credential_pop kid

[fmarino-ipzs]

We should generalize the key identifier by adding:

• jwk
• x5c

Only one of them MUST be used.

[OR13]

Not info info on this issue to fully follow the request.

when using cnf claim in the COSE or JOSE Payload, typically you would have:

MUST support "cnf": { "jwk": ...}} MAY support "cnf": { "kid": ...}}

When referring to the issuer's signing keys for the credential in the protected header, typically you would have:

MUST support "kid": ... MAY support "x5t": ... MAY support "jwk": ...

I would not recommend x5c in protected headers at this point, for new specs.

[peppelinux]

Resolved by https://github.com/peppelinux/draft-demarco-oauth-status-assertions/pull/56/files