An afterthought... we could also punt on the impact of multiple suffixes by following the convention activity pub used:
https://www.w3.org/TR/activitystreams-core/#media-type application/ld+json; profile="https://www.w3.org/ns/activitystreams"; For W3C Verifiable Credentials that could be: application/ld+json; profile="https://www.w3.org/ns/credentials"; Noting that W3C already supports https://www.w3.org/ns/credentials/v2 Regards, OS On Mon, Nov 27, 2023 at 8:55 AM Orie Steele <orie@transmute.industries> wrote: > Hello, > > There was a request to add media type parameters to application/sd-jwt > and +sd-jwt made here: > > https://github.com/w3c/vc-jose-cose/issues/184#issuecomment-1827973403 > > TLDR; TallTed believes that the convention in the JWT BCP is not correct: > > https://datatracker.ietf.org/doc/html/rfc8725#name-use-explicit-typing > > So instead of seeing: > > application/secevent+jwt > > We should be seeing: > > application/jwt; profile=secevent > > This is a general form of the challenges associated with using multiple > structured suffixes with JWTs. > > See these related drafts: > > - > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-06#name-structured-syntax-suffix-re > - > https://datatracker.ietf.org/doc/html/draft-ietf-mediaman-suffixes-06#section-2.3 > > Note that the change controller for `application/vc+...` would be the W3C > per the latest draft language in draft-ietf-mediaman-suffixes-06. > > The W3C could then reject any attempts to register > `application/vc+ld+json+sd-jwt` or `application/vc+sd-jwt` or > `application/vc+jwp` in the future. > > If instead we used a meda type parameter to signal profiles... instead of > suffixes, the change controller rules from multiple suffixes would not > apply. > > Regards, > > OS > > > -- > > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > > <https://transmute.industries> > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
