Clarify semantics between jwt claims and vc properties

[decentralgabe]

fix #205

open to feedback @msporny @selfissued

---

:boom: Error: 502 Bad Gateway :boom:

PR Preview failed to build. (Last tried on Feb 1, 2024, 8:58 PM UTC).

More

PR Preview relies on a number of web services to run. There seems to be an issue with the following one: :rotating_light: [Spec Generator](https://www.w3.org/2015/labs/) - Spec Generator is the web service used to build specs that rely on ReSpec. :link: [Related URL](https://labs.w3.org/spec-generator/?type=respec&url=https%3A%2F%2Fraw.githubusercontent.com%2Fw3c%2Fvc-jose-cose%2F85b9bf10df7f79b8ea137b2d063a6d9825fabd5c%2Findex.html%3FisPreview%3Dtrue) ``` error code: 502 ``` _If you don't have enough information above to solve the error by yourself (or to understand to which web service the error is related to, if any), please [file an issue](https://github.com/tobie/pr-preview/issues/new?title=Error%20not%20surfaced%20properly&body=See%20w3c/vc-jose-cose%23226.)._

[iherman]

The issue was discussed in a meeting on 2024-02-14

• no resolutions were taken

View the transcript

#### 1.3. Add guidance around using JWK (pr vc-jose-cose#220) _See github pull request [vc-jose-cose#220](https://github.com/w3c/vc-jose-cose/pull/220)._ **Gabe Cohen:** One thing I forgot to mention -- there's some outstanding discussion around 220 ... around the JsonWebKey text that we should discuss to get clarity around some confusion that came up. … This PR is clarifying language on the JsonWebKey spec on how to use the JsonWebKey type. There was discussion on a call a few weeks ago on whether we should add language on including properties like `alg` and `kid` and at first there was agreement to add back normative guidance on those properties. … But then Mike and I agreed we didn't want to repeat language from another RFC -- and so we removed that. Ted said he wanted the language back. **Ted Thibodeau Jr.:** the language that was removed was removed during misunderstanding of what was being discussed...point being the four words were added with intent and removed without that intent, which is why I've asked them to be re-added. **Manu Sporny:** the language being modified is normative language that is significant. need to update the title of the PR, since it's broader than the example. somewhat confused...had said we'd have explicit guidance on iss, kid, etc. that guidance was not provided...may be a different issue. if we're talking about keys and just a JWT, and if we're just repeating what's said in the other spec we don't need to repeat it here. somewhat confusing...since kid matters. _See github pull request [vc-jose-cose#226](https://github.com/w3c/vc-jose-cose/pull/226)._ **Gabe Cohen:** The changes you're referring to Manu, went into 226. The changes we're talking about ... the PR is unfortunately named. The language I moved was originally in an example. … The issue was to move it to normative guidance, outside of the example. … The PR adds some guidance around using the JsonWebKey. **Ted Thibodeau Jr.:** On Jan 18th, I said optional or required should be clearly stated for all properties, that's generally true what's happening but not true for the couple that were added with this PR. … Those changes went in and were merged but then Mike said that some requirements were wrong. … `alg` is optional in JWKs -- and that's what I want put back. **Michael Jones:** Are we talking about a change to header params or JWKs? **Gabe Cohen:** JWKs. **Michael Jones:** It's optional there, what does it say now? **Gabe Cohen:** Nothing. **Michael Jones:** It's fine to say that. … This is one of the PRs I was trying to get a sense of ... is this one controversial or is that another one? **Gabe Cohen:** It sounds like we're clear on this one, I'll apply Ted's suggestion and then we're good. … The other has a rendering script problem. **Michael Jones:** Ok, 220 should be ready once we get the suggestion in.

[David-Chadwick]

@decentralgabe This PR was merged without addressing my requested editorial change.