Introduce user identifier section

bifurcation / userinfo-vc

A core interop profile for Verifiable Credentials in OpenID

0 stars 1 forks source link

Introduce user identifier section #16

Closed Sakurann closed 1 year ago

Sakurann commented 1 year ago

It would be helpful to explicitly point out what is used as an identifier for the issuer and the holder as it impacts key management and does not use DIDs (I think?)

bifurcation commented 1 year ago

No, we do not use DIDs, to avoid that complexity. Note that the VC spec only says that these identifiers (the issuer and credentialSubject.id fields) have to be URIs, not DIDs. So the proposal here is to use two easy-to-use URI types for this:

For the holder: A JWK thumbprint URI, which identifies the holder by their public key
For the issuer: An OIDC Issuer Identifier, i.e., an https URL

Happy to make this clearer, though.

Sakurann commented 1 year ago

As a first step, if we can make these requirements clear, that would be helpful.

We might need a separate issue to discuss what identifier actually is, but just to provide 2 cents. I understand where you are coming from with https URL and JWK thumbprint, and honestly, that would be my ideal combination, but I do have to point out that this choice would limit interoperability with other ecosystems who are actively making a choice to use DIDs.

One advantage of DIDs I got convinced was the fact that DID Documents are standardized and that they are extensible - they can contain not only public key but other info in a standardized manner.

bifurcation commented 1 year ago

As Pieter suggested, I changed to did:jwk.