Script updating gh-pages from d915ccf. [ci skip]

oauth-wg · Dec 2, 2024 · db72dd5 · db72dd5
1 parent b6c0b85
commit db72dd5
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 51 deletions.
diff --git a/draft-ietf-oauth-sd-jwt-vc.html b/draft-ietf-oauth-sd-jwt-vc.html
@@ -1938,9 +1938,9 @@ <h3 id="name-example">
 LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
 bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
 QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.GaP6U
-8QoPCukiqtEkpZgcdFV5WIqFsIGXkZQsnAW18XohhFOgw9zqiOkvRUBYzMmqp5l394dE
-xlv-lBa-Z7ShQ~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
+eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.aWI6u
+SdNItkPFOCu_d9PAsEjfQ0sC0mXe4_CA9Odqn2G5PyI-FbIGa-YX3ogoVXA0HPsiawH-
+oG7Suh96-Piaw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
 AiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgI
 kRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VA
 ZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251b
@@ -2000,10 +2000,12 @@ <h3 id="name-issuer-signed-jwt-verificat">
               <li id="section-3.5-2.2.2.2">ensure that the <code>iss</code> value matches a <code>uniformResourceIdentifier</code> SAN entry of the end-entity certificate or that the domain name in the <code>iss</code> value matches the <code>dNSName</code> SAN entry of the end-entity certificate.<a href="#section-3.5-2.2.2.2" class="pilcrow">¶</a>
 </li>
             </ol>
+</li>
+          <li class="compact" id="section-3.5-2.3">DID Document Resolution: If a recipient supports DID Document Resolution and if the <code>iss</code> value contains a DID <span>[<a href="#W3C.DID" class="cite xref">W3C.DID</a>]</span>, the recipient MUST retrieve the public key from the DID Document resolved from the DID in the <code>iss</code> value. In this case, if the <code>kid</code> JWT header parameter is present, the <code>kid</code> MUST be a relative or absolute DID URL of the DID in the <code>iss</code> value, identifying the public key.
+Separate specifications or ecosystem regulations MAY define rules complementing the rules defined above, but such rules are out of scope of this specification. See <a href="#ecosystem-verification-rules" class="auto internal xref">Section 10.2</a> for security considerations.<a href="#section-3.5-2.3" class="pilcrow">¶</a>
 </li>
         </ul>
-<p id="section-3.5-3">Separate specifications or ecosystem regulations MAY define rules complementing the rules defined above, but such rules are out of scope of this specification. See <a href="#ecosystem-verification-rules" class="auto internal xref">Section 10.2</a> for security considerations.<a href="#section-3.5-3" class="pilcrow">¶</a></p>
-<p id="section-3.5-4">If a recipient cannot validate that the public verification key corresponds to the <code>iss</code> value of the Issuer-signed JWT, the SD-JWT VC MUST be rejected.<a href="#section-3.5-4" class="pilcrow">¶</a></p>
+<p id="section-3.5-3">If a recipient cannot validate that the public verification key corresponds to the <code>iss</code> value of the Issuer-signed JWT, the SD-JWT VC MUST be rejected.<a href="#section-3.5-3" class="pilcrow">¶</a></p>
 </section>
 </div>
 </section>
@@ -2051,17 +2053,17 @@ <h3 id="name-examples">
 LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
 bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
 QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.GaP6U
-8QoPCukiqtEkpZgcdFV5WIqFsIGXkZQsnAW18XohhFOgw9zqiOkvRUBYzMmqp5l394dE
-xlv-lBa-Z7ShQ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLC
+eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.aWI6u
+SdNItkPFOCu_d9PAsEjfQ0sC0mXe4_CA9Odqn2G5PyI-FbIGa-YX3ogoVXA0HPsiawH-
+oG7Suh96-Piaw~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLC
 B0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmV
 ldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCA
 icmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~eyJhbGciOiAiRVM
 yNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZC
-I6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MzMxNjIwNz
-ksICJzZF9oYXNoIjogImE4VnMyeUtYaG9vcHVjVUdkRGdkUERZVTl3blNwYnZuU3Y1TV
-YxVWJWTkUifQ.bVolETV2TRnFC0q9ar4AXS2JdfZEwVAyU_wpd_3NJk0Zl0yN6rLyGf4
-oLCRCci0w-rJ4yzND6e8TbcmS2nFSUQ
+I6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MzMxNjU5Nj
+IsICJzZF9oYXNoIjogInBnUG1qZnZzNlgtMXVQUzRneXloX01tWlg3SHFqaXdSVEtnU0
+dUX3VRSjQifQ.OW0AGDm9frVs9Hu4xgmarCa1S7DxxzNB4HYNWPCKf11sRi6fU7L4JBV
+monPt-sjqyv2yN5RtgBQMXwX68dP9Nw
 
