[Openid-specs-ab] Defining JWT Claims to represent W3C Verifiable Credentials objects

David Waite david at alkaline-solutions.com
Mon Apr 12 18:20:41 UTC 2021


Is the intention to have this behave like two more formats for claims (and being sources for aggregated/distributed claims), plus to extend claims documents like a signed userinfo JWT and VC-JWT/VC-LD-PROOF to be officially specced out as being embeddable within an id_token?

Or do we see {VC,VP}_{JWT,LD} and aggregated/distributed claims as different concepts?

My feeling is that the existing id_token and userinfo data are abstractly presentations (secured through transport and bearer security rather than some possession proof). The process to get a credential for later presentation is new protocol (and hence the new claims/credential provider spec work).

How do others anticipate this integration working?

-DW

> On Apr 12, 2021, at 5:30 AM, Kristina Yasuda via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> The intent was to define claims that can be used both inside ID Token (implicit flow/SIOP), and in UserInfo response (code flow). There are use-cases that use VC/VPs with OpenID Connect not just in SIOP (implicit flow with user-controlled OP) but also with the 'conventional' code flow, and I believe we need a generic way that works for both.
> 
> Best,
> Kristina

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210412/1e540bbd/attachment.html>


More information about the Openid-specs-ab mailing list