The normative statements in
Securing Mechanisms apply to securing
- application/vc-ld+jwt and
- application/vp-ld+jwt,
- application/vc-ld+sd-jwt and
- application/vp-ld+sd-jwt,
- application/vc-ld+cose and
- application/vp-ld+cose.
+ application/vc+jwt and
+ application/vp+jwt,
+ application/vc+sd-jwt and
+ application/vp+sd-jwt,
+ application/vc+cose and
+ application/vp+cose.
The most specific media type (or subtype) available SHOULD be used, instead of
more generic media types (or supertypes). For example, rather than the general
- application/sd-jwt, application/vc-ld+sd-jwt
+ application/sd-jwt, application/vc+sd-jwt
SHOULD be used, unless there is a more specific media type that would even
better identify the secured envelope format.
A [=conforming JWS issuer implementation=] MUST use [[RFC7515]] to secure this media type. - The unsecured verifiable credential is the unencoded JWS payload. + The unsecured [=verifiable credential=] is the unencoded JWS payload.
- The typ header parameter SHOULD be vc-ld+jwt.
+ The typ header parameter SHOULD be vc+jwt.
When present, the cty header parameter SHOULD be vc.
See Registered Header Parameter Names
for additional details regarding usage of typ and
@@ -489,15 +489,15 @@
- This section details how to use JOSE to secure verifiable presentations conforming + This section details how to use JOSE to secure [=verifiable presentations=] conforming to [[VC-DATA-MODEL-2.0]].
A [=conforming JWS issuer implementation=] MUST use [[RFC7515]] to secure this media type. - The unsecured verifiable presentation is the unencoded JWS payload. + The unsecured [=verifiable presentation=] is the unencoded JWS payload.
- The typ header parameter SHOULD be vp-ld+jwt.
+ The typ header parameter SHOULD be vp+jwt.
When present, the cty header parameter SHOULD be vp.
See Registered Header Parameter Names
for additional details regarding usage of typ and
@@ -520,8 +520,8 @@
- Credentials in verifiable presentations MUST be secured. - These credentials are secured using JWS in this case. + Credentials in [=verifiable presentations=] MUST be secured. + In this case, these [=credentials=] are secured using JWS.
To encrypt a secured [=verifiable presentation=] @@ -543,7 +543,7 @@
@@ -592,7 +592,7 @@
The unencoded JOSE Header is JSON (`application/json`), not JSON-LD @@ -632,8 +632,8 @@
The JWT Claim Names vc and vp MUST NOT be present.
@@ -650,18 +650,18 @@
- This section details how to use JOSE to secure verifiable credentials conforming + This section details how to use JOSE to secure [=verifiable credentials=] conforming to [[VC-DATA-MODEL-2.0]].
A [=conforming SD-JWT issuer implementation=] MUST use [[[SD-JWT]]] [[SD-JWT]] to secure this media type. The unsecured [=verifiable credential=] is the input JSON claim set. The Issuer then converts the input JSON claim set (i.e., the - unsecured [=verifiable credential=]) into an SD-JWT payload according to + unsecured [=verifiable credential=]) into an [[SD-JWT]] payload according to SD-JWT issuance instructions.
- The typ header parameter SHOULD be vc-ld+sd-jwt.
+ The typ header parameter SHOULD be vc+sd-jwt.
When present, the cty header parameter SHOULD be vc.
See Registered Header Parameter Names
for additional details regarding usage of typ and
@@ -727,15 +727,15 @@
- This section details how to use SD-JWT to secure verifiable presentations conforming + This section details how to use [[SD-JWT]] to secure verifiable presentations conforming to [[VC-DATA-MODEL-2.0]].
A [=conforming SD-JWT issuer implementation=] MUST use [[SD-JWT]] to secure this media type. - The unsecured verifiable presentation is the unencoded SD-JWT payload. + The unsecured [=verifiable presentation=] is the unencoded [[SD-JWT]] payload.
- The typ header parameter SHOULD be vp-ld+sd-jwt.
+ The typ header parameter SHOULD be vp+sd-jwt.
When present, the cty header parameter SHOULD be vp.
See Registered Header Parameter Names
for additional details regarding usage of typ and
@@ -758,8 +758,8 @@
- Credentials in verifiable presentations MUST be secured. - These credentials are secured using SD-JWT in this case. + Credentials in [=verifiable presentations=] MUST be secured. + These [=credentials=] are secured using SD-JWT in this case.
When securing [=verifiable presentations=] with [[SD-JWT]] implementers SHOULD ensure that @@ -791,7 +791,7 @@
@@ -837,16 +837,16 @@
- This section details how to use COSE to secure verifiable credentials conforming + This section details how to use COSE to secure [=verifiable credentials=] conforming to [[VC-DATA-MODEL-2.0]].
A [=conforming COSE issuer implementation=] MUST use COSE_Sign1 as specified in [[RFC9052]] to secure this media type. - The unsecured verifiable credential is the unencoded COSE_Sign1 payload. + The unsecured [=verifiable credential=] is the unencoded COSE_Sign1 payload.
- The typ header parameter, as described in COSE "typ" (type) Header Parameter, SHOULD be application/vc-ld+cose.
+ The typ header parameter, as described in COSE "typ" (type) Header Parameter, SHOULD be application/vc+cose.
When present, the content type (3) header parameter
SHOULD be application/vc.
See Common COSE Header Parameters for additional details.
