# OAuth Virtual Interim Meeting on SD-JWT VC {#oauth-virtual-interim-meeting-on-sd-jwt-vc} Minute Taker: Hannes Tschofenig Draft: https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/ Brian went through his slide deck to give background (in an excessive level of detail) and recent changes to the draft. Steffen Schwalm asks what the technical justifications are for removing the DID-relevant text. Is there a way to define an umbrella document to describe the extension extensions? Brian believes the extension point is already is already in the specification. Are there other use cases where the document is too narrow? Rifaat: Did Brian answer the question? Steffen: If this is an option to I still do not understand the reason why Richard: I can comment on the technical issue. I understand it although : You need to able to implement the specification. You cannot just say "implement DID" - there are too many methods. The text in the draft is, however, insufficient. What we need is for the issuer to publish the scheme and the verifier needs to get the issuer's public key. It is an issuer key lookup or some meta-data. There is the need for one more field here. Brian: This was the intend here. The text needs some work. Watson: There are security issues with the way further resolution methods are added. There are not enough security considerations. Brian: It is intended to be a secure mechanism that links back to some third party verification mechanism (like WebPKI). I cannot full follow what all these Rifaat: Can you bring this to the mailing list? Watson: I will post something to the list. Markus: It is much simpler than it seems. Lots of people have expressed interest to keep support for DIDs. The argument that DIDs are not implementable is incorrect as demonstrated by existing project implementations. We had this discussion when DIDs were mandatory to implement. The consensus was to make it optional to implement. Why didn't the consensus last? Mike: I was in the DID working group. We tried to get the point to select a mandatory-to-implement a DID method. It failed back then to select one and this has not been accomplished by today. Markus is right that you can implement a DID method correctly but that is not the point. Unless we are going to support interoperability, we should remove the feature. Daniel: I want to iterate what Richard said. We want to be implementable and testable features. Keep the specs as small as possible and then have another specs that extends it (and is also implementable). Kristina: Can we clarify whether we are talking about the issuer or the holder? We should separate the two. Confirmation claims allows extension points: you could support DIDs there. Brian: This was not an aspect in this discussion. Kristian: We already heard that the text is not good enough. Christian Bormann: We have a work item in CEN (?) on DID methods to define functional requirements and interoperability requirements to select one example on each. The SD-JWT spec could define the foundational aspects and CEN could focus on the DID method description. Markus: Agree with Steffen. If you have different DID methods then it is not interoperable. DID methods are interoperability mechanisms, very much like the current text box is. The risk of removing the text from the draft is that there are suddenly many specifications describing text with different DID methods. Oliver: The DID resolution text was not clear enough. There is a big interop risk and I support the removal of the text. A way forward is to describe text by the issuer to indicate the extensibility points. Henk: I want to share our experience with the SCITT working group where we also started with DID methods. We removed DIDs because of the lack of trust with the issuer. Brian said that we have to read through the entire draft to ensure that we do not preclude solutions and that the extension points are properly defined. Hannes: It was good to have a conversation about this topic but we are no finished with the work. Rifaat and Hannes will chat with Deb about next steps. Rifaat asked the participants to post suggestions to the list on improving the text regarding extensibility.