Closed matgnt closed 1 year ago
I think that's what the statement "The identity standard used by a provider is not defined but could be" says, although we could further qualify this by saying, "The identity standard used by a provider is not defined but could be, for example, ..."
An Identity Provider is a trust anchor that generates ID tokens used to verify the identity of a Participant Agent. Multiple identity providers may operate in a dataspace. The identity standard used by a provider is not defined but could be OAuth2 or Decentralized Identifiers using did:web. An identity provider may be a third-party or a participant itself (for example, in the case of decentralized identifiers).
https://github.com/International-Data-Spaces-Association/ids-specification/blob/main/model/information.model.mdWe should not allow-list only did:web but leave it open towards the dataspace to define which did method (did:*) is allowed.