- edited description
the format of the iat parameter
The specification requires the iat parameter to be presented and tells it
MUST contain the instant when the proof was created
it isn’t very clear what the instant is in this context but in OpenID Connect and OAuth world we usually deal with
the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
that applies for iat
and similar parameters in OpenID Connect ID Token, DPoP proofs, and so forth. If feels like this needs to be corrected including the provided examples.
Comments (6)
-
reporter -
I do not see why we would not use conventions already used in OIDC and OAuth. PR #252
-
- changed milestone to Implementer's Draft
-
assigned issue to
-
reporter It also brings another question/concern from me, and I hope it isn’t pointless. Since this specification heavily deals with VCs then it’s worth pointing out that the format of other fields say used in the autorization_details request parameter should comply with https://www.w3.org/TR/vc-data-model/. As an example, for the data time field, we have https://www.w3.org/TR/xmlschema11-2/#dateTime.
That will be a defense against interoperability issues.
-
- changed title to the format of the iat parameter
-
- changed status to resolved
PR #252 merged
- Log in to comment