elf-pavlik
commented
4 years ago As discussed during the call I think we should include non-normative example showing use of JWS for id_token and id_vc . As well as normative wording for how those JWS get verified, possibly referencing OIDC discovery for public key(s) used by OP for those JWSs.
Without above I think people may find it less clear where DPoP related signatures and verification belongs and where id_token and id_vc OP related signatures and verification belongs.
WIP - Add the Tokens and Credentials section to the proposed spec.
Part of ongoing implementation of https://github.com/solid/specification/issues/74