OpenID4VCI Terminology uses ill-defined term authenticity
The definitions of VC and VP in the OpenID4VCI Terminology section include:
An Issuer-signed Credential whose authenticity can be cryptographically verified.
A Holder-signed Credential whose authenticity can be cryptographically verified…
The word “authenticity” is misleading and ill-defined as used above. It may imply to some readers that the claims are somehow trustworthy or accurate - things that cannot be verified solely through cryptography. Whereas, what’s actually cryptographically verifiable is the issuer of the credential.
I suggest replacing “authenticity" with “issuer”.
Comments (4)
-
-
reporter The problem is that we're currently not saying what's authentic. Is it the claims? Or the issuer? It's the latter, but we're currently not saying which, and we shouldn’t leave that ambiguity in our definitions.
-
reporter - changed status to open
Will be fixed by https://bitbucket.org/openid/connect/pull-requests/562
-
- changed status to resolved
PR merged.
- Log in to comment
RFC4949 defines as following:
i think it fits the definition - will reference to rfc4949 help?