 </pre><a href="#section-4.2-2" class="pilcrow">¶</a>
 </div>
@@ -2106,8 +2108,8 @@ <h3 id="name-examples">
 5UXdMVUs0Il0sICJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXIiLCAiaWF
 0IjogMTY4MzAwMDAwMCwgImV4cCI6IDE4ODMwMDAwMDAsICJ2Y3QiOiAiaHR0cHM6Ly9
 jcmVkZW50aWFscy5leGFtcGxlLmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9
-hbGciOiAic2hhLTI1NiJ9.-Ni3afgnBaelyAkcJJYe0XP40AesmeD5Vbk21Io4cz9x22
-8nbiqCB_dmQ3jY0oTXPWshRJ-0P9Q7AfxLqjNn7A~WyJsa2x4RjVqTVlsR1RQVW92TU5
+hbGciOiAic2hhLTI1NiJ9.yqmNTs4n0-siBPQZcMm36vFR5HUKmsD8y0z3T-vIFsUt3F
+gjL4NwAUSsR9z8eeI_buc9qNKo5T-SvSqc2hZC7g~WyJsa2x4RjVqTVlsR1RQVW92TU5
 JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9B
 IiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxv
 Y2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnki
@@ -3256,6 +3258,10 @@ <h3 id="name-informative-references">
         <dd>
 <span class="refAuthor">Jones, M.</span>, <span class="refTitle">"JSON Web Key (JWK)"</span>, <span class="seriesInfo">RFC 7517</span>, <span class="seriesInfo">DOI 10.17487/RFC7517</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc7517">https://www.rfc-editor.org/info/rfc7517</a>&gt;</span>. </dd>
 <dd class="break"></dd>
+<dt id="W3C.DID">[W3C.DID]</dt>
+        <dd>
+<span class="refAuthor">Sporny, M.</span>, <span class="refAuthor">Longley, D.</span>, <span class="refAuthor">Sabadello, M.</span>, <span class="refAuthor">Reed, D.</span>, <span class="refAuthor">Steele, O.</span>, and <span class="refAuthor">C. Allen</span>, <span class="refTitle">"Decentralized Identifiers (DIDs) v1.0"</span>, <time datetime="2022-07-19" class="refDate">19 July 2022</time>, <span>&lt;<a href="https://www.w3.org/TR/did-core/">https://www.w3.org/TR/did-core/</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 <dt id="W3C.VCDM">[W3C.VCDM]</dt>
       <dd>
 <span class="refAuthor">Sporny, M.</span>, <span class="refAuthor">Longley, D.</span>, <span class="refAuthor">Chadwick, D.</span>, and <span class="refAuthor">O. Steele</span>, <span class="refTitle">"Verifiable Credentials Data Model v2.0"</span>, <time datetime="2024-02-10" class="refDate">10 February 2024</time>, <span>&lt;<a href="https://www.w3.org/TR/vc-data-model-2.0/">https://www.w3.org/TR/vc-data-model-2.0/</a>&gt;</span>. </dd>
