[Openid-specs-digital-credentials-protocols] openid/oid4vc-haip-sd-jwt-vc: Comment created on issue 103
github at oidf.org
github at oidf.org
Fri May 24 11:07:49 UTC 2024
openid/oid4vc-haip-sd-jwt-vc event
Issue Comment created on issue 103
Issue Title: SD-JWT VC requires `iss` value to be a URI
https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/103
Comment: HAIP currently says: "x.509 certificates: the SD-JWT VC contains the issuer's certificate along with a trust chain in the x5c JOSE header. In this case, the iss value MUST be an URL with a FQDN matching a dNSName Subject Alternative Name (SAN) [[RFC5280](https://openid.github.io/oid4vc-haip-sd-jwt-vc/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-wg-draft.html#RFC5280)] entry in the leaf certificate." https://openid.github.io/oid4vc-haip-sd-jwt-vc/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-wg-draft.html#section-7.1-2.2 In fact, most x509 certificates SAN are DNS and therefore not a URI, so this is problematic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240524/c34f0ecc/attachment.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list