Make extension point for issuer key resolution more explicit #294
Conversation
It was clear in previous discussions that many WG members preferred X.509 Certificates and DID Resolution to not be removed. Any additional key resolution mechanisms in the future can use the extension point, or - even better - can define a DID method. |
There was a problem hiding this comment.
This PR should advise that defining a new DID method and therefore re-using existing standards and infrastructure would be preferable to inventing completely new issuer key resolution mechanisms.
It's harmful for interoperability to invent a new extension mechanism for resolving issuer keys, when there is already an existing one (DID methods).
Co-authored-by: Daniel Fett <[email protected]>
As I recall, the consensus from the last interim call was to highlight how the specification can be extended to support other mechanisms, such as DIDs, by defining a profile. Therefore, this change seems reasonable. |
|
I think it was quite clear in the interim that the outcome should be an extendable spec with profiles for DID living somewhere else (e.g., in the european context in ETSI). If I recall correctly, we even discussed that such a specification could focus on certain DID methods and specify anything that is required to make them work in an interoperable way. This is also what I understood from side conversations following the interim. |
I was under the impression that "european" should be capitalized but otherwise concur with @danielfett's assessment. |
Are there meeting notes or a recording of this? |
This PR makes the extension point for issuer key resolution more explicit.
Preview here https://drafts.oauth.net/oauth-sd-jwt-vc/awoie/extension-point/draft-ietf-oauth-sd-jwt-vc.html