[Openid-specs-ab] OpenID Federation Wallet Architectures Draft

Tue Jul 30 09:17:36 UTC 2024

Hi all

Thanks for proposing this! I think we do need a spec that defines some federation terms for the issuer-holder-verifier model so if there were a call for adoption for work to define that I’d be broadly supportive.

I don’t think it’s immediately clear whether this should be a Connect or DCP working group item. In the current state (see below) I think it might be outside of the Connect WG’s scope, but this could change depending on the conclusion on the below points about metadata.

I would be interested to know why “openid_wallet_relying_party” was picked rather (say) “openid_wallet_client” (for consistency with “oauth_client”), and have similar questions about “wallet_provider” being used to refer to the “authorization server” side of a wallet.

I think there are questions to be asked about why additional metadata parameters for wallets/verifiers would be defined only for federation, for example “aal_values_supported” does not appear to be federation specific and hence, if it is generally applicable to many ecosystems, should be defined in OID4VCI. (If it is not generally applicable to many ecosystems it shouldn’t be in an OpenID spec at all.)

Similarly I think there are much bigger questions to be asked about defining “jwks” for credential issuers (see https://github.com/openid/OpenID4VCI/issues/62 and or /.well-known/jwt-vc-issuer in https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-04.html#name-jwt-vc-issuer-metadata) and I believe any initial version of this spec should not incorporate jwks so a robust discussion can be had about that before it is added to any working group spec. Similar questions arise around most of the items defined as verifier metadata too, e.g. presentation_definitions_supported is already proposed to be added to the VP spec: https://github.com/openid/OpenID4VP/issues/189

Thanks

Joseph

> On 29 Jul 2024, at 22:30, Giuseppe De Marco via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
> 
> Dear OpenID Connect working group,
> 
> The authors hereby contribute the attached OpenID Federation Wallet Architectures specification to the working group.  It defines OpenID Federation entity types for digital wallet architectures.
> 
> The specification contents are attached in HTML format.
> 
> Additionally, for the convenience of working group members, the specification source can be viewed at https://github.com/peppelinux/federation-wallet and the rendered HTML can be viewed at https://peppelinux.github.io/federation-wallet/main.html.
> 
> Best wishes, 
> 
> Giuseppe
> 
> <main.html>_______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20240730/4f2a2db2/attachment.html>