[Openid-specs-ab] Issue #1392: [OIDC4VCI] protocol optimization (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Wed Jan 12 19:44:28 UTC 2022
New issue 1392: [OIDC4VCI] protocol optimization
https://bitbucket.org/openid/connect/issues/1392/oidc4vci-protocol-optimization
Kristina Yasuda:
A placeholder issue to discuss optimizing the flows, once we stabilize the protocol. Some of the current ones are:
* include p\_nonce in Issuance Initiation Request \(PR #98\) - may introduce security vulnerability because attacker can send an Issuance Initiation Request with a random p\_nonce and legitimate issuer identifier, and encourage the wallet to generate a replayable input VP
* include login\_hint in Authorization Request \(PR #98\) - potentially not needed since including op\_state in the authorization request is more actionable for the Issuer
More information about the Openid-specs-ab
mailing list