oid4vc-haip-sd-jwt-vc icon indicating copy to clipboard operation
oid4vc-haip-sd-jwt-vc copied to clipboard

Published 20 hours ago verified publisher icon openid

add back client_metadata?

Open Sakurann opened this issue 2 years ago • 4 comments
trafficstars

I left it out in the first pass. any protocol-related parameter that can be passed in the client_metadata like subject_syntax_types_supported is hard-coded in the profile. if there is a need to verifier related metadata like logo_url, client_name, etc. we should add it back

Sakurann avatar May 16 '23 20:05 Sakurann

federation trust_chain bring the verifier metadata in the trust attestation, and the federation_entity metadata defines a standard scheme for every kind of participant, this is here

https://openid.net/specs/openid-connect-federation-1_0.html#section-4.7

peppelinux avatar May 22 '23 20:05 peppelinux

now that client_metadata has been improved in oid4vp, we should add it back

Sakurann avatar Nov 20 '24 17:11 Sakurann

I think we should say that client_metadata is not trusted and wallets should rely on secure client id schemes for authentication and additional information of the verifier

paulbastian avatar Dec 13 '24 12:12 paulbastian

I think things have changed - now that we have client_metadata much better defined in OpenID4VP, we might be ok mandating client_metadata? and it is actually needed for response encryption, right? https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-5.1-4.2.1

so basically saying that client_metadata mandatory, and within client_metadata, jwks, authorization_signed_response_alg and authorization_encrypted_response_alg, authorization_encrypted_response_enc are mandatory.

Sakurann avatar Dec 13 '24 13:12 Sakurann