[Openid-specs-ab] Issue #1567: `nonce` validation with nested verifiable presentations (openid/connect)

[Thomas Bellebaum]

New issue 1567: `nonce` validation with nested verifiable presentations
https://bitbucket.org/openid/connect/issues/1567/nonce-validation-with-nested-verifiable

Thomas Bellebaum:

From the Section on “Preventing Replay Attacks”:

> To prevent replay attacks, verifiable presentation container objects MUST be linked to client\_id and nonce from the Authentication Request. The client\_id is used to detect presentation of credentials to a different party other than the intended. The nonce value binds the presentation to a certain authentication transaction and allows the verifier to detect injection of a presentation in the OpenID Connect flow, which is especially important in flows where the presentation is passed through the front-channel.
>
> Note: These values MAY be represented in different ways in a verifiable presentation \(directly as claims or indirectly be incorporation in proof calculation\) according to the selected proof format denoted by the format claim in the verifiable presentation container.

Assume a RP is returned a Verifiable Credential inside a Verifiable Presentation Container inside another Verifiable Presentation Container. \(Yes, this is valid according to DIF.PresentationExchange, see also https://github.com/decentralized-identity/presentation-exchange/issues/355\).

Should we specify which VP should be signed by the holder and which should involve the nonce? There seems to be no mention of a nonce in Presentation Exchange other than

> Other protocols may require that a presentation be bound to a particular communication exchange or session. In these cases, a Presentation Request that provides a domain, challenge, or nonce value may be required.

In particular, it does not specify how to validate that a nonce was used.