@@ -855,6 +855,11 @@
+ When including [=verifiable credentials=] secured with COSE in [=verifiable presentations=] + as Enveloped Verifiable Credentials, the credentials MUST be encoded using base64 as specified in [[RFC2397]]. +
To encrypt a secured [=verifiable credential=] when transmitting over an insecure channel, @@ -900,17 +905,17 @@
- This section details how to use COSE to secure verifiable presentations conforming + This section details how to use COSE to secure [=verifiable presentations=] conforming to [[VC-DATA-MODEL-2.0]].
A [=conforming COSE issuer implementation=] MUST use COSE_Sign1 as specified in [[RFC9052]] to secure this media type. - The unsecured verifiable presentation is the unencoded COSE_Sign1 payload. + The unsecured [=verifiable presentation=] is the unencoded COSE_Sign1 payload.
- The typ header parameter SHOULD be application/vp-ld+cose.
- When present, the cty header parameter SHOULD be application/vp.
+ The typ header parameter SHOULD be application/vp+cose.
+ When present, the content type (3) header parameter SHOULD be application/vp.
See Common COSE Header Parameters for additional details.
@@ -930,8 +935,8 @@
- Credentials in verifiable presentations MUST be secured. - These credentials are secured using COSE in this case. + Credentials in [=verifiable presentations=] MUST be secured. + These [=credentials=] are secured using COSE in this case.
To encrypt a secured [=verifiable presentation=] @@ -953,7 +958,7 @@
@@ -1248,8 +1253,8 @@
inputMediaType: vc-ld+jwt or
- vp-ld+jwt
+ inputMediaType: vc+jwt or
+ vp+jwt
inputDocument: the verifiable credential secured as a JWT [[RFC7519]]
@@ -1306,7 +1311,7 @@ inputMediaType: vc-ld+sd-jwt
+ inputMediaType: vc+sd-jwt
inputDocument: the verifiable credential secured with [[SD-JWT]]
@@ -1367,8 +1372,8 @@ inputMediaType: vc-ld+cose or
- vp-ld+cose
+ inputMediaType: vc+cose or
+ vp+cose
inputDocument: the verifiable credential or verifiable presentation
@@ -1464,11 +1469,11 @@ application/vc-ld+jwtapplication/vc+jwt
This specification registers the
- As defined in this specification. See also the security
- considerations in . As defined in this specification.
+ See also the security considerations in [[RFC7519]]. As defined in this specification.
+ W3C Verifiable Credential issuer, holder, and verifier software,
+ conforming to the [[VC-DATA-MODEL-2.0]],
+ are among the applications that will use the media types. Conforming
+ application types are described here and
+ here.
+
This specification registers the
- As defined in this specification. See also the security
- considerations in . As defined in this specification.
+ See also the security considerations in [[RFC7519]]. As defined in this specification.
+ W3C Verifiable Credential issuer, holder, and verifier software,
+ conforming to the [[VC-DATA-MODEL-2.0]],
+ are among the applications that will use the media types. Conforming
+ application types are described here and
+ here.
+
This specification registers the
- As defined in this specification. See also the security
- considerations in . As defined in this specification.
+ See also the security considerations in . As defined in this specification.
+ W3C Verifiable Credential issuer, holder, and verifier software,
+ conforming to the [[VC-DATA-MODEL-2.0]],
+ are among the applications that will use the media types. Conforming
+ application types are described here and
+ here.
+
This specification registers the
- As defined in this specification. See also the security
- considerations in . As defined in this specification.
+ See also the security considerations in . As defined in this specification.
+ W3C Verifiable Credential issuer, holder, and verifier software,
+ conforming to the [[VC-DATA-MODEL-2.0]],
+ are among the applications that will use the media types. Conforming
+ application types are described here and
+ here.
+
This specification registers the
- As defined in this specification.
+ See also the security considerations in [[RFC9052]]. As defined in this specification. As defined in this specification. See also the security
- considerations in [[RFC9052]].
+ W3C Verifiable Credential issuer, holder, and verifier software,
+ conforming to the [[VC-DATA-MODEL-2.0]],
+ are among the applications that will use the media types. Conforming
+ application types are described here and
+ here.
+
This specification registers the
- As defined in this specification.
+ See also the security considerations in [[RFC9052]]. As defined in this specification.
+ W3C Verifiable Credential issuer, holder, and verifier software,
+ conforming to the [[VC-DATA-MODEL-2.0]],
+ are among the applications that will use the media types. Conforming
+ application types are described here and
+ here.
