OpenID4VP spec does not give detailed steps for VP Validation because VP/VC are credential format specific, so it is great that we now have this profile to clarify. (OpenID4VP spec can do much better at defining VP Token Validation - will take it as an action item https://bitbucket.org/openid/connect/issues/1682/define-vp-token-validation-steps-more)
PR #65 is a great start, but I think we need to agree on the order and concrete steps:
identify number of VPs and which one contains which of the requested VC(s) using presentation_submission
verify signatures on VP(s)
take out VC(s) from the VP(s)
validate the signature of the VC(s)
check the VC(s)' status
validate that iss of a VP matches sub in the VC (Holder Binding - missing right now)
perform linked domain verification on VC iss DID
we can also optionally add a text checking compliance to some frameworks/verifier's policy if any.
based on the review of PR #65.
OpenID4VP spec does not give detailed steps for VP Validation because VP/VC are credential format specific, so it is great that we now have this profile to clarify. (OpenID4VP spec can do much better at defining VP Token Validation - will take it as an action item https://bitbucket.org/openid/connect/issues/1682/define-vp-token-validation-steps-more)
PR #65 is a great start, but I think we need to agree on the order and concrete steps:
we can also optionally add a text checking compliance to some frameworks/verifier's policy if any.