The presence of an additional claim which is currently not yet defined should be done.
The claim allows to know characteristics of the Holder.
It is proposed to name this claim "hchar" for "holder characteristics".
Add the following text:
The Verifier MUST verify that the Key Binding JWT is a JWT
according to [RFC7519] and that its payload contains the following
claims:
aud: REQUIRED. It MUST correspond to an identifier or a name
of the intended Verifier.
nonce: REQUIRED. It MUST correspond to value of the nonce that
was sent by the Verifier and received by the Holder when the
Holder made an access request to the verifier. The value type
of this claim MUST be a string.
sd_hash: REQUIRED. The base64url-encoded hash value over the
Issuer-signed JWT and the selected Disclosures.
If the Verifier is willing to know the strength of the key binding mechanism,
the Verifier MUST verify that the payload of the Key Binding JWT contains
the following claim and that it understands its meaning:
hchar: REQUIRED. This claim allows the Verifier to know
the characteristics of the Holder (holder characteristics).
Some validation steps are missing. They should correspond in particular to the REQUIRED claims from clause 4.3:
The presence of an additional claim which is currently not yet defined should be done. The claim allows to know characteristics of the Holder.
It is proposed to name this claim "hchar" for "holder characteristics".
Add the following text: