OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard

Published 20 hours ago verified publisher icon openid

Expand text about how the result of browser API is processed

Open jogu opened this issue 1 year ago • 1 comments 

          This is mostly ok, but we probably want to discuss more how one gets back a `DigitalCredential` instance, then how one gets the data out of it. Hi @timcappalli !

Originally posted by @marcoscaceres in https://github.com/openid/OpenID4VP/pull/155#discussion_r1660613302

jogu avatar Jul 02 '24 22:07 jogu

As mentioned in https://github.com/openid/OpenID4VP/pull/155#discussion_r1668871320 in order to provide interoperability of the browser api, we need to define the full details and require support of at least one mechanism for response encryption. To satisfy the interoperability requirements, we need specify the details for the response encryption mechanism that must be be supported by the wallet. This includes at least the following items (Noting that some of these items are already partly specified), what other items do we need to specify?

Details for the key material provided by the Wallet and RP

  • Algorithm and curve requirements

Details for transmission of key material

  • How is the RP key material included in the request
  • How is the RP key material authentication information included in the request
  • How is the wallet key material included in the response

Details for authentication of key material (if applicable)

  • What (if any) are the requirements for the authentication information used to authenticate the key material (e.g. x509 certificates)
  • Which cryptographic mechanism is used to authenticate the RP key material

Details for the cryptographic primitives used

  • Which algorithm and inputs are used to derive the encryption key material provided by the RP and the wallet.
  • How is the origin information included in these derivations (see also https://github.com/openid/OpenID4VP/issues/209 )
  • How is the response encryption bound to key / device binding credential format specific mechanisms (if applicable), (see also https://github.com/openid/OpenID4VP/pull/155#discussion_r1668830694 )

martijnharing avatar Jul 09 '24 08:07 martijnharing

i think this has been superseded by the recent changes in DC API. closing in a week unless objections

Sakurann avatar Mar 04 '25 20:03 Sakurann