search

EWC-consortium / eudi-wallet-rfcs

EU Digital Identity Wallet RFCs in EWC to align towards the Large Scale Pilot (LSP) usecases. The project is co-funded by the European Union.
https://eudiwalletconsortium.org/
Apache License 2.0
28 stars 20 forks source link

OIDC4VP refers to draft v20 #19

Closed andreasabr closed 9 months ago

andreasabr commented 9 months ago

The RFC 002 refers to OIDC4VP draft v20, which does not reflect the internal decision made the EWC consortium that decided to implement the draft version 18. Did this change?

andreasabr commented 9 months ago

@lalc, @georgepadayatti after evaluating the two draft versions 18 and 20 I can say that there are no significant changes.

Only section 5.7 Verifier Metadata Management (#https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-verifier-metadata-managemen) introduces three new values that can be used as client_id_scheme, namely:

These value extend the possible values of did and entity_id. Question, should we stick with 18 or can we use the latest version 20?

lalc commented 9 months ago

@lalc, @georgepadayatti after evaluating the two draft versions 18 and 20 I can say that there are no significant changes.

Only section 5.7 Verifier Metadata Management (#https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-verifier-metadata-managemen) introduces three new values that can be used as client_id_scheme, namely:

  • verifier_attestation
  • x509_san_dns
  • x509_san_dns

These value extend the possible values of did and entity_id. Question, should we stick with 18 or can we use the latest version 20?

@esthermakaay : Can you please comment here? Shall we adopt oid4vp draft 20 spec, as there are no significant changes from 18?

ntsbs commented 9 months ago

The HAIP requires verifier_attestation and/or x509_san_dns https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0.html#section-5-1.7

andreasabr commented 9 months ago

@lalc @georgepadayatti we decided today to go with the draft version 20.

lalc commented 9 months ago

The HAIP requires verifier_attestation and/or x509_san_dns https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0.html#section-5-1.7

@ntsbs Before I close this issue during the day, could you pls confirm that there is no impact of this on the version 1 release?

ntsbs commented 9 months ago

@lalc Regarding this issue, using draft 20 is fine. I think for the first version of the RFCs it is also fine to leave out the client_id_scheme requirements from HAIP