JWT Handling of edge case VCs
Issue #1339
resolved
It is expected that the majority of VCs will hold attributes about a single subject and consequently have a single subject ID. When this is secured as a JWT, the subject ID is turned into the sub claim. However, there are some exceptions.
- Bearer VCs have no subject ID
- Some VCs may have two or more subject IDs e.g. a marriage certificate.
How are bearer credentials and multi-subject credentials to be converted into a JWT for inclusion in the VP? What value should the sub claim contain?
Comments (8)
-
Account Deactivated
-
reporter
Actually I mean the sub claim in the JWT VC. But I see from RFC 7519 that the sub claim is optional. So this can deal with bearer VCs as there is no subject ID.
Would it be possible to deal with multi-subject VCs by having multiple sub claims in a JWT?
-
reporter
p.s. I am currently writing PRs to the W3C VC Data Model v1.1 and I can write these JWT clarifications into the W3C VC spec.
-
- changed status to open
Looked at on the 20-Sep-21 working group call.
-
I believe this issue is out of scope for OpenID Connect and should be dealt with W3C as long as it remains VC specific. If we generalize and rephrase the question to “how to support multi-subject claims and bearer claims in OIDC”, it might become in-scope.
-
reporter
Certainly I propose to add text to the revised VC spec to clarify these two edge cases, but I wanted to be sure that by having no sub claim or having multiple sub claims, we would not break OIDC for VPs.
-
- changed component to Verifiable Presentation
-
- changed status to resolved
Migrated to GitHub
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Verifiable Presentation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 4
I assume you are speaking to the
subclaim within the JWT VP, and not of theid_token?