- edited description
3.1 - Credential Endpoint Request
Issue #1278
new
Comments from TL regarding original Credential Provider spec:
Section 3.1 - Credential Endpoint Request
- I assume the objective of the signed object in the credential endpoint request is proof of possession of a private key linked to the DID for which the credential shall be provided (basically holder binding). To me this seems to be less of a OIDC signed request object than a SIOP/portable identifier assertion/id token. The purpose of the OIDC signed request object is to authenticate the client, which does not happen in this case. It’s instead an assertion signed by the holder (sub?), so why is the iss containing an identifier of the wallet? Where is this data used?
Comments (2)
-
reporter -
reporter - changed title to 3.1 - Credential Endpoint Request
- Log in to comment