lukasjhan
commented
6 months ago I think it makes sense to implenent the validation into the sd-jwt-vc. Since status is mentioned in the sd-jwt vc standard,
Closed cre8 closed 6 months ago
lukasjhan
commented
6 months ago I think it makes sense to implenent the validation into the sd-jwt-vc. Since status is mentioned in the sd-jwt vc standard,
The spec the referencing a status check when one is provided: https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2-3.7.1
I implemented a small library that will help to create a statuslist and interact with it and also packs it into a jwt and unpacks it. https://www.npmjs.com/package/jwt-status-list
What is not covered is the validation of the JWT that is providing the status list. For this point I think the user needs to implement a verification function to validate the
statuslist+jwtsince the public key can be referenced in to many ways.