Add additional text clarifying how to match vct and doctype#744
Open
GarethCOliver wants to merge 3 commits into
Open
Add additional text clarifying how to match vct and doctype#744GarethCOliver wants to merge 3 commits into
GarethCOliver wants to merge 3 commits into
Conversation
fkj
reviewed
Jun 18, 2026
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>
fkj
requested changes
Jun 19, 2026
| A Credential's type can be determined as satifying the Credential Query as follows: | ||
|
|
||
| 1. Check if the `vct` in the Credential is contained in the `vct_values` array. If it is, the Credential satisfies the Credential Query. | ||
| 1. If `vct` in the Credential is not contained in the `vct_values` array, check if the Credential has an `extends` claim. If it does, repeat this process for the Type metadata specified by the `extends` value, until either a match is found or the `extends` claim is not present. |
Member
There was a problem hiding this comment.
After reading SD-JWT-VC a bit more carefully, I think we should add some language about circular dependencies here
From https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-16.html#section-6.3-2:
Consumers MUST detect such circular dependencies and reject the credential.
Maybe something like this, though it might be easier to read if we rewrite the entire paragraph to make the recursive process more explicit:
Suggested change
| 1. If `vct` in the Credential is not contained in the `vct_values` array, check if the Credential has an `extends` claim. If it does, repeat this process for the Type metadata specified by the `extends` value, until either a match is found or the `extends` claim is not present. | |
| 1. If `vct` in the Credential is not contained in the `vct_values` array, check if the Credential has an `extends` claim. If it does, repeat this process for the Type metadata specified by the `extends` value, until either a match is found or the `extends` claim is not present. If a circular dependency is detected while following `extends` claims, the Credential does not satisfy the Credential Query. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #741 by adding more explicit instructions on what allows a Credential to satisfy
vct_values, and applies similar explicit text todoctype_value