[Openid-specs-digital-credentials-protocols] openid/oid4vc-haip-sd-jwt-vc: Comment created on issue 103
github at oidf.org
github at oidf.org
Fri May 24 13:06:25 UTC 2024
openid/oid4vc-haip-sd-jwt-vc event
Issue Comment created on issue 103
Issue Title: SD-JWT VC requires `iss` value to be a URI
https://github.com/openid/oid4vc-haip-sd-jwt-vc/issues/103
Comment: > So my analysis is: > > * we want Issuers to support both web-based and x509 keys at the same time > * almost all x509 certificates today use dNSName SAN > * SD-JWT VC disallows us this usecase as `iss` can only either be https:// or dns:// > * I believe nobody has implemented `iss` with "dns://..." > * my proposal: always use HTTPS URL for `iss`, matchting rules for for certificate from `x5c` header is that > > * X509 Certificate with uniformResourceIdentifier SAN must match with `iss` > * X509 Certificate with dNSName SAN must match the FQDN of the `iss` I'd be supportive of not using `dns://`. Can you propose this in the SD-JWT VC repository? I'm supportive of this direction.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240524/b4b6660a/attachment-0001.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list