From d2286c69636d10f328d3e0162cb5c080724983aa Mon Sep 17 00:00:00 2001
From: Hayden B <hblauzvern@google.com>
Date: Fri, 2 Jun 2023 00:48:23 -0700
Subject: [PATCH] Update OID info (#1188)

Fix spelling, mention that nbf is optional per the OIDC spec

Signed-off-by: Hayden B <hblauzvern@google.com>
---
 docs/oid-info.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/oid-info.md b/docs/oid-info.md
index 698641d92..7b6808541 100644
--- a/docs/oid-info.md
+++ b/docs/oid-info.md
@@ -10,7 +10,7 @@ meaning.
 
 ## Requirements to support signing with CI/CD workload identities
 
-In order to support Sigstore code signing with CI/CD based workfload identities the following claims must be included in the OIDC ID Token. See example claim values for each extension in the detailed [Directory](#directory).
+In order to support Sigstore code signing with CI/CD based workflow identities the following claims must be included in the OIDC ID Token. See example claim values for each extension in the detailed [Directory](#directory).
 
 Providers MAY choose to emit extension value in other formats to generic examples, and consumers MUST NOT assume the generic example format.
 
@@ -189,7 +189,7 @@ that Sigstore operates.
 | aud                | aud     | aud       | aud        | N/A                          | Only used to validate the JWT.                                                                                                                                                         |
 | iss                | iss     | iss       | iss        | Issuer                       | This already exists. For example: https://token.actions.githubusercontent.com                                                                                                          |
 | exp                | exp     | exp       | exp        | N/A                          | Only used to validate the JWT.                                                                                                                                                         |
-| nbf                | nbf     | nbf       | nbf        | N/A                          | Only used to validate the JWT.                                                                                                                                                         |
+| nbf                | nbf     | nbf       | nbf        | N/A                          | Only used to validate the JWT. Optional, as per the OIDC spec                                                                                                                         |
 | iat                | iat     | iat       | iat        | N/A                          | Only used to validate the JWT.                                                                                                                                                         |
 | server_url + job_workflow_ref   | server_url + project_path + /-/jobs/ + job_id | ??       | ??        | Build Signer URI             | Reference to specific build instructions that are responsible for signing. Can be the same as Build Config URI. For example a reusable workflow in GitHub Actions or a Circle CI Orbs. |
 | job_workflow_sha   | N/A | ??       | ??        | Build Signer Digest          | An immutable reference to the specific version of the build instructions that is responsible for signing. Should include the digest type followed by the digest, e.g. `sha1:abc123`.   |