[Openid-specs-ab] Defining JWT Claims to represent W3C Verifiable Credentials objects
David Waite
david at alkaline-solutions.com
Mon Apr 12 18:20:41 UTC 2021
Is the intention to have this behave like two more formats for claims (and being sources for aggregated/distributed claims), plus to extend claims documents like a signed userinfo JWT and VC-JWT/VC-LD-PROOF to be officially specced out as being embeddable within an id_token?
Or do we see {VC,VP}_{JWT,LD} and aggregated/distributed claims as different concepts?
My feeling is that the existing id_token and userinfo data are abstractly presentations (secured through transport and bearer security rather than some possession proof). The process to get a credential for later presentation is new protocol (and hence the new claims/credential provider spec work).
How do others anticipate this integration working?
-DW
> On Apr 12, 2021, at 5:30 AM, Kristina Yasuda via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>
> The intent was to define claims that can be used both inside ID Token (implicit flow/SIOP), and in UserInfo response (code flow). There are use-cases that use VC/VPs with OpenID Connect not just in SIOP (implicit flow with user-controlled OP) but also with the 'conventional' code flow, and I believe we need a generic way that works for both.
>
> Best,
> Kristina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210412/1e540bbd/attachment.html>
More information about the Openid-specs-ab
mailing list