Missing credential format definition for w3c vc v2 with sd-jwt

[TimoGlastra]

Both OID4VCI and OID4VP do not define the required metadata for issuance and requesting a W3C V2 VC with SD-JWT.

Both specifications only support W3C V1, and only JWT and JSON-LD credentials, not SD-JWT.

So i think we need to define:

• Credential format identifier: vc+sd-jwt is the one registered by the W3C spec, so it should probably be this, but i think any wallets that still support the old SD-JWT VC identifier will break on this
• Credential issuer metadata - this can probably be the same as is used for jwt_vc_json?
• VP formats supported - this can probably be the same as is used for jwt_vc_json as well
• DCQL query - this can probably be the same as is used for jwt_vc_json as well

Maybe i missed this definition from somewhere else?

[TimoGlastra]

@samuelmr do you have insights what the other Findynet participants are doing here?

(cc @nklomp @ubamrein @nanderstabel)

[TimoGlastra]

For us it would be really unfortunate if we have to use vc+sd-jwt, due to us still supporting older drafts

[nklomp]

To me and the way we are doing it is that we map vc+sd-jwt only on vcdm2 and sd-jwt vc on dc+sd-jwt. It is unfortunate that there is the clash but everyone will have to change eventually. To me no better time than now.

[TimoGlastra]

We have vc+sd-jwt running in producation in our wallet, so we can't just remove it. We will have to support both VCDM v2 and SD-JWT VC for the vc+sd-jwt.

But still i think this should be specified in DIIP v4

(but thanks for the quick answer, we will look into it further and see what we can do!)

[nklomp]

I guess some form of version discovery could help you out here. Have internal mappings for the 2 types.

[ubamrein]

@TimoGlastra we try our best to figuring out which format is desired. Like checking for "@context" to be present or other things. So far it seems to work, but I'd also rather drop support for sdjwts with "vc+sd-jwt".

[nklomp]

What do you mean exactly with the last statement because that is how you would do VCDM2 compliant sd-jwts

[TimoGlastra]

Okay and are you using the jwt_vc_json definition for all the other metadata for DCQL/OID4VCI/OID4VP?

[ubamrein]

What do you mean exactly with the last statement because that is how you would do VCDM2 compliant sd-jwts

yeah I mean the now "dc+sd-jwt" former "vc+sd-jwt" sd-jwts :D

[ubamrein]

Okay and are you using the jwt_vc_json definition for all the other metadata for DCQL/OID4VCI/OID4VP?

We currently ignore w3c metadata :D . We should probably define something new, as the jwt_vc_json is indeed based on the w3c vcdm1.1 credentials

[TimoGlastra]

Yeah that's what I'm a bit worried about. That we're now going to use the old 1.1 metadata under the vc+sd-jwt without any formal definition, and then it will probably change again when there will be a formal definition in the future.

[TimoGlastra]

We currently ignore w3c metadata

But how do you then filter W3C credentials for vc+sd-jwt? Since you want to filter based on the type_values right?

[TimoGlastra]

We should probably come up with a design and propose that to the DCP WG so that it can be added to OID4VCI and OID4VP 1.1

[ubamrein]

We currently ignore w3c metadata

But how do you then filter W3C credentials for vc+sd-jwt? Since you want to filter based on the type_values right?

We aren't filtering based on type_values yet.

[nklomp]

The metadata should be very close anyway though. It is not like the datamodel for VCs has drastically changed between 1.1 and 2. But yes would be good to come up with a proposal to DCG