Open peppelinux opened 3 months ago
currently the draft would require us to register 2 new CWT claims for credential_hash_alg, and credential_hash.
but in CBOR, you can register a single claim like:
credential_hash, and set it to be an array where the first element is a COSE alg for a hash, like -16 for sha-256, and the second element is the hash value.
in CDDL:
CWT_Claims = {
&(iss: 1) => tstr
&(sub: 2) => tstr
&(credential_hash: TBD) => [ hashAlg: (int / tstr), hashValue: bstr ]
* int => any
}
in CBOR, this structure might be a better solution for this:
See https://datatracker.ietf.org/doc/html/rfc9360
_Originally posted by @OR13 in https://github.com/peppelinux/draft-demarco-oauth-status-assertions/pull/65#discussion_r1635626847_