-
In the current state, according to RFC9101, the Wallet must fetch the Request Object from `request_uri` without having any means to verify the identity and authenticity of the Verifier. The request fo…
-
JAR endpoints returns raw JSON. This is incompatible with the JAR standard which expects a signed JWT.
Steps to reproduce:
```sh
# Grab a VP request:
$ curl http://localhost:3000/generateVpReque…
-
Hello, I'm attempting to issue and verify MDOC credentials besides MDL and am running into an issue around verifying the cert chain that is passed in the JWT's header during the OpenID4VP process. For…
-
It should be discussed to mandate the JAR-encoded Authorization Request according to RFC9101 and restrict usage of URL- encoded Authorization Request from RFC6749 as
1. they do not offer integrity
…
-
We should start looking at how to fold in the dictionaries of [mDoc request](https://github.com/WICG/digital-credentials/blob/main/mobile-document-request-api-proposal.md) into the spec.
-
For the actual Authorization Request there are currently three main options:
1. passing as URL with encoded parameters
2. passing a request object as value
3. passing a request object per referen…
-
Based on commentary in this issue about the complexity in PeX and it being viewed as too complicated for a presentation request language (I agree):
https://bitbucket.org/openid/connect/issues/1917/…
-
I may have read the specification poorly but it seems that OpenID4VP is not using HTTP Message Signatures (RFC 9421).
This is somewhat surprising since the FAPI WG have decided to replace their cur…
-
I recently implemented OID4VP and found it a great specification enabling identity traits management on top of SIOPV2. For both of those, I had to set at verifier configuration level a switch to defin…
-
# Use case(s)
When enabling a use case for a care organization using a particular vendor's software, the care organization is to be issued a UseCaseCredential by an auditing body. This will be initia…