+ As defined in this specification. See also the security
- considerations in [[RFC9052]].application/vc-ld+jwt Media Type specifically for
+ application/vc+jwt Media Type specifically for
identifying a
with a payload
conforming to the
@@ -1481,11 +1486,15 @@ application/vc-ld+jwt
Subtype name:
- `vc-ld+jwt`
+ `vc+jwt`
+ Required parameters:
- None
+ N/A
+
+
Optional parameters:
+ N/A
Encoding considerations:
@@ -1497,12 +1506,60 @@ application/vc-ld+jwt
Security considerations:
-
-
+ Contact:
+ Interoperability considerations:
+
+
+
+
+ Published specification:
+ https://w3.org/TR/vc-jose-cose
+
+
+ Applications that will use this media:
+
+
+
+
+ Restrictions on usage:
+ N/A
+
+
+ Additional information:
+
+
+
+
+
+
+ Author:
+ Ivan Herman ivan@w3.org
+
+
+
+ Intended usage:
+ COMMON
+
+
Change controller:
W3C Verifiable Credentials Working Group public-vc-wg@w3.org
@@ -1511,11 +1568,11 @@
- application/vc-ld+jwt
+ application/vp-ld+jwtapplication/vp+jwtapplication/vp-ld+jwt Media Type specifically for
+ application/vp+jwt Media Type specifically for
identifying a
with a payload
conforming to the
@@ -1528,11 +1585,15 @@ application/vp-ld+jwt
Subtype name:
- vp-ld+jwt
+ vp+jwt
+ Required parameters:
- None
+ N/A
+
+
Optional parameters:
+ N/A
Encoding considerations:
@@ -1544,12 +1605,60 @@ application/vp-ld+jwt
Security considerations:
-
-
+ Contact:
+ Interoperability considerations:
+
+
+
+
+ Published specification:
+ https://w3.org/TR/vc-jose-cose
+
+
+ Applications that will use this media:
+
+
+
+
+ Restrictions on usage:
+ N/A
+
+
+ Additional information:
+
+
+
+
+
+
+ Author:
+ Ivan Herman ivan@w3.org
+
+
+
+ Intended usage:
+ COMMON
+
+
Change controller:
W3C Verifiable Credentials Working Group public-vc-wg@w3.org
@@ -1558,11 +1667,11 @@
- application/vp-ld+jwt
+ application/vc-ld+sd-jwtapplication/vc+sd-jwtapplication/vc-ld+sd-jwt Media Type specifically for
+ application/vc+sd-jwt Media Type specifically for
identifying a
with a payload
conforming to the
@@ -1575,28 +1684,80 @@ application/vc-ld+sd-jwt
Subtype name:
- `vc-ld+sd-jwt`
+ `vc+sd-jwt`
+ Required parameters:
- None
+ N/A
+
+
Optional parameters:
+ N/A
Encoding considerations:
binary; `application/sd-jwt` values are a series of base64url-encoded values
- (some of which may be the empty string) separated by period ('.') or tilde ('~') characters.
+ (some of which may be the empty string) separated by period ('.') and tilde ('~') characters.
+ Security considerations:
-
+
+
+ Interoperability considerations:
+
+
+
+
+ Published specification:
+ https://w3.org/TR/vc-jose-cose
+
+
+ Applications that will use this media:
+
+
+
+
+ Restrictions on usage:
+ N/A
+
+
Additional information:
+
+
+
-
+ Contact:
+ Author:
+ Ivan Herman ivan@w3.org
+
+
+
+ Intended usage:
+ COMMON
+
+
Change controller:
W3C Verifiable Credentials Working Group public-vc-wg@w3.org
@@ -1605,11 +1766,11 @@
- application/vc-ld+sd-jwt
+ application/vp-ld+sd-jwtapplication/vp+sd-jwtapplication/vp-ld+sd-jwt Media Type specifically for
+ application/vp+sd-jwt Media Type specifically for
identifying a
with a payload
conforming to the
@@ -1622,28 +1783,81 @@ application/vp-ld+sd-jwt
Subtype name:
