peppelinux
commented
4 months ago I fully support this proposal.
Thank you @jogu for bringing this up.
Closed jogu closed 4 months ago
peppelinux
commented
4 months ago I fully support this proposal.
Thank you @jogu for bringing this up.
bc-pi
commented
4 months ago I am in favor (or favour) of the removal of client_metadata_uri
David-Chadwick
commented
4 months ago I am also in favour of its removal
awoie
commented
4 months ago I am also in favour of its removal
jogu
commented
4 months ago This was discussed on both working group calls this week with no objections raised.
As a final check I've sent a message sent to mailing list seeking to confirm that removing it won't cause problems for any implementors:
If we don't get any negative feedback by a week from today we will open a PR to remove it.
There are undocumented & unsolved security issues around
client_metadata_uri( https://github.com/openid/OpenID4VP/issues/14 ) and further concerns that it's not clear what client metadata parameters can actually be used in it ( https://github.com/openid/OpenID4VP/issues/17 ).There's a further suggestion to decide an alternative way of fetching client metadata from a .well-known location ( https://github.com/openid/OpenID4VP/issues/82 ).
Given all this I would like to propose we just remove
client_metadata_urifrom the specification entirely.