Christian Bormann
Christian Bormann
Also came up in several IIW discussions - I would say there seems to be interest in this feature
This seems to become more important with the discussion in https://github.com/openid/OpenID4VP/pull/308#issuecomment-2634967626 - depending on the outcome of that discussion, a short remark that explains the difference between signed and unsigned...
> The problem with static signed data is a Issuer responding to a wallet with some metadata legitimately signed by another Issuer. How can a Issuer **authenticate** if there is...
My current understanding would be this: We have a similar problem as we have with the Digital Credentials Browser API, where an extension to CTAP needs to be defined that...
> I'm not clear why we would need to define anything in OIDVP/OID4VCI to support these extended usages of CTAP with the Digital Credentials API? Shouldn't OID4VP/OID4VCI be agnostic to...
For encryption, it might make sense to mandate support for AES-128-GCM as well. Same Security Strength as ECDSA + P256 and most references I've seen in the past mandate support...
In general there is the security risk with redirects of having redirect loops - clients should at least be able to detect and prevent such infinite redirect loops if redirects...
Yes, agreed for the time being 👍
TODO: change all the examples
> @c2bo I'm not a fan of adding a `credential_metadata` claim. It's too generic sounding and makes me wonder why many other credential configuration isnt in there > > Some...