We have had some good discussions on this during past calls and I wanted to formally get this down somewhere to kick off a discussion and aim to reach consensus on the use of the
iss claim in SIOP v2.
We would like to discuss the option of enabling other URIs to be included as the
iss claim and it not be constrained to self-issued.me/v2.
For example being able to specify a URL of a PWA / cloud wallet provider as the
iss , which can prove useful information for an RP that is being presented claims from such. We’d like a model that does not presume a specific deployment architecture of a wallet but is inclusive; native, PWA, cloud, etc.
Also, we had previously mentioned that the presence of a
sub_jwk could be the signal to the RP that the token is self signed instead of the
iss claim being constrained to self-issued.me/v2, as one option to consider.
Look forward to the discussion on this topic, thanks!