oid4vc-haip-sd-jwt-vc icon indicating copy to clipboard operation
oid4vc-haip-sd-jwt-vc copied to clipboard

Published 20 hours ago verified publisher icon openid

Clarify connection between status management and credential

Open cre8 opened this issue 5 months ago • 2 comments

The Oauth Status List gives some information of the trust management between the credential issuer and the status manager.

In some situations, someone could use a status management provider, so the entity of the credential issuer and status management is different. Then it is considered to link it via the same certificate authority. But how do I link these two entities together, is it just that they need to be issued via the same CA?

cre8 avatar Jun 23 '25 07:06 cre8

This may just be out of scope? The wallet/verifier need to decide what status management providers they trust, in the same way they need to decide what credential issuers to trust.

I think it some cases it will be sufficient that the token status list is signed by a certificate that has a trusted root certificate (given which token status list is used is listed in the credential I think there's already a reasonable degree of trust in it?)

jogu avatar Aug 04 '25 08:08 jogu

agree with joseph this sounds like out of scope, given that there are possibly multiple reasons why these two providers might be different or same

Sakurann avatar Aug 19 '25 19:08 Sakurann