[Openid-specs-ab] Issue #1278: Credential Endpoint Request (openid/connect)
Edmund Jay
issues-reply at bitbucket.org
Mon Aug 16 20:07:36 UTC 2021
New issue 1278: Credential Endpoint Request
https://bitbucket.org/openid/connect/issues/1278/credential-endpoint-request
Edmund Jay:
Comments from TL regarding original Credential Provider spec:
Credential Endpoint Request
* I assume the objective of the signed object in the credential endpoint request is proof of possession of a private key linked to the DID for which the credential shall be provided \(basically holder binding\). To me this seems to be less of a OIDC signed request object than a SIOP/portable identifier assertion/id token. The purpose of the OIDC signed request object is to authenticate the client, which does not happen in this case. It’s instead an assertion signed by the holder \(sub?\), so why is the iss containing an identifier of the wallet? Where is this data used?
More information about the Openid-specs-ab
mailing list