Torsten Lodderstedt
Torsten Lodderstedt
I suggest to start by adding the key attestation methods mentioned above to HAIP. I would make both MTI for issuers and let the wallet choose.
Just check back with ppl from ETSi. They are in favor of (in addition to x.509 for qWACs and qSeals) having a VC-based mechanism for Verifier authentication.
Suggested text: "vct and type coexist, but vct MUST be set to one value in the type array."
VCI metadata is about the issuance process, so it is intended to be used by wallets. Using it to distribute key material to verifiers would mean the verifier needs to...
The document does not refer to HAIP at all. It does define the requirements regarding SD-JWT VC and mdoc from scratch and it duplicates text from HAIP.
re x.509 credential format profile: CSC TC is considering working on this as part of the "Data model for remote signature applicaons"
Outdated citations from HAIP around ckient id prefixes. (x509_san_dns or verifier_attestation).
6.1.4 Authorization Response the following requirement is unclear as the custiom scheme haip applies to presentation requests OIDVP_COMMON_RESP-01: The WU shall support at least a custom URL scheme "haip://" for...
OIDVP_SDJWTVC_RESP-05: All the EAAPs included in the authorization response shall be signed by the EAA subject. This should be defined for each credential fornat individually (and typically is).
OIDVP_SDJWTVC_RESP-08 duplicates text from OpenID4VP section 8.2