why cnf is required in the status assertion object?

peppelinux / draft-demarco-oauth-status-assertions

OAuth 2.0 Status Assertions for Digital Credentials

Other

4 stars 4 forks source link

why cnf is required in the status assertion object? #68

Open peppelinux opened 3 weeks ago

peppelinux commented 3 weeks ago

Clarify the value and the requirement of having cnf.jwk within the status assertion.

if any, remove cnf from the data schema

OR13 commented 3 weeks ago

The only reason I see for keeping cnf in the status assertion, is if the holder wants to prove they have a status, without revealing the credential it is for... if the cnf is in the credential, and the credential includes status, a verifier should reject the credential without confirmation or status.