Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: section Media Type Registration for wallet-attestation+jwt #86

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

peppelinux
Copy link
Member

this PR Closes #67

@peppelinux peppelinux changed the title feat: section Metia Type Registration for wallet-attestation+jwt feat: section Media Type Registration for wallet-attestation+jwt Dec 13, 2023
@paulbastian
Copy link
Collaborator

Doesn't this belong into attestation based client authentication draft?

@peppelinux
Copy link
Member Author

I was wondering the same during its writing, I followed the related issue for its resolution.

If confirmed I can move this PR to attestation-based client auth draft.

draft-oid4vc-haip-sd-jwt-vc.md Outdated Show resolved Hide resolved
@@ -374,6 +374,39 @@ Note: When using this profile with other cryptosuites, it is recommended to be e

`iat` and `exp` JWT claims express both the validity period of both the signature and the claims about the subject, unless there is a separate claim used to express the validity of the claims.

# Security Considerations
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this change does not belong to this PR, please revert

draft-oid4vc-haip-sd-jwt-vc.md Outdated Show resolved Hide resolved
draft-oid4vc-haip-sd-jwt-vc.md Outdated Show resolved Hide resolved
* Required parameters: n/a
* Optional parameters: n/a
* Encoding considerations: binary; A JWT-based Wallet Instance Attestation object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters.
* Security considerations: See (#security-considerations) of [[ this specification ]]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this attestation is defined in Section {#wallet-attestation-schema}, security considerations related to the attestation should be specified there

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just have changed the link/ref to #wallet-attestation-schema

@tlodderstedt
Copy link
Contributor

I was wondering the same during its writing, I followed the related issue for its resolution.

If confirmed I can move this PR to attestation-based client auth draft.

I think HAIP is the right place as the wallet attestation is defined here. The attestation based client authentication draft just defines the underlying OAuth mechanics but is not specific to wallet attestations. I think this whole module should be moved into VCI.

@paulbastian
Copy link
Collaborator

we may adapt this to terminology WTE and WIA

@c2bo
Copy link
Member

c2bo commented Jun 14, 2024

Shouldn't this PR also introduce the wallet-attestation+jwt typ in the text? Right now it is only used in an example, but I guess it should be mandated in the section describing the wallet attestation?

@Sakurann
Copy link
Contributor

Sakurann commented Dec 3, 2024

does this belong in VCI now?

@c2bo
Copy link
Member

c2bo commented Dec 3, 2024

does this belong in VCI now?

Yeah that sounds like it would belong to VCI (or the IETF spec) now

@Sakurann
Copy link
Contributor

@peppelinux can you please move it to OpenID4VCI almost as-is?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

define typ value wallet-attestation+jwt
5 participants