@@ -3464,8 +3470,8 @@ <h3 id="name-example-1-person-identifica">
 6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJrdHkiOiAiRUMiLCAiY3J2IjogIlA
 tMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRXNHZmU1ZvSElQMUlMaWxEbHM3dkN
 lR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZRNGhiU0lpcnNWZnVlY0NFNnQ0alQ
-5RjJIWlEifX19.TYPxF8sIE6rqLL3lpS6PkaNo10CkJmfT9oJtK_QyIIqoLAsEzX9rKL
-eBWHLRpWDf3V-0kmiWtS3SiCLwHfH4VA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3Iiw
+5RjJIWlEifX19.hQsOaDJWKs1ImVUU9Cjsd6v5q8-o1nZHNYjS0qW24oZ1Ew5irkLDdS
+nmYNxsylxEsMi1CPCEPeWclvXfANTmVw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3Iiw
 gImdpdmVuX25hbWUiLCAiRXJpa2EiXQ~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwg
 ImZhbWlseV9uYW1lIiwgIk11c3Rlcm1hbm4iXQ~WyI2SWo3dE0tYTVpVlBHYm9TNXRtd
 lZBIiwgImJpcnRoZGF0ZSIsICIxOTYzLTA4LTEyIl0~WyJlSThaV205UW5LUHBOUGVOZ
@@ -3820,14 +3826,14 @@ <h3 id="name-example-1-person-identifica">
 6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJrdHkiOiAiRUMiLCAiY3J2IjogIlA
 tMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRXNHZmU1ZvSElQMUlMaWxEbHM3dkN
 lR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZRNGhiU0lpcnNWZnVlY0NFNnQ0alQ
-5RjJIWlEifX19.TYPxF8sIE6rqLL3lpS6PkaNo10CkJmfT9oJtK_QyIIqoLAsEzX9rKL
-eBWHLRpWDf3V-0kmiWtS3SiCLwHfH4VA~WyJuUHVvUW5rUkZxM0JJZUFtN0FuWEZBIiw
+5RjJIWlEifX19.hQsOaDJWKs1ImVUU9Cjsd6v5q8-o1nZHNYjS0qW24oZ1Ew5irkLDdS
+nmYNxsylxEsMi1CPCEPeWclvXfANTmVw~WyJuUHVvUW5rUkZxM0JJZUFtN0FuWEZBIiw
 gIm5hdGlvbmFsaXRpZXMiLCBbIkRFIl1d~WyJNMEpiNTd0NDF1YnJrU3V5ckRUM3hBIi
 wgIjE4IiwgdHJ1ZV0~eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub
 25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3Zlc
-mlmaWVyIiwgImlhdCI6IDE3MzMxNjIwNzksICJzZF9oYXNoIjogImYyYkRqWjNiZ2tXZ
-EY5UXVOMXN1WXVYWTdKSGNvUkxqT0s1SDhNM0VrRHMifQ.zKztkOBtRN06H4hNUBjKKH
-cKGVTHK_vi7gJvhDR76h_Hy6LQOQOrpWCnMbHrTsQmkqBh48VSfCdTuN4biGpF_w
+mlmaWVyIiwgImlhdCI6IDE3MzMxNjU5NjIsICJzZF9oYXNoIjogIlhNZG9LYzdublZhU
+0R3cm95RnBMMEJObHZjcy1jQVhUai1SSHNJQ1NQbGcifQ.6eP-ItQQQQGg5aHVx82Tvs
+ey7w2dQnkBDFqMw4YDZA8jUL3XxlAIbdXVZG-thJCRE4Vu2CtV3ioNBgJMH2mFKQ
 
