paulbastian
commented
1 week ago I support adding both metadata as optional parameters to Credential Offer.
We should make clear that this is currently intended to enable an offline credential selector/matcher. The Wallet should make sure that the metadata is authentic and probably fetch it on their own after wallet invocation
we added support to use OpenID4VP over Digital Credentials API, it would be beneficial to add support to use Digital Credentials API for VCI, too, when passing a credential offer. it would greatly help with wallet selector. Not so much with cross-device security, since credential offer is not signed, but adding an origin information to the credential offer might help already?
This was discussed at IIW and since the wallet matcher needs enough information to make a decision whether the wallet can support a credential offer from a specific issuer, and wallet matcher cannot make an external call, the preferred direction seems to be to add entire issuer metadata and authorization server metadata by value to the credential offer, when it is passed over the browser API. and the wallet can make its own decision which issuer it can talk to, based on that information.