/connect issue 1932: [OID4VCI] CWT proof requirements https://bitbucket.org/openid/connect/issues/1932/oid4vci-cwt-proof-requirements

Sakurann commented 1 year ago

will clarify in VCI

TakahikoKawasaki commented 1 year ago

Moving this topic to the AB/Connect WG.

oauth-wg / oauth-sd-jwt-vc

CWT proof requirements #42

JWT proof requirements:

CWT proof requirements: