iss value

[nklomp]

~~In the SIOPv2 spec the iss value possibilities were changed from a static https://self-issued.me/v2 (see PR for the change https://bitbucket.org/openid/connect/pull-requests/120). Basically the iss is the sub for a SIOP. See https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-self-issued-id-token~~

edit: the above change is in the latest SIOPv2 specs.

The first implementers draft of SIOPv2 ID1 (https://openid.net/specs/openid-connect-self-issued-v2-1_0-ID1.html) lists the iss claim as https://self-issued.me/v2

In this profile the value is https://self-issued.me/v2/openid-vc with requirement: iss claim MUST be https://self-issued.me/v2/openid-vc. (see https://identity.foundation/jwt-vc-presentation-profile/#id-token-validation)

Is there a specific reason for this value change vs the SIOPv2 ID1 spec?

[Sakurann]

the use of self-issued.me/v2 should be used only when static SIOP metadata is used. that static metadata is bound to the usage of a custom url scheme openid:. https://openid.net/specs/openid-connect-self-issued-v2-1_0-ID1.html#section-8.1 because this profile does not use openid:, it needed a new identifier.