Hello, There was a request to add media type parameters to application/sd-jwt and +sd-jwt made here:
https://github.com/w3c/vc-jose-cose/issues/184#issuecomment-1827973403 TLDR; TallTed believes that the convention in the JWT BCP is not correct: https://datatracker.ietf.org/doc/html/rfc8725#name-use-explicit-typing So instead of seeing: application/secevent+jwt We should be seeing: application/jwt; profile=secevent This is a general form of the challenges associated with using multiple structured suffixes with JWTs. See these related drafts: - https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-06#name-structured-syntax-suffix-re - https://datatracker.ietf.org/doc/html/draft-ietf-mediaman-suffixes-06#section-2.3 Note that the change controller for `application/vc+...` would be the W3C per the latest draft language in draft-ietf-mediaman-suffixes-06. The W3C could then reject any attempts to register `application/vc+ld+json+sd-jwt` or `application/vc+sd-jwt` or `application/vc+jwp` in the future. If instead we used a meda type parameter to signal profiles... instead of suffixes, the change controller rules from multiple suffixes would not apply. Regards, OS -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
