Do new entity types required for OID4VP/SIOPv2 to use Entity Statements defined in OpenID Federation?
Brought up during Connect call. I am honestly not sure. MikeJ said it is up to the editors of OID4VP. guidelines how to think about the need would be appreciated.
Comments (13)
-
-
Im really not sure what to think ,but the issue needs to be addressed
-
OIDC Federation:
1. allows new metadata types to be defined to support use cases outside OpenID Connect federations.
2. The metadata type identifier will uniquely identify which metadata specification to utilize.
3. The metadata document MUST be a JSON object. Beyond that, there is no restriction.said that, I can imagine this in an Entity Configuration:
"metadata" : { "openid_self_issued_provider": {}, "openid_credential_issuer": {}, }
even if the
openid_credential_issuer
may be simply configured asoauth_authorization_server
this should be valid also for OpenID4VP, it could be defined asoauth_authorization_server
-
reporter so guess the recommendation is to define in the OpenID4VC specs if needed?
PS
openid_credential_issuer
should not useoauth_authorization_server
because it is a resource server, and has a separate metadata file from the AS per the VCI spec. -
Good, I wrote it then i delete and that was good, as optionally mixed with oauth protected resource if both services are on the same entity. All returns, thank you for the hint
-
Regarding the OIDC Federation Entity Type
oauth_resource
, [here](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-5.1.2) I readIf the Credential Issuer metadata contains an authorization_server property, it is RECOMMENDED to use a resource parameter [RFC8707] whose value is the Credential Issuer's identifier value to allow the AS to differentiate credential issuers.
@Kristina what about including an example or a guidance in the Metadata section [here](https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#section-10) to clarify the role of OAuth protected resource according to https://datatracker.ietf.org/doc/html/draft-jones-oauth-resource-metadata?
please correct me if something is wrong
-
It’s absolutely appropriate for specs other than the Federation spec to define any new entity types that they need.
As discussed on the 13-Jan-23 Federation Editors' call, we believe the question asked in the issue has been answered. We plan to close this on that basis in a week unless a reason to keep it open is raised.
-
- changed status to resolved
A week has passed with no further comments. Closing during the 20-Jan-23 Federation Editors' call, as proposed last week.
-
reporter - changed status to open
I think we were discussing if we need a text in openid4vc specs and I don't have an answer yet. it should not be closed yet.
-
reporter - changed component to Verifiable Presentation
-
I’ve learned that Verifiers/RP uses "client_metadata" as defined in OpenID4VP. It's so wide ... considering that it is a just VC verfifier, but that would be another story.
OpenID4VCI defines
openid-credential-issuer
and it makes sense.Then we should have also
wallet_provider
? -
The new entity types proposed, as a result of the experience of the implementers, are listed below:
- wallet_provider
- wallet_relying_party
while the wallet instance metadata should be carried in the wallet instance attestation.
-
- changed status to resolved
Migrated to GitHub
- Log in to comment
I can confirm what Mike said, as stated here
https://openid.net/specs/openid-connect-federation-1_0.html#section-4