 </pre><a href="#appendix-B.1-53" class="pilcrow">¶</a>
 </div>
@@ -3836,8 +3842,8 @@ <h3 id="name-example-1-person-identifica">
 <pre>{
   "nonce": "1234567890",
   "aud": "https://example.com/verifier",
-  "iat": 1733162079,
-  "sd_hash": "f2bDjZ3bgkWdF9QuN1suYuXY7JHcoRLjOK5H8M3EkDs"
+  "iat": 1733165962,
+  "sd_hash": "XMdoKc7nnVaSDwroyFpL0BNlvcs-cAXTj-RHsICSPlg"
 }
 
 </pre><a href="#appendix-B.1-55" class="pilcrow">¶</a>
@@ -4041,9 +4047,11 @@ <h2 id="name-document-history">
       </h2>
 <p id="appendix-D-1">-07<a href="#appendix-D-1" class="pilcrow">¶</a></p>
 <ul class="compact">
-<li class="compact" id="appendix-D-2.1">Remove the requirement to insert a .well-known part for vct URLs<a href="#appendix-D-2.1" class="pilcrow">¶</a>
+<li class="compact" id="appendix-D-2.1">Revert change from previous release that removed explicit mention of DIDs in the Issuer-signed JWT Verification Key Validation section<a href="#appendix-D-2.1" class="pilcrow">¶</a>
+</li>
+        <li class="compact" id="appendix-D-2.2">Remove the requirement to insert a .well-known part for vct URLs<a href="#appendix-D-2.2" class="pilcrow">¶</a>
 </li>
-        <li class="compact" id="appendix-D-2.2">fix section numbering in SD-JWT references to align with the latest -14 version<a href="#appendix-D-2.2" class="pilcrow">¶</a>
+        <li class="compact" id="appendix-D-2.3">fix section numbering in SD-JWT references to align with the latest -14 version<a href="#appendix-D-2.3" class="pilcrow">¶</a>
 </li>
       </ul>
 <p id="appendix-D-3">-06<a href="#appendix-D-3" class="pilcrow">¶</a></p>

diff --git a/draft-ietf-oauth-sd-jwt-vc.txt b/draft-ietf-oauth-sd-jwt-vc.txt
@@ -561,9 +561,9 @@ Table of Contents
    LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
    bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
    QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.GaP6U
-   8QoPCukiqtEkpZgcdFV5WIqFsIGXkZQsnAW18XohhFOgw9zqiOkvRUBYzMmqp5l394dE
-   xlv-lBa-Z7ShQ~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
+   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.aWI6u
+   SdNItkPFOCu_d9PAsEjfQ0sC0mXe4_CA9Odqn2G5PyI-FbIGa-YX3ogoVXA0HPsiawH-
+   oG7Suh96-Piaw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLC
    AiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgI
    kRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VA
    ZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251b
@@ -629,11 +629,16 @@ Table of Contents
           SAN entry of the end-entity certificate or that the domain
           name in the iss value matches the dNSName SAN entry of the
           end-entity certificate.
-
-   Separate specifications or ecosystem regulations MAY define rules
-   complementing the rules defined above, but such rules are out of
-   scope of this specification.  See Section 10.2 for security
-   considerations.
+   *  DID Document Resolution: If a recipient supports DID Document
+      Resolution and if the iss value contains a DID [W3C.DID], the
+      recipient MUST retrieve the public key from the DID Document
+      resolved from the DID in the iss value.  In this case, if the kid
+      JWT header parameter is present, the kid MUST be a relative or
+      absolute DID URL of the DID in the iss value, identifying the
+      public key.  Separate specifications or ecosystem regulations MAY
+      define rules complementing the rules defined above, but such rules
+      are out of scope of this specification.  See Section 10.2 for
+      security considerations.
 
