Closed tlodderstedt closed 2 years ago
for v2, we will raise a PR to clarify the claim format section to indicate that the formats listed may not be the only acceptable options, SHOULD use the ones in the spec.
@tlodderstedt on re-reading, I think the idea of a registry might be an interesting option, and DIF has lately been trying to establish a precedent and method for registry management, maybe we should discuss out-of-band what a registry would look like that facilitated harmonization between non-PE OIDC implementations and non-OIDC PE implementations? seems a broader issue than the one-line editorial PR that will close this issue 😄
I'm interested in a registry as well. Question: is that a new work item / repo?
It certainly would be a separate repo tracked by the C&C WG as a distinct work item, although it would probably be discussed on the same call by the same group...
@tlodderstedt , if you're asking for this group (the PE work item) to open a lightweight repo and point to it from the spec before v2 is finalized, i think we could. Unless you were asking for something different?
Hi,
at IIW we discussed the idea of using an IANA registry for that purpose. Mike Jones offered assistance as he is very experienced with this kind of registries.
best regards, Torsten.
Creating an IANA registry takes an RFC. But there's precedent for creating such RFCs to establish registries. For instance, the W3C WebAuthn WG created https://datatracker.ietf.org/doc/html/rfc8809 to establish IANA registries that it could use. We could do the same.
The PE spec currently "hard-codes" format identifiers for a couple of credential and presentation formats. This prevents implementers from using PE with other formats. As discussed at IIW, I suggest to introduce a registry to allow for extensibility.
Here are examples of how PEW could be used for other credentials: https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html#name-alternative-credential-form