[Openid-dcp] Discussing SIOPv2 issues (#26 and #29)
Pascal Knoth
pascal at malach.it
Sun Nov 30 22:51:29 UTC 2025
Hi,
I submitted two issues on SIOPv2 specification repository:
- https://github.com/openid/SIOPv2/issues/29 telling about using siopv2 as
a key exchange to encrypt further messages
- https://github.com/openid/SIOPv2/issues/26 adding metadata policies along
with the id_token to restrict the signing key usage
I do not have production use cases for those but still think it may be
interesting to dig deeper in a security point of view, those additions
helping to create a secure front channel between the client and the
authorization server through siopv2 used as a back channel.
It would be great for me to discuss them during a meeting call where I
would explain maybe better the principles I tried to expose with these
additions. Do you think there can be a meeting call slot for me to present
this?
Thank you for reading me so far,
Pascal
--
Pascal Knoth - malachit
phone 0033 630739479
https://io.malach.it
With care from Paris, France
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20251130/e3c223d5/attachment.htm>
More information about the Openid-specs-digital-credentials-protocols
mailing list