Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider making cnf optional #196

Closed
awoie opened this issue Dec 18, 2023 · 4 comments · Fixed by #213
Closed

Consider making cnf optional #196

awoie opened this issue Dec 18, 2023 · 4 comments · Fixed by #213

Comments

@awoie
Copy link
Collaborator

awoie commented Dec 18, 2023

Not all VCs require key binding. For those, cnf should be made optional.
@bc-pi
Copy link
Collaborator

bc-pi commented Dec 18, 2023
edited
Loading

I've read the text in https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2-3.5.2.1 that says "REQUIRED when Cryptographic Key Binding is to be supported." as cnf being optional or not required when key binding isn't needed. Perhaps we need to discuss and/or make things more clear?

@awoie
Copy link
Collaborator Author

awoie commented Dec 18, 2023

Do you think we should also explain the OPTIONAL case or replace the REQUIRED with something else? CONDITIONAL is not a reserved word unfortunately.

@paulbastian
Copy link
Collaborator

I would propose to clarify this. From a quick reading this is not obviously optional and it does not match the other claims that only state REQUIRED/OPTIONAL without any conditions. As cryptographic binding is optional, I think this line should begin with "OPTIONAL. [...]"

@bc-pi bc-pi mentioned this issue Feb 15, 2024
Open
bc-pi added a commit that referenced this issue Feb 20, 2024
@bc-pi
Clarify the optionality of the cnf claim (to fix #196)
ab32c85
@bc-pi bc-pi mentioned this issue Feb 20, 2024
Merged
@bc-pi
Copy link
Collaborator

bc-pi commented Feb 20, 2024

I would propose to clarify this. From a quick reading this is not obviously optional and it does not match the other claims that only state REQUIRED/OPTIONAL without any conditions. As cryptographic binding is optional, I think this line should begin with "OPTIONAL. [...]"

#213 attempts to do just that

awoie pushed a commit that referenced this issue Feb 27, 2024
@bc-pi
Clarify the optionality of the cnf claim (#213)
e4e3b69 
Clarify the optionality of the cnf claim (to fix #196)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarify the optionality of the cnf claim oauth-wg/oauth-sd-jwt-vc
3 participants
@paulbastian @awoie @bc-pi