Add schema type metadata

[awoie]

This PR includes the following:

• Add schema type metadata
• Add full schema type metadata examples
• Describe base document for schema validation
• Minor editorial fixes
• Moved type metadata retrieval section for readability purposes
• IANA considerations for schema, schema_uri and schema_uri#integrity

See preview here:
https://drafts.oauth.net/oauth-sd-jwt-vc/awoie/fix-229-schema/draft-ietf-oauth-sd-jwt-vc.html

Fixes #229

[awoie]

@danielfett @bc-pi Do you think it makes sense to describe the base document for schema type metadata validation? For example, a verifier receiving an SD-JWT VC with Disclosures won't be able to validate the JSON schema against it before transforming the entire SD-JWT VC with Disclosures to expanded JSON document first.

[awoie]

@danielfett @bc-pi Should we restrict schema to specific JSON schema versions?

[bc-pi]

@danielfett @bc-pi Should we restrict schema to specific JSON schema versions?

I'm honestly not familiar with the intricacies of JSON schema. Is/are there a stable standard version(s) that can be referenced from a prospective RFC? The current content of the PR seems to have some normative statements but no reference. I'd think that's kind of a prerequisite to discussing version restrictions/requirements.

A few minutes of looking around and I found this https://json-schema.org/specification-links which at least suggests it's a bit messy.

Any idea if/how other actual standards documents utilize JSON schema?

[bc-pi]

@danielfett @bc-pi Do you think it makes sense to describe the base document for schema type metadata validation? For example, a verifier receiving an SD-JWT VC with Disclosures won't be able to validate the JSON schema against it before transforming the entire SD-JWT VC with Disclosures to expanded JSON document first.

Well, statements like "MUST validate the Verifiable Credential against the provided JSON Schema document." probably need some more clarity about what part of the VC and at what stage of transformation/processing.

[danielfett]

A few minutes of looking around and I found this https://json-schema.org/specification-links which at least suggests it's a bit messy.

Any idea if/how other actual standards documents utilize JSON schema?

I suggest that we proceed with merging this PR nonetheless and have a separate discussion on JSON Schema versions in an issue.

[awoie]

Update: We don't need IANA registration for schema, schema_uri and schema_uri#integrity since type metadata is not a JWT.

[awoie]

@bc-pi @danielfett Can you please check the examples I added.

[awoie]

@bc-pi @danielfett Can you please check the examples I added.

I believe we will need to distinguish between presentation and issuance schemas -> see #237

[bc-pi]

@bc-pi @danielfett Can you please check the examples I added.

I don't really speak JSON schema but it looks ok

[danielfett]

left a couple of editorial remarks, but generally this looks good to me, thank you!

[awoie]

left a couple of editorial remarks, but generally this looks good to me, thank you!

Thanks a lot. I updated the PR. Will merge later on the editor's call.

[awoie]

Merging this since all comments were addressed.