Orie Steele

If `vp_token` is not a JWT, it won't have a `typ`. so we can't use `typ` to distinguish it from `vp+ld+jwt`. I think clarifying text should be added in both...

It's solved for, we support VPs using enveloped credentials, and the VP data model from the core spec. This issue can be closed

@TallTed wrote: > As noted many other places, just as there is no such thing as `application/jpg+zip`, the `application/vp+ld+json+sd-jwt` media type should not exist; this media type should be simply...

I sent a few messages to both the OAuth and Media Types lists at IETF: - https://mailarchive.ietf.org/arch/msg/oauth/wG-ciZWCTatf_F5iLuPERZq6p0M/ - https://mailarchive.ietf.org/arch/msg/oauth/utKyjvovcqguwkAUTYVW-C6Yw-w/ - https://mailarchive.ietf.org/arch/msg/oauth/BkMuRmt6zExtr1TdsxX37pZtyfY/ Tracking the potential impact to `application/vc+...` in https://github.com/w3c/vc-data-model/issues/1363

Related: https://github.com/w3c/vc-jose-cose/issues/179

PR is up here: https://github.com/w3c/vc-jose-cose/pull/186

See also: https://github.com/w3c/vc-jose-cose/issues/184

Per is up here: https://github.com/w3c/vc-jose-cose/pull/186

FWIW, I think the safest and fastest solution to this is to copy the controller document section into a separate document, then refer to that document from the securing specification,...

Cross linking tracking this issue filed in DID Core. https://github.com/w3c/did-core/issues/845