- vp-ld+sd-jwt
+ vp+sd-jwt
+ Required parameters:
- None
+ N/A
+
+
Optional parameters:
+ N/A
Encoding considerations:
binary; `application/sd-jwt` values are a series of base64url-encoded values
- (some of which may be the empty string) separated by period ('.') or tilde ('~') characters.
+ (some of which may be the empty string) separated by period ('.') and tilde ('~') characters.
+ Security considerations:
-
+
+
+ Interoperability considerations:
+
+
+
+
+ Published specification:
+ https://w3.org/TR/vc-jose-cose
+
+
+ Applications that will use this media:
+
+
+
+
+ Restrictions on usage:
+ N/A
+
+
Additional information:
+
+
+
-
+ Contact:
+ Author:
+
+ Ivan Herman ivan@w3.org
+
+
+
+ Intended usage:
+ COMMON
+
+
Change controller:
W3C Verifiable Credentials Working Group public-vc-wg@w3.org
@@ -1652,11 +1866,11 @@
- application/vp-ld+sd-jwt
+ application/vc-ld+coseapplication/vc+coseapplication/vc-ld+cose Media Type specifically for
+ application/vc+cose Media Type specifically for
identifying a COSE object [[RFC9052]]
with a payload
conforming to the
@@ -1669,27 +1883,77 @@ application/vc-ld+cose
Subtype name:
- `vc-ld+cose`
+ `vc+cose`
+ Required parameters:
- None
+ N/A
+
+
Optional parameters:
+ N/A
+ Encoding considerations:
+ binary (CBOR)
+
+
Security considerations:
- binary (CBOR)
+
-
+ Security considerations:
+ Interoperability considerations:
+
+
+
+
+ Published specification:
+ https://w3.org/TR/vc-jose-cose
+
+
Applications that will use this media:
-
-
+ Contact:
+ Restrictions on usage:
+ N/A
+
+
+ Additional information:
+
+
+
+
+
+
+ Author:
+ Ivan Herman ivan@w3.org
+
+
+
+ Intended usage:
+ COMMON
+
+
Change controller:
W3C Verifiable Credentials Working Group public-vc-wg@w3.org
@@ -1698,11 +1962,11 @@
- application/vc-ld+cose
+ application/vp-ld+coseapplication/vp+coseapplication/vp-ld+cose Media Type specifically for
+ application/vp+cose Media Type specifically for
identifying a COSE object [[RFC9052]]
with a payload
conforming to the
@@ -1715,27 +1979,77 @@ application/vp-ld+cose
Subtype name:
- `vp-ld+cose`
+ `vp+cose`
+ Required parameters:
- None
+ N/A
+
+
Optional parameters:
+ N/A
+ Encoding considerations:
+ binary (CBOR)
+
+
Security considerations:
- binary (CBOR)
+
-
+ Security considerations:
+ Interoperability considerations:
+
+
+
+
+ Published specification:
+ https://w3.org/TR/vc-jose-cose
+
+
+ Applications that will use this media:
+
+
+
+
+ Restrictions on usage:
+ N/A
+
+
+ Additional information:
-
+
+
+
+
Author:
+ Ivan Herman ivan@w3.org
-
+ Contact:
+ Intended usage:
+ COMMON
+
+ Change controller:
W3C Verifiable Credentials Working Group public-vc-wg@w3.org
@@ -2069,17 +2383,17 @@ Presentations
"verifiableCredential": [
{
"@context": "https://www.w3.org/ns/credentials/v2",
- "id": "data:application/vc-ld+cose,QzVjV...RMjU",
+ "id": "data:application/vc+cose;base64,0oREo...+Q==",
"type": "EnvelopedVerifiableCredential"
},
{
"@context": "https://www.w3.org/ns/credentials/v2",
- "id": "data:application/vc-ld+jwt,eyVjV...RMjU",
+ "id": "data:application/vc+jwt,eyVjV...RMjU",
"type": "EnvelopedVerifiableCredential"
},
{
"@context": "https://www.w3.org/ns/credentials/v2",
