Server metadata needs to specify supported proof types / algorithms
The credential request contains a proof of possession of a private key by the client. The spec allows flexibility in the type of proof provided, though only JWT is defined. (I filed #1696 on whether this flexibility is required.) A client needs to know what proof types and signature algorithms the server supports. It seems like this calls for some server metadata fields, say credential_proof_types_supported
and credential_request_alg_values_supported
.
Comments (5)
-
-
- changed status to open
-
I agree an Credential Issuer metadata need
proof_type_supported
equivalent of
credential_request_alg_values_supported
is already covered bycryptographic_binding_methods_supported
andcryptographic_suites_supported
defined here: https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#section-10.2.3.1-2.3.1 -
-
- changed status to resolved
PR merged
- Log in to comment
We looked at this on the 31-Oct-22 working group call. It would probably benefit from discussion on a SIOP special topic call.