[Openid-specs-ab] Issue #1452: Is proof of strong holder binding required for issuance? (openid/connect)
Jeremie Miller
issues-reply at bitbucket.org
Thu Mar 3 16:05:08 UTC 2022
New issue 1452: Is proof of strong holder binding required for issuance?
https://bitbucket.org/openid/connect/issues/1452/is-proof-of-strong-holder-binding-required
Jeremie Miller:
This question arose as part of PR #133, copying in some of the comments from there:
Jeremie:
> What is the use-case for having a `did` only claim without a `proof`? If the Client is always capable of generating a `proof` shouldn’t they be required to?
Kristina:
> If I recall correctly, the reason why there is an option to send only a `did` is because “Some DID Methods do not require the End-User identified by a DID to also be a controller of a private key associated to a public key in a DID Document tied to that DID“. \(as stated in the security considerations [OpenID Connect for Verifiable Credential Issuance](https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html#name-proving-control-of-a-did-pr) \)
>
> However, an argument can be made that those DID methods should not be used..? in which case, mandating a `proof` property makes sense.
More information about the Openid-specs-ab
mailing list