Brian Campbell
Brian Campbell
> I'll go on record here as being not a fan of PE. On the [22 Feb 24 call](https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240223/d7f52462/attachment.html) @Sakurann pointed out that this kind of "voting" alone on PE...
As much as is possible (and it is understandably difficult to do given the context of all this) this kind of document should be about what is actually needed in...
The ability to ask for and receive more than one credential in a single OID4VP exchange remains something I believe brings more complexity than value (I've said as much back...
Agree that the combinatorial kind logic and requesting multiple credentials at once is something that not all use cases need and can handled up at the application layer with more...
from @dwaite over at https://github.com/openid/OpenID4VP/issues/144#issuecomment-2070732758 : " ... - the purpose string has issues around user presentation (such as the lack of any localization) as well as concerns about abuse...
This is a somewhat tangential friendly reminder that the `cnf` claim specified in [Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) ](https://datatracker.ietf.org/doc/html/rfc7800) is strictly about representing a proof-of-possession key and...
Consider having the type in this context be more collision resistant or formalized than in RAR.
IMHO a signature on the response seems the most natural approach here. So I'd favor 3. Seems 2 could work somewhat similarly but could be potentially awkward and problematic in...
> ideas came up to use HTTP Headers within Authorization Response according to the new discussion for Attestation-Based Client Authentication (which is ok, because it is not only client authentication...
It was also suggested to not change this.