fix: made did resolution language more relaxed

oauth-wg · Nov 27, 2023 · 69c6465 · 69c6465
1 parent 0b3cf54
commit 69c6465
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/draft-ietf-oauth-sd-jwt-vc.md b/draft-ietf-oauth-sd-jwt-vc.md
@@ -328,10 +328,7 @@ verification key for the Issuer-signed JWT:
 
 - JWT Issuer Metadata: If the `iss` value contains an HTTPS URI, the recipient MUST
 obtain the public key using JWT Issuer Metadata as defined in (#jwt-issuer-metadata).
-- DID Document Resolution: If the `iss` value contains a DID [@W3C.DID], the recipient MUST retrieve
-the public key from the DID Document resolved from the DID in the `iss` value.
-In this case, if the `kid` JWT header parameter is present, the `kid` MUST be a relative or absolute
-DID URL of the DID in the `iss` value, identifying the public key.
+- DID Document Resolution: If the `iss` value contains a DID [@W3C.DID], the recipient SHOULD retrieve the public key from the DID Document resolved from the DID in the `iss` value. In this case, if the `kid` JWT header parameter is present, the `kid` MUST be a relative or absolute DID URL of the DID in the `iss` value, identifying the public key. Support for DID Document Resolution is OPTIONAL.
 - X.509 Certificates: The recipient MUST obtain the public key from the leaf X.509 certificate
 defined by the `x5c`, `x5c`, or `x5t` JWT header parameters of the Issuer-signed JWT and validate the X.509
 certificate chain in the following cases: