Joseph Heenan
Joseph Heenan
As per comments above and this comment chain on the PR https://github.com/openid/OpenID4VCI/pull/515#discussion_r2101131125 - marking this as pending close.
closing as per previous comments
The conformance suite doesn't follow redirects for request Uris, or any other cases other than in the authorization endpoint.
> In my mind this is one of the only options to present self-issued/self-asserted credentials. I don't agree removing it from HAIP necessarily, but are we sure we don't remove...
I'm not sure I understand the details of this proposal yet, but I can see two things that would need to happen in addition to removing client_id_scheme and allowing multiple...
https://github.com/openid/OpenID4VP/issues/248 proposes what I think may be a more general solution.
The easiest mitigation is to always send / only accept credential offers by value. Then the wallet can probably at worst only be tricked into fetching /.well-known/openid-credential-issuer which should be...
As agreed at last week's WG call ( https://github.com/openid/OpenID4VCI/pull/500#issuecomment-2967331167 ) - we now have @leecam & @lchacha 's reviews/approvals, and have discussed this mechanism at a few WG calls, and...
Discussed on today's WG call: - Restrict scope to presentation (using OpenID4VP) during issuance - Have extension points so presenting ID cards etc can be defined elsewhere - We need...
Discussion on 1st May WG call: Proposal above doesn't work if the credential is being issued into a different wallet than holds the credential to be presented. But solving for...