    If a recipient cannot validate that the public verification key
    corresponds to the iss value of the Issuer-signed JWT, the SD-JWT VC
@@ -676,17 +681,17 @@ Table of Contents
    LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
    bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
    QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
-   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.GaP6U
-   8QoPCukiqtEkpZgcdFV5WIqFsIGXkZQsnAW18XohhFOgw9zqiOkvRUBYzMmqp5l394dE
-   xlv-lBa-Z7ShQ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLC
+   eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.aWI6u
+   SdNItkPFOCu_d9PAsEjfQ0sC0mXe4_CA9Odqn2G5PyI-FbIGa-YX3ogoVXA0HPsiawH-
+   oG7Suh96-Piaw~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLC
    B0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmV
    ldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCA
    icmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~eyJhbGciOiAiRVM
    yNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZC
-   I6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MzMxNjIwNz
-   ksICJzZF9oYXNoIjogImE4VnMyeUtYaG9vcHVjVUdkRGdkUERZVTl3blNwYnZuU3Y1TV
-   YxVWJWTkUifQ.bVolETV2TRnFC0q9ar4AXS2JdfZEwVAyU_wpd_3NJk0Zl0yN6rLyGf4
-   oLCRCci0w-rJ4yzND6e8TbcmS2nFSUQ
+   I6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MzMxNjU5Nj
+   IsICJzZF9oYXNoIjogInBnUG1qZnZzNlgtMXVQUzRneXloX01tWlg3SHFqaXdSVEtnU0
+   dUX3VRSjQifQ.OW0AGDm9frVs9Hu4xgmarCa1S7DxxzNB4HYNWPCKf11sRi6fU7L4JBV
+   monPt-sjqyv2yN5RtgBQMXwX68dP9Nw
 
    After validation, the Verifier will have the following processed SD-
    JWT payload available for further handling:
@@ -728,8 +733,8 @@ Table of Contents
    5UXdMVUs0Il0sICJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXIiLCAiaWF
    0IjogMTY4MzAwMDAwMCwgImV4cCI6IDE4ODMwMDAwMDAsICJ2Y3QiOiAiaHR0cHM6Ly9
    jcmVkZW50aWFscy5leGFtcGxlLmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9
-   hbGciOiAic2hhLTI1NiJ9.-Ni3afgnBaelyAkcJJYe0XP40AesmeD5Vbk21Io4cz9x22
-   8nbiqCB_dmQ3jY0oTXPWshRJ-0P9Q7AfxLqjNn7A~WyJsa2x4RjVqTVlsR1RQVW92TU5
+   hbGciOiAic2hhLTI1NiJ9.yqmNTs4n0-siBPQZcMm36vFR5HUKmsD8y0z3T-vIFsUt3F
+   gjL4NwAUSsR9z8eeI_buc9qNKo5T-SvSqc2hZC7g~WyJsa2x4RjVqTVlsR1RQVW92TU5
    JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9B
    IiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxv
    Y2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnki
@@ -1680,6 +1685,10 @@ Table of Contents
               DOI 10.17487/RFC7517, May 2015,
               <https://www.rfc-editor.org/info/rfc7517>.
 
