The description of the SD-JWT+KB is confusing

oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/

Other

57 stars 31 forks source link

The description of the SD-JWT+KB is confusing #503

Closed Denisthemalice closed 2 weeks ago

Denisthemalice commented 2 weeks ago

Section 4:

An SD-JWT+KB is composed of

an SD-JWT (i.e., an Issuer-signed JWT and zero or more Disclosures), and

a Key Binding JWT.

Change into:

A data structure for a SD-JWT with Disclosures and with key binding 
is composed of:

   *  an SD-JWT,
   *  one or more Disclosures, and
   *  a Key Binding JWT.

AlexHodder commented 2 weeks ago

An SD-JWT already includes Disclosures (zero or more). It is possible for an SD-JWT presentation to NOT include any Disclosures and still be valid.