[Openid-specs-ab] Issue #2059: [Federation] Aligning trust_framework, verifier attestation, other signer/issuer/verifier related attributes (openid/connect)
alen_horvat
issues-reply at bitbucket.org
Tue Sep 5 10:05:57 UTC 2023
New issue 2059: [Federation] Aligning trust_framework, verifier attestation, other signer/issuer/verifier related attributes
https://bitbucket.org/openid/connect/issues/2059/federation-aligning-trust_framework
Alen Horvat:
Hi.
In summary: different standards propose different ways to transport credential signer or issuer data.
Goal is trying to align the different initiatives to use the same transport mechanism for trust chains, attestations.
Related issues:
* [https://github.com/lovele0107/signatures-conformance-checker/issues/41](https://github.com/lovele0107/signatures-conformance-checker/issues/41)
* [https://github.com/openid/OpenID4VP/issues/36#issuecomment-1702545905](https://github.com/openid/OpenID4VP/issues/36#issuecomment-1702545905)
Proposal is to re-use the design of ETSI JAdES where trust chain/entity statements can be transported in the signer attribute JOSE header claim. Note that design supports both embedded and referenced attributes.
Furthermore, as outlined in the github signature conformance checker discussion above, the proposal is fully JAdES compliant which means it can cater for all 4 signature profiles \(B, L, LT, LTA\). We tested it against the JAdES JSON schema, reviewed and tested the approach against the specification, and we also ran test against the JAdES conformance checker.
The only thing that would change is updating the text wrt the trust\_chain JOSE header claim.
What is the opinion of the WG?
Note: same proposal has been made for the newly introduced “Verifier Attestations” in the OID4VP specifications.
More information about the Openid-specs-ab
mailing list