Closed peppelinux closed 2 weeks ago
@fmarino-ipzs @grausof the PR was merged 5 days ago
it has positive impacts on the trust model, since the rp shows a verifiable attestation about itself and this then is obviously signed by a trusted third party
using federation, this verifiable attestation should contain the trust_chain JWS header parameter, or at least a x5c, for the trust evaluation
Regarding how the attestation can be provisioned using Federation and then the requirement to relax its typ parameter: https://bitbucket.org/openid/connect/issues/1992/openid4vp-relying-party
@fmarino-ipzs ^
This issues is related to policies and grants given to RPs
this impacts federation and X.509 certificates.
Verifier Client Attestation seems to be deprecated, trust chains (federatiopn or X.509) seems to have more concreteness
thread here https://bitbucket.org/openid/connect/pull-requests/524/add-verifier-attestation-jwt-definition
this may have an impact on the trust evaluation mechanisms during the presentation phase. I agree the solution proposed in the PR, since the verifiable attestation in our implementation should have a
trust_chain
in the JWS header, or at least ax5c
parameterThe requirements are listed below: