draft-ietf-oauth-sd-jwt-vc-13

-13

• Updated svg_template to match pluralised appendix example

draft-ietf-oauth-sd-jwt-vc-12

-12

• Change lang to locale. While lang is more accurate, locale is what has traditionally been used in OpenID Connect and later related specs.
• Remove JSON schema from Type Metadata
• Introduce optional mandatory property for claims
• Explicitly mention that Type Metadata can have additional stuff that has to be ignored if not understood
• Clarify that an SD-JWT VC doesn't contain a KB-JWT but rather might have an associated one (which makes it a SD-JWT+KB and Brian is still not sure about the term or these words, but it's where we've ended up)
• Remove the requirement to ignore unknown claims, as some applications may not want to follow this rule
• Fix cnf claim and JWK references and move them to normative
• List vct as one of the required values in type metadata and ensure that the use of the document integrity claims is clear
• Remove discussion of status and Status Provider from the Introduction
• Add a background_image property to the simple rendering aligned with the definition in OpenID4VCI
• Recommend to use sd=always or sd=never to avoid ambiguity and introduce rules for sd and mandatory when extending types
• Provide some guidance on versioning via the vct value
• Add security considerations for trust in type metadata
• Require data URIs for non-JSON types
• Require x5c to be in the protected header
• Clarify presentations of SD-JWT VC do not require KB
• Updated/expanded example for Type Metadata
• Be more consistent with style for lists of claims/parameters/properties
• Update PID example to make clear that it is not normative
• Clarification on processing of display metadata

draft-ietf-oauth-sd-jwt-vc-11

-11

• Clarify extend support for claim metadata
• Add privacy concerns regarding the use of x5u parameter in JWKs and similar remote retrieval mechanisms
• Added a section on Credential Type Extension and Issuer Authorization.
• Fixed an inconsistency to the description of display attribute of claim metadata.
• add vct#integrity to the list of claims that cannot be selectively disclosed
• Drop explicit treatment of the glue type metadata document concept
• Editorial updates and fixes.
• State that when the status claim is present and using the status_list mechanism, the associated Status List Token has to be a JWT.
• vct datatype is now just a string

draft-ietf-oauth-sd-jwt-vc-10

-10

• Rename 'Issuer-signed JWT Verification Key Validation' to 'Issuer Signature Mechanisms' and rework some text accordingly. Provide a web-based metadata resolution mechanism and an inline x509 mechanism. A DID-based mechanism is not explicitly provided herein but still possible via profile/extension. Be explicit that the employed Issuer Signature Mechanism has to be one that is permitted for the Issuer according to policy. Be more clear that one permitted Issuer Signature Mechanism is sufficient.
• Fix [...]#integrity claim values in examples (Subresource Integrity uses regular base64 encoding and some were wrong length)

draft-ietf-oauth-sd-jwt-vc-09

-09

• Use SD-JWT KB in place of SD-JWT with Key Binding JWT
• Editorial changes
• Document reasons for not using JSON Pointer or JSON Path (Issue #267)
• Clarify that private claim names MAY be used
• Update PID Example
• Fix section numbering in a few SD-JWT references

draft-ietf-oauth-sd-jwt-vc-08

-08

• Fix formatting issue introduced by the reintroduction of the DID paragraph in -07

draft-ietf-oauth-sd-jwt-vc-07

-07

• Revert change from previous release that removed explicit mention of DIDs in the Issuer-signed JWT Verification Key Validation section
• Remove the requirement to insert a .well-known part for vct URLs
• fix section numbering in SD-JWT references to align with the latest -14 version

draft-ietf-oauth-sd-jwt-vc-06

-06

• Update the anticipated media type registration request from application/vc+sd-jwt to application/dc+sd-jwt
• Tightened the exposition of the Issuer-signed JWT Verification Key Validation section
• Add the “Status” field for the well-known URI registration per IANA early review

draft-ietf-oauth-sd-jwt-vc-05

-05

• Include display and claim type metadata
• Added example for type metadata
• Clarify, add context, or otherwise improved the examples

draft-ietf-oauth-sd-jwt-vc-04

-04

• update reference to IETF Status List
• Include Type Metadata
• Include schema Type Metadata
• Editorial changes
• Updated terminology to clarify digital signatures are one way to secure VCs and presentations
• Rework key resolution/validation for x5c