1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

[OpenID4VP] Relying Party verifiable_attestation issued as a Federation Trust Mark

Issue #1992 resolved
Giuseppe De Marco created an issue

Following the definition of the verifiable_attestation achieved in the PR 524, we read the normative text below

In the context of this specification, such a JWT MUST set the `typ` JOSE header to `verifier-attestation+jwt`.

OpenID4VP doesn’t explain how the the verifiable_attestation should or may be provisioned.
There are some cases where the verifiable_attestation is issued as an OIDC Federation 1.0 Trust Mark.

In these cases the typ value is set to trust-mark+jwt, for this reason I think that the previous text should be changed to not exclude this scenario, and then it may be improved in the following way:

”””
In the context of this specification it is not defined how the verifiable_attestation can be provisioned.
In case this is issued in the form of a trust mark according to OpenID Connect Federation, the JWT JOSE header typ MUST be set to trust-mark+jwt, for all other cases where the JWT does not have a specific typ identifier, the verifiable_attestation JWT JOSE header typ MUST be configured with the value verifier-attestation+jwt.
”””

Comments (5)

  3. Giuseppe De Marco reporter

    I’d make it more simple, the verifier_attestation parameter gives us the semantic and the nature of the value carried within it, then we assume that’s not important the media type for the scope of this parameter, since a verifier attestation can be issued in multiple formats and encodings and then it must be the trust model which defines the known types that must be taken in account during the trust evaluation

    I assume that even if a verifier attestation is issued with the media type X or Y or Z, then the trust evaluator has to establish the trust with the issuer of the verifier attestation. Well, this can be accomplished in many ways, since different types of verifier attestation gives different discovery processes, as it is oidc federation for the trust marks when these are used for attesting something, for example

  4. Alen Horvat

    Yes, I agree. Every attestation type issued within a given framework will define the validation rules. Questions are:

    a) Can federation support 3rd party attestations

    b) How to express the information? e.g., federation supports trust frameworks A, B, and C (note that the information can be conveyed within the attestation itself)

  6. Log in to comment
Assignee
Type
proposal
Priority
major
Status
resolved
Component
Verifiable Presentation
Milestone
Version
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!