Fix resolving type metadata from URL and limit to HTTPS URLs
awoie opened this issue · comments
Current text:
In an SD-JWT VC, a URI in the
vct
claim can be used to express a type. If the type is a URL, metadata can be retrieved from the URL https:///.well-known/vct/, i.e., by inserting /.well-known/vct after the authority part of the URL.
Since well-known only applies to HTTPS URLs, we should limit the section to HTTPS URLs although other URLs would be still possible, e.g., ipfs://...
.
Additionally, also the <type>
in https://<authority>/.well-known/vct/<type>
is probably not correct since the type refers to the vct
value itself which would not make sense to the full vct
value here which would also include the scheme for instance.
I suggest we update the title to "From an HTTPS URL in the vct
claim" and update the language to something like this:
If the
vct
value is an HTTPS URL, Type Metadata can be retrieved from the URL constructed by inserting"/.well-known/vct"
after the authority part of the URL in thevct
value. For example, avct
value of"https://example.com/foo/bar/mytype"
would result in"https://example.com/.well-known/vct/foo/bar/mytype"
.