Clarify in OIDC4VP that purpose of sending back id_token and VP is different
There have been questions “why return ID Token when it is signed by the same user-controlled key as a Verifiable Presentation (VP) and the two seems duplicative”.
Suggest adding a text to OIDC4VP that clarifies that there are two functions in OpenID Connect, 1/ authentication of the user and 2/ return of the claims about the user. ID Token server the first purpose as an authentication receipt and VP serves the second purpose as a proof of possession of a third party attested claims.
Comments (6)
-
-
is an mdl a third party attested claim? or a statment about the wallet itself?
-
reporter I would say mDL would be a third party attested claim as it includes a signature of the Issuing Authority, even though mDL uses user device key as a user identifier.
-
reporter
-
reporter -
assigned issue to
-
assigned issue to
-
reporter - changed status to resolved
closed by merging PR #75
- Log in to comment
I agree with this perspective, as does Torsten, as discussed on the 9-Sep-21. Kristina agreed to write a PR to do this.