+   [W3C.DID]  Sporny, M., Longley, D., Sabadello, M., Reed, D., Steele,
+              O., and C. Allen, "Decentralized Identifiers (DIDs) v1.0",
+              19 July 2022, <https://www.w3.org/TR/did-core/>.
+
    [W3C.VCDM] Sporny, M., Longley, D., Chadwick, D., and O. Steele,
               "Verifiable Credentials Data Model v2.0", 10 February
               2024, <https://www.w3.org/TR/vc-data-model-2.0/>.
@@ -1828,8 +1837,8 @@ B.1.  Example 1: Person Identification Data (PID) Credential
    6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJrdHkiOiAiRUMiLCAiY3J2IjogIlA
    tMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRXNHZmU1ZvSElQMUlMaWxEbHM3dkN
    lR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZRNGhiU0lpcnNWZnVlY0NFNnQ0alQ
-   5RjJIWlEifX19.TYPxF8sIE6rqLL3lpS6PkaNo10CkJmfT9oJtK_QyIIqoLAsEzX9rKL
-   eBWHLRpWDf3V-0kmiWtS3SiCLwHfH4VA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3Iiw
+   5RjJIWlEifX19.hQsOaDJWKs1ImVUU9Cjsd6v5q8-o1nZHNYjS0qW24oZ1Ew5irkLDdS
+   nmYNxsylxEsMi1CPCEPeWclvXfANTmVw~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3Iiw
    gImdpdmVuX25hbWUiLCAiRXJpa2EiXQ~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwg
    ImZhbWlseV9uYW1lIiwgIk11c3Rlcm1hbm4iXQ~WyI2SWo3dE0tYTVpVlBHYm9TNXRtd
    lZBIiwgImJpcnRoZGF0ZSIsICIxOTYzLTA4LTEyIl0~WyJlSThaV205UW5LUHBOUGVOZ
@@ -2101,22 +2110,22 @@ B.1.  Example 1: Person Identification Data (PID) Credential
    6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJrdHkiOiAiRUMiLCAiY3J2IjogIlA
    tMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRXNHZmU1ZvSElQMUlMaWxEbHM3dkN
    lR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZRNGhiU0lpcnNWZnVlY0NFNnQ0alQ
-   5RjJIWlEifX19.TYPxF8sIE6rqLL3lpS6PkaNo10CkJmfT9oJtK_QyIIqoLAsEzX9rKL
-   eBWHLRpWDf3V-0kmiWtS3SiCLwHfH4VA~WyJuUHVvUW5rUkZxM0JJZUFtN0FuWEZBIiw
+   5RjJIWlEifX19.hQsOaDJWKs1ImVUU9Cjsd6v5q8-o1nZHNYjS0qW24oZ1Ew5irkLDdS
+   nmYNxsylxEsMi1CPCEPeWclvXfANTmVw~WyJuUHVvUW5rUkZxM0JJZUFtN0FuWEZBIiw
    gIm5hdGlvbmFsaXRpZXMiLCBbIkRFIl1d~WyJNMEpiNTd0NDF1YnJrU3V5ckRUM3hBIi
    wgIjE4IiwgdHJ1ZV0~eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub
    25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3Zlc
-   mlmaWVyIiwgImlhdCI6IDE3MzMxNjIwNzksICJzZF9oYXNoIjogImYyYkRqWjNiZ2tXZ
-   EY5UXVOMXN1WXVYWTdKSGNvUkxqT0s1SDhNM0VrRHMifQ.zKztkOBtRN06H4hNUBjKKH
-   cKGVTHK_vi7gJvhDR76h_Hy6LQOQOrpWCnMbHrTsQmkqBh48VSfCdTuN4biGpF_w
+   mlmaWVyIiwgImlhdCI6IDE3MzMxNjU5NjIsICJzZF9oYXNoIjogIlhNZG9LYzdublZhU
+   0R3cm95RnBMMEJObHZjcy1jQVhUai1SSHNJQ1NQbGcifQ.6eP-ItQQQQGg5aHVx82Tvs
+   ey7w2dQnkBDFqMw4YDZA8jUL3XxlAIbdXVZG-thJCRE4Vu2CtV3ioNBgJMH2mFKQ
 
    The following is the payload of a corresponding Key Binding JWT:
 
    {
      "nonce": "1234567890",
      "aud": "https://example.com/verifier",
-     "iat": 1733162079,
-     "sd_hash": "f2bDjZ3bgkWdF9QuN1suYuXY7JHcoRLjOK5H8M3EkDs"
+     "iat": 1733165962,
+     "sd_hash": "XMdoKc7nnVaSDwroyFpL0BNlvcs-cAXTj-RHsICSPlg"
    }
 
    After validation, the Verifier will have the following processed SD-
@@ -2288,6 +2297,9 @@ Appendix D.  Document History
 
    -07
 
+   *  Revert change from previous release that removed explicit mention
+      of DIDs in the Issuer-signed JWT Verification Key Validation
+      section
    *  Remove the requirement to insert a .well-known part for vct URLs
    *  fix section numbering in SD-JWT references to align with the
       latest -14 version