search

oauth-wg / oauth-sd-jwt-vc

draft-terbu-sd-jwt-vc
Creative Commons Zero v1.0 Universal
20 stars 12 forks source link

Define how X509 certificate can be used as user's identifier #270

Closed cre8 closed 1 week ago

cre8 commented 1 week ago

Close to #205 we want to bind an sd-jwt-vc to an existing x509 certificate to reuse the trustchain and also to allow a proof-of-possession.

The approach to extract the public key from the x509, put into the existing jwk field and compare later the public keys seems a bit hacky...

Is your suggestion the same as in #205 to define a new spec or is there an existing approach that can be used for such a scenario?

bc-pi commented 1 week ago

If I'm understanding correctly, the existing x5t#S256 Certificate Thumbprint Confirmation Method sounds like it'd work?

https://www.iana.org/assignments/jwt/jwt.xhtml#confirmation-methods

https://www.rfc-editor.org/rfc/rfc8705.html#name-jwt-certificate-thumbprint-

cre8 commented 1 week ago

@bc-pi for now it should work, thank you!