RP as synonym for wallet might be misleading
Issue #1473
resolved
“RP” as a role predates both OIDC and OAuth, indicating an entity that consumes a token to identify a caller/grant access.
OAuth clients aren’t RPs, as they get tokens to gain access to other resources rather than consuming them themselves.
In OIDC client==RP, though- because the defining characteristic of OIDC, the idtoken, is indeed meant for consumption by the client itself, and often used as a factor in granting access, RP session creation etc.
In VC issuance, it would appear that the wallet behaves more closely to an OAuth client- offering the ability to ask, obtain (and present) credentials that are meant to be consumed by other entities (verifiers) rather than the client(wallet) itself.
As such, I feel that the (client==RP) notion in OIDC doesn't apply here, and calling the wallet RP is misleading for the reader familiar with existing literature.
Comments (6)
-
-
Good points!
-
We need to discuss this in the context of PR #149
-
Very much agree with the sentiment here, it feels like the conclusion is that the entity should either be referred to as the client in the context of this flow OR some new term? The confusing tendency that has been made in the past here is to try come up with a term that describes this entity in the two primary flows it participates in 1) credential issuance 2) credential presentation, hence where the term “holder” or “wallet” has appeared, so the other option is to try and use a term that describes this party across these two flows? Personally I would be happy with just referring to this entity as the client in the context of the issuance draft
-
Vittorio, would you consider this issue to be resolved by merging PR #149?
-
- changed status to resolved
PR #149 (happy to reopen)
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Credential Issuance
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 2
The RP also consumes the other output of OpenID Connect Authentication - the UserInfo Endpoint Response, which contains the claims about the end-user.