oid4vc-haip-sd-jwt-vc icon indicating copy to clipboard operation
oid4vc-haip-sd-jwt-vc copied to clipboard

Published 20 hours ago verified publisher icon openid

Key resolution for status list

Open c2bo opened this issue 2 years ago • 2 comments

Section 7.1. defines supported key resolution mechanisms to validate issued credentials. We do not define a mechanism to validate the status list with currently.

Imho, we should re-use the same key resolution mechanism that is used by the issuer - makes things easier to manage and implement. If people agree with this, I will create a PR to add a small text stating to re-use the same mechanism for status list validation.

c2bo avatar Oct 12 '23 16:10 c2bo

looks like we need to say that

  • digital signatures must be used to sign the status list (not MAC)
  • both jwt and cwt are mandatory for the wallet, optional to the issuer
  • either "Issuer MUST use the same mechanism to sign the status list as it uses to sign the credential (basically same requirements as iss in the credential apply to status list)", that would be a downside for the issuers that support multiple mechanisms to sign the credential. another way is to mandate x5c for status list always.
  • define algs

Sakurann avatar Dec 13 '24 14:12 Sakurann

I would suggest to add text to the spec requiring the issuer to use the same key resolution mechanism for a certain status list it uses for the respective credential. That makes the key resolution methods to be supported depending on the requirements for the respective credential format. Additionally, it also makes the life of the RP developer easier as it does not need to support arbitrary combinations of key resolution methods.

tlodderstedt avatar Jan 09 '25 08:01 tlodderstedt