Closed OR13 closed 1 year ago
why changing MUST to SHOULD allows more explicit typing..? if there is one media type that is to be used, why not mandate it..? what am I missing
@Sakurann at the last IETF, I asked a lot of people about this... There was some concern over not allowing specific VCs to use the more specific typing, similar to sec+jwt using it... This allows for that to happen with W3C VCs, so perhaps some token processors might do foo+sd-jwt instead of vc+ld+json+sd-jwt... It also reduces the risk of further issues with multiple suffixes in case there are issues that arise with it in the future.
The issue was discussed in a meeting on 2023-08-30
Including the reason for the SHOULD would be helpful. Might also consider "application/jwt
or subtype thereof (e.g., application/sec+jwt
)"
The issue was discussed in a meeting on 2023-09-05
@selfissued @TallTed added guidance based on your review in : https://github.com/w3c/vc-jose-cose/pull/143/commits/6a821e1795c9caa792dbb47821a50d28769a9ee6
@TallTed thanks for your suggestions, both are applied. @selfissued can you please re-review.
Aligns with https://github.com/w3c/vc-jose-cose/issues/141
This PR, changes MUST to SHOULD to allow for more specific typing via media types.
This PR also recommends securing with JOSE be done with sd-jwt
Preview | Diff