Paul Bastian

Did anybody actually implement this yet and can share experience?

I think we should say that client_metadata is not trusted and wallets should rely on secure client id schemes for authentication and additional information of the verifier

I support this.

The problem is being tackled in https://github.com/openid/OpenID4VCI/pull/276 already

@TakahikoKawasaki neither the ISO document nor the POTENTIAL document mentions cwt, in fact the example in ISO is given with jwt, so I think you have some assumptions here that...

I think this has not been present in earlier versions. The ISO specification still doesn't make a choice on this and I'm tending to agree with Oliver here.

My view: - Library support for jwk/jwt is better - there is no added benefit, all that cwt can do, jwt can do it as well - supported algorithms in...

I've corrected the JSON structure. The example that you posted is substantially different though.

Following up the discussions from DCP Workshop on 19th of April, there are different options how to continue, so therefore please provide feedback/preferences. Please use emoji reaction of your choice...

A - make a breaking change to the Batch Credential Endpoint (current proposal - only proof[])