Hi Mike,
Thanks for these links. These do indeed cover a bunch of piece parts, but
they're still missing a key point for the use cases, namely: A mechanism
for a Relying Party to verify that a signer is authoritative for a given
issuer ID.
The OpenID Federation spec assumes that relying parties
Hi Watson,
I appreciate the concerns with regard to re-using Web PKI certs for cases
such as these. Care is required, but I think there is a path here.
1. Clearly there are cross-protocol concerns. I expect that most usage
here in reality would be based on ECDSA / EdDSA, not RSA, which helps.
On Sat, Mar 16, 2024 at 10:56 PM Richard Barnes wrote:
>
> Hi all,
>
> A few of us have been considering use cases for JWTs related to Verifiable
> Credentials and container signing, which require better "proof of authority"
> for JWT signing keys. Sharon Goldberg and I wrote up a quick specifi
Also, see the additional key parameter registrations
https://openid.net/specs/openid-federation-1_0.html#section-16.8, which can be
used to indicate key expiration time, etc.
From: Michael Jones
Sent: Sunday, March 17, 2024 7:00 PM
To: Richard Barnes ; oauth@ietf.org WG
Cc: Sharon Goldberg
Sub
Events without label "editorial"
Issues
--
* oauth-wg/oauth-sd-jwt-vc (+0/-2/💬9)
8 issues received 9 new comments:
- #215 the wallet finding the user claims in the credential (2 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/215
- #205 defining how DID can be used as u
Signed JWK Sets are part of the OpenID Federation specification and are in
production use. For instance, see
https://openid.net/specs/openid-federation-1_0.html#name-metadata-extensions-for-jwk
and the "keys" registration at
https://openid.net/specs/openid-federation-1_0.html#name-registry-con
