In Section 7.1 (Verification of the SD-JWT), the text states:
Upon receiving an SD-JWT, either directly or as a component of an SD-
JWT+KB, a Holder or a Verifier needs to ensure that:
the Issuer-signed JWT is valid, i.e., it is signed by the Issuer
and the signature is valid, and
Change into:
Upon receiving an SD-JWT, a Holder or a Verifier needs to ensure that:
the Issuer belongs to a set of Trusted Issuers using
a certification path up to a trusted root,
the Issuer-signed JWT is valid, i.e., it is signed by a Trusted
Issuer and the signature is valid, and
Section 4.1 in step 6 mentions:
The payload MAY contain further claims such as iss, iat, etc. as
defined or required by the application using SD-JWTs.
Corresponding verification steps should be added in section 7.1.
After the following item:
3. Validate the Issuer and that the signing key belongs to this
Issuer.
Add the following item:
4. If required by the application using SD-JWTs, check that
further claims such as iss, iat, nbf, exp, etc. are present
and contain appropriate values.
Some other steps are missing. Add:
5. If required by the application using SD-JWTs and if the
SD-JWT contains claims such as nbf or exp, verify that the
current time lies between these two values.
6. If required by the application using SD-JWTs and if the
previous verification succeeds, verify that the SD-JWT is
not currently suspended, nor revoked.
Note : The means to verify that the SD-JWT is not currently suspended, nor revoked, are not defined in this document.
In Section 7.1 (Verification of the SD-JWT), the text states:
Change into:
Section 4.1 in step 6 mentions:
Corresponding verification steps should be added in section 7.1. After the following item:
Add the following item:
Some other steps are missing. Add: