oid4vc-haip-sd-jwt-vc icon indicating copy to clipboard operation
oid4vc-haip-sd-jwt-vc copied to clipboard

Published 20 hours ago verified publisher icon openid

key attestation in HAIP

Open Sakurann opened this issue 1 year ago • 3 comments

Key attestation has been added to OID4VCI. How do we want to profile it in HAIP? Do we want to mandate key_attestation proof type?

Sakurann avatar Nov 20 '24 17:11 Sakurann

it looks like implementers are using both, suggest we change to the following

The wallet MUST support both the JWT proof type and attestation proof type. The Credential Issuer MUST support both. When the JWT proof type is used, key_attestation proof type MUST be supported.

this would de facto mandate key attestation, but the issuer has a choice.

Sakurann avatar Dec 13 '24 13:12 Sakurann

as discussed in #32, we should discuss if we want to mandate any other JWT header parameter (jwk, x5c, trust_chain, in addition to key_attestation)

Sakurann avatar Dec 13 '24 13:12 Sakurann

I suggest to start by adding the key attestation methods mentioned above to HAIP. I would make both MTI for issuers and let the wallet choose.

tlodderstedt avatar Jan 09 '25 08:01 tlodderstedt