Skip to main content

EAA ConformanceETSI TS 119 472-1 (v1.2.1) clause 5.2.7.1

EAA-5.2.7.1-03:EAA includes the exp claim for technical-validity end

  • shall
  • Ordinary EAA
  • QEAA
  • PuB-EAA
  • SD-JWT VC
  • Issuer
  • Verifier

Spec text

A SD-JWT VC EAA shall include the exp claim specified in IETF RFC 7519 clause 4.1.5, and further profiled in IETF SD-JWT VC clause 3.2.2.2.

ETSI TS 119 472-1 (v1.2.1), clause 5.2.7.1, page 31.

In plain English

Every SD-JWT VC EAA must carry the exp ("expiration") claim. This is the moment at which the EAA stops being technically valid; after this instant a verifier must reject it.

Why it matters

Bounded lifetime is a basic security and revocation hygiene control. Even when status lists exist, an exp cap limits the impact of a leaked credential and forces issuers to think about how long the underlying attribute claim is meant to remain trustworthy.

Common mistakes

  • Setting exp decades into the future to avoid having to re-issue.
  • Omitting exp entirely.
  • Setting exp before nbf, which produces a never-valid window.

Conformance check

Auto-tested. Use the action in the sidebar to run a Self-Assessment for this control.

Last reviewed against ETSI TS 119 472-1 v1.2.1 on 2026-05-01.

iGrant.io’s EAA Issuer SDK handles this control out of the box. Talk to our team about closing your conformance gaps.

Chat on WhatsAppEmail support