OpenID4VCI icon indicating copy to clipboard operation
OpenID4VCI copied to clipboard

Published 20 hours ago verified publisher icon openid

Credential Response encryption not specified for the Deferred Credential Endpoint

Open GarethCOliver opened this issue 6 months ago • 1 comments

Credential Response encryption is not specified for Deferred Credential Endpoint.

It also might be nice to be able to provide a new jwk in the deferred credential request to perform this encryption (rather than relying on the one provided originally) as if this takes a long time maintaining those keys might be problematic.

GarethCOliver avatar May 16 '25 23:05 GarethCOliver

makes sense. just adding a sentence that encryption is the same in deferred and normal credential endpoint make sense?

Sakurann avatar May 20 '25 18:05 Sakurann

let's keep Credential Request/Response similar to Deferred Credential Request/Response to keep possibility to merge them

paulbastian avatar May 20 '25 19:05 paulbastian

WG discussion:

  • 3 questions:
    • response encryption keys included in deferred credential request? optional or mandatory? mandatory.
    • same issuer metadata for the encryption related metadata? YES
    • deferred credential request encryption from a consistency perspective? yes if ...
      • ideal design goal is for credential endpoint and deferred credential endpoint to be symmetrical
  • should be considered in conjunction with #507

Sakurann avatar May 20 '25 19:05 Sakurann