-
During IIW, a good point was raised about whether the specification should require a new parameter `client_discovery` for the client to indicate to the AS that its client_id is a URL.
Here is a bri…
-
Decrypting the PAL header (or other future decryption actions) is done by getting the latest DID Document. If a key rotation has occurred, an older key might be able to decode but this is currently no…
-
When using inline credential offers (so using an object directly in the `credentials` array in an offer), the only required general property is the `format`. All other fields are declared by the forma…
-
Is it a requirement to return an ID Token?
OpenID4VP is based on OAuth and ID Token is optional. I have not found a reason to mandate ID Token in this document but I migh tbe missing something.
I s…
-
There seem to be certain requirements around crypto algorithms which should be separated into its own section
> The alg value MUST represent a digital signature algorithm supported by the Verifier. T…
-
related to issue #2, calling this document OpenID Connect Verifiable Credentials is too broad of a scope and is too conflicting with OpenID4VC spec family that it builds upon. Suggest to pick somethin…
-
There are two things being profiled in the doc and it may be easier to keep the profiles of the credential format (VCs) seperate from the issuance protocol.