[Openid-specs-digital-credentials-protocols] OID4VP draft 26 published
Joseph Heenan
joseph at authlete.com
Sat Apr 12 19:26:53 UTC 2025
Hi all
Draft 26 of OID4VP has been published:
https://openid.net/specs/openid-4-verifiable-presentations-1_0-26.html
The reason for publishing this is so we have a published numbered draft for working group members to review during working group last call (look out for a separate email on that subject in the next day or so).
Change log is:
add verifier_attestations to list of authorization parameters
renamed "Client ID Scheme" to "Client ID Prefix", and updated metadata (client_id_prefixes_supported) and an example error_description to match
add note that iss must be ignored if present in the request object
added security considerations for value matching in DCQL
require kid in JWE response header if present in client_metadata jwks
added some more (non-exhaustive) privacy considerations with pointers to SD-JWT and OpenID4VCI
add implementation consideration about pre-final specs
remove DIF Presentation Exchange as a query language option
Changes in the DCQL query parameters specific to W3C VCs and AnonCreds
Introduce ability to present without key binding, including a new parameter require_cryptographic_holder_binding in the Credential Query
Adapt usage of "Verifiable Presentation" to only refer to Presentations with Holder Binding and "Presentation" to refer to all types of credential presentations
change the identifier for the ETSI trusted list trusted_authorities entry from openid_fed to openid_federation
change openid_fed to openid_federation for Trusted Authorities Query
remove JARM and response signing, using JWT directly for unsigned, encrypted responses.
make consistent the use of prefixes in the client_id prefixing, defining new openid_federation: and decentralized_identifier: prefixes
fix nonce computation for AnonCreds
For w3c vc, DCQL type_values now matches against expanded type values
For ISO mdoc, doctype_value is now mandatory in DCQL query meta parameter
For SD-JWT VC, vct_values is now mandatory in DCQL query meta parameter
For W3C VC, type_values is now mandatory in DCQL query meta parameter
purpose element removed from DCQL credential_sets
Add new DC API openid4vp-v1-multisigned protocol identifier for requests with JWS JSON Serialization
Remove incorrect requirement for automatic registration when using OpenID Federation
Change DCQL processing rules to allow the same credential to fulfil different queries
Thanks
Joseph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20250412/28e973b1/attachment.htm>
More information about the Openid-specs-digital-credentials-protocols
mailing list