Paul Bastian
Paul Bastian
Could it make sense to use attestation based client authentication if we follow the proposal from IETF to make it headers? Edit: may be difficult as the verifier is the...
> Just trying to make sure we didn't miss any other options. Would it make sense to include the wallet attestation in the verifiable credential, so that it gets sent...
@ve7jtb Whats your opinion?
Discussion within IDunion summarized: - Option 2 is preferred by some for simplicity, UI/UX flow exceptions seem bearable - Option 3 seems also viable, ideas came up to use HTTP...
I suggest using JSON for new APIs. To me Token Request uses form url-encoding due to legacy reasons, but we don't do the for credential request either, so I don't...
That's a very good question. Direct post actually seems to just send the authorisation response over POST instead of GET, so mimicking send more reasonable. In the case of request...
I would agree, especially as the DC API is all in JSON. Although I couldn't really find this as normative text in the spec. Are we missing something here?
I ask: where do we say that the content of DC API request is JSON encoded?
Then should we state this or is it obvious enough?
@Sakurann @tlodderstedt @jogu If this is scheduled for 1.1, it looks like a breaking change to me. Currently section 14.1 reads very strong, allowing only Credentials with cryptographic binding. I...