- "id": "data:application/vc-ld+sd-jwt,eyVjV...RMjU~",
+ "id": "data:application/vc+sd-jwt,eyVjV...RMjU~",
"type": "EnvelopedVerifiableCredential"
}
]
@@ -2090,12 +2404,16 @@ Presentations
Data URIs
-
-data:application/vc-ld+sd-jwt,eyJhbGciOiJFUzM4NCIsImtpZCI6IlNJM1JITm91aDhvODFOT09OUFFVQUw3RWdaLWtJNl94ajlvUkV2WDF4T3ciLCJ0eXAiOiJ2YytsZCtqc29uK3NkLWp3dCIsImN0eSI6InZjK2xkK2pzb24ifQ.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaXNzdWVyIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvaXNzdWVycy81NjUwNDkiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImNyZWRlbnRpYWxTY2hlbWEiOnsiX3NkIjpbIkU3dU1sSWFyS29iYXJTdEZGRjctZm5qaV9sQVdnM3BGMkV5dVc4dWFYakUiLCJYelRaSVgyNGdDSWxSQVFHclFoNU5FRm1XWkQtZ3Z3dkIybzB5Y0FwNFZzIl19LCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMiLCJfc2QiOlsiT3oxUEZIMG0tWk9TdEhwUVZyeGlmVlpKRzhvNmlQQmNnLVZ2SXQwd2plcyJdfSwiX3NkIjpbIkVZQ1daMTZZMHB5X1VNNzRHU3NVYU9zT19mdDExTlVSaFFUTS1TT1lFTVEiXX0sIl9zZCI6WyJqT055NnZUbGNvVlAzM25oSTdERGN3ekVka3d2R3VVRXlLUjdrWEVLd3VVIiwid21BdHpwc0dRbDJveS1PY2JrSEVZcE8xb3BoX3VYcWVWVTRKekF0aFFibyJdLCJfc2RfYWxnIjoic2hhLTI1NiIsImlzcyI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL2lzc3VlcnMvNTY1MDQ5IiwiaWF0IjoxNjk3Mjg5OTk2LCJleHAiOjE3Mjg5MTIzOTYsImNuZiI6eyJqd2siOnsia3R5IjoiRUMiLCJjcnYiOiJQLTM4NCIsImFsZyI6IkVTMzg0IiwieCI6InZFdV84WGxZT0ZFU2hTcVRpZ2JSYWduZ0ZGM1p5U0xrclNHekh3azFBT1loanhlazVhV21HY2UwZU05S0pWOEIiLCJ5IjoiRUpNY2czWXBzUTB3M2RLNHlVa25QczE1Z0lsY2Yyay03dzFKLTNlYlBiOERENmQtUkhBeGUwMDkzSWpfdTRCOSJ9fX0.rYzbxb6j1dwop8_s491iArVVJNm6A6C3b742gOm_qYO3zdkyQU4_VxxOSJ8ECcmWj2r5KyiCNC1ojfO4Yms-zBsjt7PoMYpYWBplsqXpiIvnehmM7D0eOLi40uHXki0X~WyJSWTg1YTZNMmEwX3VDWlFTVGZmTFdRIiwgImlkIiwgImh0dHA6Ly91bml2ZXJzaXR5LmV4YW1wbGUvY3JlZGVudGlhbHMvMTg3MiJd~WyJMeG5GYTBXVm8wRUluVy1QdS1fd1dRIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d~WyJUQVdrakpCaVpxdC1rVU54X1EweUJBIiwgImlkIiwgImh0dHBzOi8vZXhhbXBsZS5vcmcvZXhhbXBsZXMvZGVncmVlLmpzb24iXQ~WyJTd2xuZFpPZzZEZ1ZERFp5X0RvYVFBIiwgInR5cGUiLCAiSnNvblNjaGVtYSJd~WyJuSnJlU3E1Nzg3RGZMSDJCbU03cXFRIiwgImlkIiwgImRpZDpleGFtcGxlOjEyMyJd~WyIxMjNNd3hNcHRiek02YUk2aW03ME1RIiwgInR5cGUiLCAiQmFjaGVsb3JEZWdyZWUiXQ~
+
+data:application/vc+sd-jwt,eyJhbGciOiJFUzM4NCIsImtpZCI6IlNJM1JITm91aDhvODFOT09OUFFVQUw3RWdaLWtJNl94ajlvUkV2WDF4T3ciLCJ0eXAiOiJ2YytsZCtqc29uK3NkLWp3dCIsImN0eSI6InZjK2xkK2pzb24ifQ.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaXNzdWVyIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvaXNzdWVycy81NjUwNDkiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImNyZWRlbnRpYWxTY2hlbWEiOnsiX3NkIjpbIkU3dU1sSWFyS29iYXJTdEZGRjctZm5qaV9sQVdnM3BGMkV5dVc4dWFYakUiLCJYelRaSVgyNGdDSWxSQVFHclFoNU5FRm1XWkQtZ3Z3dkIybzB5Y0FwNFZzIl19LCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMiLCJfc2QiOlsiT3oxUEZIMG0tWk9TdEhwUVZyeGlmVlpKRzhvNmlQQmNnLVZ2SXQwd2plcyJdfSwiX3NkIjpbIkVZQ1daMTZZMHB5X1VNNzRHU3NVYU9zT19mdDExTlVSaFFUTS1TT1lFTVEiXX0sIl9zZCI6WyJqT055NnZUbGNvVlAzM25oSTdERGN3ekVka3d2R3VVRXlLUjdrWEVLd3VVIiwid21BdHpwc0dRbDJveS1PY2JrSEVZcE8xb3BoX3VYcWVWVTRKekF0aFFibyJdLCJfc2RfYWxnIjoic2hhLTI1NiIsImlzcyI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL2lzc3VlcnMvNTY1MDQ5IiwiaWF0IjoxNjk3Mjg5OTk2LCJleHAiOjE3Mjg5MTIzOTYsImNuZiI6eyJqd2siOnsia3R5IjoiRUMiLCJjcnYiOiJQLTM4NCIsImFsZyI6IkVTMzg0IiwieCI6InZFdV84WGxZT0ZFU2hTcVRpZ2JSYWduZ0ZGM1p5U0xrclNHekh3azFBT1loanhlazVhV21HY2UwZU05S0pWOEIiLCJ5IjoiRUpNY2czWXBzUTB3M2RLNHlVa25QczE1Z0lsY2Yyay03dzFKLTNlYlBiOERENmQtUkhBeGUwMDkzSWpfdTRCOSJ9fX0.rYzbxb6j1dwop8_s491iArVVJNm6A6C3b742gOm_qYO3zdkyQU4_VxxOSJ8ECcmWj2r5KyiCNC1ojfO4Yms-zBsjt7PoMYpYWBplsqXpiIvnehmM7D0eOLi40uHXki0X~WyJSWTg1YTZNMmEwX3VDWlFTVGZmTFdRIiwgImlkIiwgImh0dHA6Ly91bml2ZXJzaXR5LmV4YW1wbGUvY3JlZGVudGlhbHMvMTg3MiJd~WyJMeG5GYTBXVm8wRUluVy1QdS1fd1dRIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d~WyJUQVdrakpCaVpxdC1rVU54X1EweUJBIiwgImlkIiwgImh0dHBzOi8vZXhhbXBsZS5vcmcvZXhhbXBsZXMvZGVncmVlLmpzb24iXQ~WyJTd2xuZFpPZzZEZ1ZERFp5X0RvYVFBIiwgInR5cGUiLCAiSnNvblNjaGVtYSJd~WyJuSnJlU3E1Nzg3RGZMSDJCbU03cXFRIiwgImlkIiwgImRpZDpleGFtcGxlOjEyMyJd~WyIxMjNNd3hNcHRiek02YUk2aW03ME1RIiwgInR5cGUiLCAiQmFjaGVsb3JEZWdyZWUiXQ~
+
+
+
+data:application/vp+sd-jwt,eyJhbGciOiJFUzM4NCIsImtpZCI6IlNJM1JITm91aDhvODFOT09OUFFVQUw3RWdaLWtJNl94ajlvUkV2WDF4T3ciLCJ0eXAiOiJ2YytsZCtqc29uK3NkLWp3dCIsImN0eSI6InZjK2xkK2pzb24ifQ.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaXNzdWVyIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvaXNzdWVycy81NjUwNDkiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImNyZWRlbnRpYWxTY2hlbWEiOnsiX3NkIjpbIkU3dU1sSWFyS29iYXJTdEZGRjctZm5qaV9sQVdnM3BGMkV5dVc4dWFYakUiLCJYelRaSVgyNGdDSWxSQVFHclFoNU5FRm1XWkQtZ3Z3dkIybzB5Y0FwNFZzIl19LCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMiLCJfc2QiOlsiT3oxUEZIMG0tWk9TdEhwUVZyeGlmVlpKRzhvNmlQQmNnLVZ2SXQwd2plcyJdfSwiX3NkIjpbIkVZQ1daMTZZMHB5X1VNNzRHU3NVYU9zT19mdDExTlVSaFFUTS1TT1lFTVEiXX0sIl9zZCI6WyJqT055NnZUbGNvVlAzM25oSTdERGN3ekVka3d2R3VVRXlLUjdrWEVLd3VVIiwid21BdHpwc0dRbDJveS1PY2JrSEVZcE8xb3BoX3VYcWVWVTRKekF0aFFibyJdLCJfc2RfYWxnIjoic2hhLTI1NiIsImlzcyI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL2lzc3VlcnMvNTY1MDQ5IiwiaWF0IjoxNjk3Mjg5OTk2LCJleHAiOjE3Mjg5MTIzOTYsImNuZiI6eyJqd2siOnsia3R5IjoiRUMiLCJjcnYiOiJQLTM4NCIsImFsZyI6IkVTMzg0IiwieCI6InZFdV84WGxZT0ZFU2hTcVRpZ2JSYWduZ0ZGM1p5U0xrclNHekh3azFBT1loanhlazVhV21HY2UwZU05S0pWOEIiLCJ5IjoiRUpNY2czWXBzUTB3M2RLNHlVa25QczE1Z0lsY2Yyay03dzFKLTNlYlBiOERENmQtUkhBeGUwMDkzSWpfdTRCOSJ9fX0.rYzbxb6j1dwop8_s491iArVVJNm6A6C3b742gOm_qYO3zdkyQU4_VxxOSJ8ECcmWj2r5KyiCNC1ojfO4Yms-zBsjt7PoMYpYWBplsqXpiIvnehmM7D0eOLi40uHXki0X~WyJTd2xuZFpPZzZEZ1ZERFp5X0RvYVFBIiwgInR5cGUiLCAiSnNvblNjaGVtYSJd~WyIxMjNNd3hNcHRiek02YUk2aW03ME1RIiwgInR5cGUiLCAiQmFjaGVsb3JEZWdyZWUiXQ~WyJMeG5GYTBXVm8wRUluVy1QdS1fd1dRIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d~WyJSWTg1YTZNMmEwX3VDWlFTVGZmTFdRIiwgImlkIiwgImh0dHA6Ly91bml2ZXJzaXR5LmV4YW1wbGUvY3JlZGVudGlhbHMvMTg3MiJd~eyJhbGciOiJFUzM4NCIsInR5cCI6ImtiK2p3dCJ9.eyJub25jZSI6IkVmeTROTFJPX3ZvSkszdDIzcUNfQlEiLCJhdWQiOiJodHRwczovL3ZlcmlmaWVyLmV4YW1wbGUiLCJpYXQiOjE2OTcyODk5OTZ9.6G-1nVcrDKFzR6BdbcFHcbtassEb8NZ7ZavTYz3SJ-e4pXleXs0tNcCkUCwMI70gsuOY0AXzeDPbHjp5GKyLDVuNWgWCt3Wo2VSaCwUkyfLyvhkCsmkF9kvFhMIOhp1i~
-
