define explicit typing of a proof JWT

Issue #1595 resolved

Kristina Yasuda created an issue 2022-08-11

during Aug-11 SIOP call, was suggested that using “typ“: “JWP“ is misleading, (it is not defined in the specification anyway). It was suggested we should define an explicit typing such as “typ“:”proof”. PR #268

Comments (5)

Jeremie Miller Account Deactivated
I missed the part of the call where this was discussed, why is an explicit (mime) type needed?
- 2022-08-12T00:10:32+00:00
Joseph Heenan
@jeremie It’s recommended as per https://www.rfc-editor.org/rfc/rfc8725.html#section-3.11 to prevent the potential for one type of JWT to be used in a context it wasn’t intended for.
- 2022-08-12T07:15:47+00:00
Joseph Heenan
For context, https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.5 uses dpop+jwt, https://www.rfc-editor.org/rfc/rfc9101.html#section-9.4.1 uses oauth-authz-req+jwt.

So possibly something like vc-iss-proof+jwt ?
- 2022-08-12T07:20:17+00:00
Brian Campbell
The discussion was kind of a sidebar where I noticed "typ": "JWT" in an example Kristina was working on and suggested removing it because it is pretty much meaningless and kinda cargo cult. I also said that useing "typ": "JWT" precludes more explicit typing, which I think is what led us here.

‌
- 2022-08-12T14:38:59+00:00
Kristina Yasuda reporter
- changed status to resolved
PR merged
- 2022-10-11T21:45:06+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Credential Issuance

Milestone: –

Version: –

Votes: 0

Watchers: 2