[Openid-specs-digital-credentials-protocols] Request for VP implementor feedback: breaking change to fix client_id_scheme security
Joseph Heenan
joseph at authlete.com
Mon Sep 23 23:19:43 UTC 2024
Hi all
Some of you might remember that Daniel raised an issue about possible security issues with the way client_id_scheme is currently used in OpenID4VP quite a while ago:
https://github.com/openid/OpenID4VP/issues/124
After 6 months of discussion and a lot of different ideas considered, there is a proposed solution that a number of the WG feel both solves the issue and is workable:
https://github.com/openid/OpenID4VP/pull/263
We would like feedback from implementors/other interested parties on the proposal in this PR before making a final decision.
We hope to make a final decision on the 1st October WG call, so if you have questions/an opinion please either provide feedback by then (on the above pull request or by responding to this email) or join that call.
Many thanks
Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240924/477ab412/attachment.html>
More information about the Openid-specs-digital-credentials-protocols
mailing list