[Openid-specs-ab] Issue #1758: Credential Issuer Identifier underspecified (openid/connect)
Daniel Fett
issues-reply at bitbucket.org
Wed Dec 28 11:39:57 UTC 2022
New issue 1758: Credential Issuer Identifier underspecified
https://bitbucket.org/openid/connect/issues/1758/credential-issuer-identifier
Daniel Fett:
Current text:
> A Credential Issuer is identified by an HTTPS URL. The way the wallet discovers the Credential Issuer's URL is out of scope of this specification.
> \(…\)
>
> Credential Issuers publishing Metadata MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-credential-issuer to the Credential Issuer identifier. If the Credential Issuer value contains a path component, any terminating / MUST be removed before appending /.well-known/openid-configuration.
The credential issuer identifier need to be defined as in OIDC core to ensure that there is no query or fragment component. I assume that is what is desired, but if query or fragment need to be allowed, the last two sentences need to be reworded to fit the model.
OIDC Core says this on the issuer identifier:
> Verifiable Identifier for an Issuer. An Issuer Identifier is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
More information about the Openid-specs-ab
mailing list