Joseph Heenan
Joseph Heenan
closing as per above comment, if anyone does feel there's an action that needs to be taken please clarify :)
> * the bigger question is whether for the authorization_details is required in the token request in the pre-auth code flow to use authorization_details in the token response, because there...
The key differences with jti vs nonce: nonce is generated by the authorization server and it doesn't actually necessarily need to store anything (sometimes it generates a hash or jwt...
> A JWT with a jti intended for issuer A might be replayed to issuer B Unless I have forgotten a situation, I don't think that is possible in the...
Just to be clear on one point: > Regarding the issue that some or many implementations doesn't properly handle the "uniqueness" of the jti would be better taken out, since...
The important point here is that https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/ does not as far as I can see provide any general mechanism for an authorization server to check how a wallet is protecting...
> I would like to keep the following: > > * credential_offer_pre-authz_code.json - this is not credential format specific and is useful. > * credential_request_jwt_vc_json-ld.json - these is no equivalent...
Some or maybe all of this is probably resolved by the fix for #13, PR https://github.com/openid/OpenID4VCI/pull/380
I think I commented along these lines before but I can't find it so maybe it was only verbally on the call: This isn't a matter of just changing from...
Maybe the GitHub pipeline can be made to add the 'editors draft' automatically for the copy published to GitHub pages?