draft-ietf-oauth-sd-jwt-vc-12

-12

• Change lang to locale. While lang is more accurate, locale is what has traditionally been used in OpenID Connect and later related specs.
• Remove JSON schema from Type Metadata
• Introduce optional mandatory property for claims
• Explicitly mention that Type Metadata can have additional stuff that has to be ignored if not understood
• Clarify that an SD-JWT VC doesn't contain a KB-JWT but rather might have an associated one (which makes it a SD-JWT+KB and Brian is still not sure about the term or these words, but it's where we've ended up)
• Remove the requirement to ignore unknown claims, as some applications may not want to follow this rule
• Fix cnf claim and JWK references and move them to normative
• List vct as one of the required values in type metadata and ensure that the use of the document integrity claims is clear
• Remove discussion of status and Status Provider from the Introduction
• Add a background_image property to the simple rendering aligned with the definition in OpenID4VCI
• Recommend to use sd=always or sd=never to avoid ambiguity and introduce rules for sd and mandatory when extending types
• Provide some guidance on versioning via the vct value
• Add security considerations for trust in type metadata
• Require data URIs for non-JSON types
• Require x5c to be in the protected header
• Clarify presentations of SD-JWT VC do not require KB
• Updated/expanded example for Type Metadata
• Be more consistent with style for lists of claims/parameters/properties
• Update PID example to make clear that it is not normative
• Clarification on processing of display metadata