Question on the SD-JWT-VC normative reference

[iherman]

I may misunderstand something...

SD-JWT-VC is currently normatively referenced from the draft. I see two occurrences of this reference in the spec:

1. At the very end of §5 Key Discovery
2. in §5.2.1 JWT Issuer

Finally, there is an At Risk note added to (1) above:

ISSUE 160: (AT RISK) Feature depends on demonstration of independent implementations post-CR

This normative statement depends on the IETF OAUTH working group adopted draft [SD-JWT-VC]. This feature is at risk and will be removed from the specification if at least two independent, interoperable implementations are not demonstrated.

I do not understand the reference to the at risk reasons in the issue note. Is there an At Risk, because we are not sure that SD-JWT-VC would become an IETF standard by the time we published this document as a Rec? Or because there is a feature whose implementation in the VCDM context is unclear at this point? If the former, should not the feature in the bullet item (2) be put at risk as well?

The problem is that the text of #160 does not clearly say what is the reason for the 'at risk'; the title of the issue ("Controller Documents vs DID Documents") does not provide any help.

[selfissued]

The PR removes the reference to the issue, which I agree doesn't provide any helpful content in this context. It also marks the second feature as being at risk, as requested.