-data:application/vp-ld+sd-jwt,eyJhbGciOiJFUzM4NCIsImtpZCI6IlNJM1JITm91aDhvODFOT09OUFFVQUw3RWdaLWtJNl94ajlvUkV2WDF4T3ciLCJ0eXAiOiJ2YytsZCtqc29uK3NkLWp3dCIsImN0eSI6InZjK2xkK2pzb24ifQ.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaXNzdWVyIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvaXNzdWVycy81NjUwNDkiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImNyZWRlbnRpYWxTY2hlbWEiOnsiX3NkIjpbIkU3dU1sSWFyS29iYXJTdEZGRjctZm5qaV9sQVdnM3BGMkV5dVc4dWFYakUiLCJYelRaSVgyNGdDSWxSQVFHclFoNU5FRm1XWkQtZ3Z3dkIybzB5Y0FwNFZzIl19LCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMiLCJfc2QiOlsiT3oxUEZIMG0tWk9TdEhwUVZyeGlmVlpKRzhvNmlQQmNnLVZ2SXQwd2plcyJdfSwiX3NkIjpbIkVZQ1daMTZZMHB5X1VNNzRHU3NVYU9zT19mdDExTlVSaFFUTS1TT1lFTVEiXX0sIl9zZCI6WyJqT055NnZUbGNvVlAzM25oSTdERGN3ekVka3d2R3VVRXlLUjdrWEVLd3VVIiwid21BdHpwc0dRbDJveS1PY2JrSEVZcE8xb3BoX3VYcWVWVTRKekF0aFFibyJdLCJfc2RfYWxnIjoic2hhLTI1NiIsImlzcyI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL2lzc3VlcnMvNTY1MDQ5IiwiaWF0IjoxNjk3Mjg5OTk2LCJleHAiOjE3Mjg5MTIzOTYsImNuZiI6eyJqd2siOnsia3R5IjoiRUMiLCJjcnYiOiJQLTM4NCIsImFsZyI6IkVTMzg0IiwieCI6InZFdV84WGxZT0ZFU2hTcVRpZ2JSYWduZ0ZGM1p5U0xrclNHekh3azFBT1loanhlazVhV21HY2UwZU05S0pWOEIiLCJ5IjoiRUpNY2czWXBzUTB3M2RLNHlVa25QczE1Z0lsY2Yyay03dzFKLTNlYlBiOERENmQtUkhBeGUwMDkzSWpfdTRCOSJ9fX0.rYzbxb6j1dwop8_s491iArVVJNm6A6C3b742gOm_qYO3zdkyQU4_VxxOSJ8ECcmWj2r5KyiCNC1ojfO4Yms-zBsjt7PoMYpYWBplsqXpiIvnehmM7D0eOLi40uHXki0X~WyJTd2xuZFpPZzZEZ1ZERFp5X0RvYVFBIiwgInR5cGUiLCAiSnNvblNjaGVtYSJd~WyIxMjNNd3hNcHRiek02YUk2aW03ME1RIiwgInR5cGUiLCAiQmFjaGVsb3JEZWdyZWUiXQ~WyJMeG5GYTBXVm8wRUluVy1QdS1fd1dRIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d~WyJSWTg1YTZNMmEwX3VDWlFTVGZmTFdRIiwgImlkIiwgImh0dHA6Ly91bml2ZXJzaXR5LmV4YW1wbGUvY3JlZGVudGlhbHMvMTg3MiJd~eyJhbGciOiJFUzM4NCIsInR5cCI6ImtiK2p3dCJ9.eyJub25jZSI6IkVmeTROTFJPX3ZvSkszdDIzcUNfQlEiLCJhdWQiOiJodHRwczovL3ZlcmlmaWVyLmV4YW1wbGUiLCJpYXQiOjE2OTcyODk5OTZ9.6G-1nVcrDKFzR6BdbcFHcbtassEb8NZ7ZavTYz3SJ-e4pXleXs0tNcCkUCwMI70gsuOY0AXzeDPbHjp5GKyLDVuNWgWCt3Wo2VSaCwUkyfLyvhkCsmkF9kvFhMIOhp1i~
+
+data:application/vp+cose;base64,0oREoQE4IqBZDSJ7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy92MiIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy9leGFtcGxlcy92MiJdLCJ0eXBlIjoiVmVyaWZpYWJsZVByZXNlbnRhdGlvbiIsInZlcmlmaWFibGVDcmVkZW50aWFsIjpbeyJAY29udGV4dCI6Imh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy92MiIsImlkIjoiZGF0YTphcHBsaWNhdGlvbi92Yy1sZCtzZC1qd3QsZXlKcmFXUWlPaUpGZUVoclFrMVhPV1p0WW10MlZqSTJObTFTY0hWUU1uTlZXVjlPWDBWWFNVNHhiR0Z3VlhwUE9ISnZJaXdpWVd4bklqb2lSVk15TlRZaWZRLmV5SmZjMlJmWVd4bklqb2ljMmhoTFRJMU5pSXNJa0JqYjI1MFpYaDBJanBiSW1oMGRIQnpPaTh2ZDNkM0xuY3pMbTl5Wnk5dWN5OWpjbVZrWlc1MGFXRnNjeTkyTWlJc0ltaDBkSEJ6T2k4dmQzZDNMbmN6TG05eVp5OXVjeTlqY21Wa1pXNTBhV0ZzY3k5bGVHRnRjR3hsY3k5Mk1pSmRMQ0pwYzNOMVpYSWlPaUpvZEhSd2N6b3ZMM1Z1YVhabGNuTnBkSGt1WlhoaGJYQnNaUzlwYzNOMVpYSnpMelUyTlRBME9TSXNJblpoYkdsa1JuSnZiU0k2SWpJd01UQXRNREV0TURGVU1UazZNak02TWpSYUlpd2lZM0psWkdWdWRHbGhiRk5qYUdWdFlTSTZleUpmYzJRaU9sc2lOV0pCZURNdGVIQm1RV3hWUzBaSk9YTnVNMmhXUTIxd1IydHJjVWx6V21NekxVeGlNek5tV21waWF5SXNJbHBqUVhaSU1EaHNkRUp5U1VwbVNXaDBPRjl0UzFCZll6TnNjRzVZTVdOSGNsbHRWRzh3WjFsQ2VUZ2lYWDBzSW1OeVpXUmxiblJwWVd4VGRXSnFaV04wSWpwN0ltUmxaM0psWlNJNmV5SnVZVzFsSWpvaVFtRmphR1ZzYjNJZ2IyWWdVMk5wWlc1alpTQmhibVFnUVhKMGN5SXNJbDl6WkNJNld5SlNUMVEzTVVsMGRUTk1ObFZYV0ZWcWJ5MW9XVmRKUWpZM2JIVlBUa1ZFVWxOQ2FHeEVWRU54VlU5UklsMTlMQ0pmYzJRaU9sc2lUVVZ1WlhObk1saFBVazVqWTNOQ1RXVmFYekUyTURKbmVUUXdVaTAwV1VKMlZsSXdlRkU0YjBZNFl5SmRmU3dpWDNOa0lqcGJJa1ZsYzJKaWF5MW1jR1p3ZDJaTU9YZE9jekZ4Y2paMGFVNDNabkV0U1hReldWTTJWM1pDYmw5aVdHOGlMQ0phYjFJMVpHUmhja2R0WmsxNU5FaHVWMHhWYWs1VVJuRlVSak5ZUmpacGRGQm5abmxHUWtoVlgzRlZJbDE5Lmd3M3BheGJrTGpwaThDVHN5UnBYS2JDN3RwVmEwcTJzV0tTRC1fZGNidVoxTHBaVjNvUThJZnpjbTJiRThSWTNmbUpnYnV5QTlnYlBMM3NRQmFUemtnIH5XeUpTZVVReFZsQjRWSEJ2Ym10UGVYWnBjemt0YTI5M0lpd2dJbWxrSWl3Z0ltaDBkSEE2THk5MWJtbDJaWEp6YVhSNUxtVjRZVzF3YkdVdlkzSmxaR1Z1ZEdsaGJITXZNVGczTWlKZH5XeUpmVmpkMWVUZDNheTFSTTNWWmQyWnBaME52V1VWQklpd2dJblI1Y0dVaUxDQmJJbFpsY21sbWFXRmliR1ZEY21Wa1pXNTBhV0ZzSWl3Z0lrVjRZVzF3YkdWQmJIVnRibWxEY21Wa1pXNTBhV0ZzSWwxZH5XeUpoYXpkcU1UbG5ZVk10UkRKTFgyaHpZM1JWWkdOUklpd2dJbWxrSWl3Z0ltaDBkSEJ6T2k4dlpYaGhiWEJzWlM1dmNtY3ZaWGhoYlhCc1pYTXZaR1ZuY21WbExtcHpiMjRpWFF+V3lKVVRqQlhhWFZaUmtoWFdrVjJaRFpJUVVKSFFTMW5JaXdnSW5SNWNHVWlMQ0FpU25OdmJsTmphR1Z0WVNKZH5XeUpWTW5Cek1reFlWRVJWYlZoM01EY3hSVkJtUlVwbklpd2dJbWxrSWl3Z0ltUnBaRHBsZUdGdGNHeGxPakV5TXlKZH5XeUpzUTA0MmVUTkVhVE5EVWs5VlgzSnVYelJFTldSbklpd2dJblI1Y0dVaUxDQWlRbUZqYUdWc2IzSkVaV2R5WldVaVhRfjtkYXRhOmFwcGxpY2F0aW9uL3ZjLWxkK3NkLWp3dCxleUpyYVdRaU9pSkZlRWhyUWsxWE9XWnRZbXQyVmpJMk5tMVNjSFZRTW5OVldWOU9YMFZYU1U0eGJHRndWWHBQT0hKdklpd2lZV3huSWpvaVJWTXlOVFlpZlEuZXlKZmMyUmZZV3huSWpvaWMyaGhMVEkxTmlJc0lrQmpiMjUwWlhoMElqcGJJbWgwZEhCek9pOHZkM2QzTG5jekxtOXlaeTl1Y3k5amNtVmtaVzUwYVdGc2N5OTJNaUlzSW1oMGRIQnpPaTh2ZDNkM0xuY3pMbTl5Wnk5dWN5OWpjbVZrWlc1MGFXRnNjeTlsZUdGdGNHeGxjeTkyTWlKZExDSnBjM04xWlhJaU9pSm9kSFJ3Y3pvdkwzVnVhWFpsY25OcGRIa3VaWGhoYlhCc1pTOXBjM04xWlhKekx6VTJOVEEwT1NJc0luWmhiR2xrUm5KdmJTSTZJakl3TVRBdE1ERXRNREZVTVRrNk1qTTZNalJhSWl3aVkzSmxaR1Z1ZEdsaGJGTmphR1Z0WVNJNmV5SmZjMlFpT2xzaU5XSkJlRE10ZUhCbVFXeFZTMFpKT1hOdU0yaFdRMjF3UjJ0cmNVbHpXbU16TFV4aU16Tm1XbXBpYXlJc0lscGpRWFpJTURoc2RFSnlTVXBtU1doME9GOXRTMUJmWXpOc2NHNVlNV05IY2xsdFZHOHdaMWxDZVRnaVhYMHNJbU55WldSbGJuUnBZV3hUZFdKcVpXTjBJanA3SW1SbFozSmxaU0k2ZXlKdVlXMWxJam9pUW1GamFHVnNiM0lnYjJZZ1UyTnBaVzVqWlNCaGJtUWdRWEowY3lJc0lsOXpaQ0k2V3lKU1QxUTNNVWwwZFROTU5sVlhXRlZxYnkxb1dWZEpRalkzYkhWUFRrVkVVbE5DYUd4RVZFTnhWVTlSSWwxOUxDSmZjMlFpT2xzaVRVVnVaWE5uTWxoUFVrNWpZM05DVFdWYVh6RTJNREpuZVRRd1VpMDBXVUoyVmxJd2VGRTRiMFk0WXlKZGZTd2lYM05rSWpwYklrVmxjMkppYXkxbWNHWndkMlpNT1hkT2N6RnhjalowYVU0M1puRXRTWFF6V1ZNMlYzWkNibDlpV0c4aUxDSmFiMUkxWkdSaGNrZHRaazE1TkVodVYweFZhazVVUm5GVVJqTllSalpwZEZCblpubEdRa2hWWDNGVklsMTkuZ3czcGF4YmtManBpOENUc3lScFhLYkM3dHBWYTBxMnNXS1NELV9kY2J1WjFMcFpWM29ROElmemNtMmJFOFJZM2ZtSmdidXlBOWdiUEwzc1FCYVR6a2cgfld5SlNlVVF4VmxCNFZIQnZibXRQZVhacGN6a3RhMjkzSWl3Z0ltbGtJaXdnSW1oMGRIQTZMeTkxYm1sMlpYSnphWFI1TG1WNFlXMXdiR1V2WTNKbFpHVnVkR2xoYkhNdk1UZzNNaUpkfld5SmZWamQxZVRkM2F5MVJNM1ZaZDJacFowTnZXVVZCSWl3Z0luUjVjR1VpTENCYklsWmxjbWxtYVdGaWJHVkRjbVZrWlc1MGFXRnNJaXdnSWtWNFlXMXdiR1ZCYkhWdGJtbERjbVZrWlc1MGFXRnNJbDFkfld5SmhhemRxTVRsbllWTXRSREpMWDJoelkzUlZaR05SSWl3Z0ltbGtJaXdnSW1oMGRIQnpPaTh2WlhoaGJYQnNaUzV2Y21jdlpYaGhiWEJzWlhNdlpHVm5jbVZsTG1wemIyNGlYUX5XeUpVVGpCWGFYVlpSa2hYV2tWMlpEWklRVUpIUVMxbklpd2dJblI1Y0dVaUxDQWlTbk52YmxOamFHVnRZU0pkfld5SlZNbkJ6TWt4WVZFUlZiVmgzTURjeFJWQm1SVXBuSWl3Z0ltbGtJaXdnSW1ScFpEcGxlR0Z0Y0d4bE9qRXlNeUpkfld5SnNRMDQyZVRORWFUTkRVazlWWDNKdVh6UkVOV1JuSWl3Z0luUjVjR1VpTENBaVFtRmphR1ZzYjNKRVpXZHlaV1VpWFF+IiwidHlwZSI6IkVudmVsb3BlZFZlcmlmaWFibGVDcmVkZW50aWFsIn1dfVhA4c9H+cu0VfS8NsItpzbB1mpvjP5y2DCxTCW+bY6/4SNPCaeP+uR+JRpJ+GzVNz7/W7ZlHoXguhgBBjWhlnhh+Q==