[Openid-specs-ab] Issue #1539: Server metadata under specified (openid/connect)
Travis Spencer
issues-reply at bitbucket.org
Fri Jun 24 09:25:39 UTC 2022
New issue 1539: Server metadata under specified
https://bitbucket.org/openid/connect/issues/1539/server-metadata-under-specified
Travis Spencer:
[Section 8.1](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-authorization-server-metada) of the 21 June 2022 draft of OIDC4VP under specifies server metadata. It simply says:
> A JSON object defining the formats, proof types and algorithms of verifiable presentations and verifiable credentials that a RP supports. Valid **values** include…
What is a value of a JSON object? There’s no normative or non-normative reference to a JSON spec, but RFC 7591 and OpenID.Registration have such references to RFCs that are updated to [RFC 8259](https://datatracker.ietf.org/doc/html/rfc8259#section-4) which says:
> An object structure is represented as a pair of curly brackets surrounding zero or more **name/value pairs \(or members**\).
From this, I can’t make out what 8.1 is saying exactly. \(Sorry I’m being pedantic, but it’s important to be exact in specs, right?\)
As a result, one could argue that the following is valid metadata:
```json
{
"vp_formats_supported": {
"key1": [
{ "value": "jwt_vp" },
"my_good_proof_type",
"my_good_algorithm"
],
"key2": [
{ "value": "ldp_vp" },
"my_other_good_proof_type",
"my_other_good_algorithm"
]
}
}
```
From the example of client metadata in 8.2.3.1, one could infer the expected structure of this JSON object. \(For this reason, I view this issue as minor\). However, the spec should clearly state this in 8.1 IMHO.
More information about the Openid-specs-ab
mailing list