<div dir="ltr"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>One major problem with the OAuth model and this contribution is the conflation of the subject and the holder.</div><div>To be inclusive these two roles may be entirely different entities.</div><div>It seems to be that this conflation must be excised if OAuth is to be acceptected as the digital credential model to be used for government supplied rights and privileges.</div><div><br></div><div>..tom</div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 11, 2023 at 8:14 AM Daniel Fett via Openid-specs-digital-credentials-protocols <<a href="mailto:openid-specs-digital-credentials-protocols@lists.openid.net">openid-specs-digital-credentials-protocols@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>Hi all,</p>
    <p>I'd like to contribute the "Security and Trust" document to the
      DCP WG: <a href="https://github.com/vcstuff/oid4vc-security-and-trust" target="_blank">https://github.com/vcstuff/oid4vc-security-and-trust</a></p>
    <p>It has been discussed earlier, but had no official status so far.
      <br>
    </p>
    <p>-Daniel<br>
    </p>
  </div>

-- <br>
Openid-specs-digital-credentials-protocols mailing list<br>
<a href="mailto:Openid-specs-digital-credentials-protocols@lists.openid.net" target="_blank">Openid-specs-digital-credentials-protocols@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols</a><br>
</blockquote></div>