You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: openid4vc-high-assurance-interoperability-profile-1_0.md
-24Lines changed: 0 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -336,30 +336,6 @@ This document intentionally leaves certain extensions for ecosystems to define,
336
336
- Whether to use DC API, Redirects with custom URL schemes and/or Redirects with claimed `https` scheme URIs for presentation
337
337
- Support or restriction of additional cryptographic suites and hash algorithms
338
338
339
-
Below are two non-normative examples illustrating how an ecosystem may define the above elements to achieve its specific goals and preferences.
340
-
341
-
### Improved Baseline Interoperability
342
-
343
-
This ecosystem prioritizes interoperability among all Wallets and Issuers, without requiring any pre-existing relationships, and supports both ISO mdocs and SD-JWT VCs. To achieve this, the ecosystem could define the following:
344
-
345
-
- Wallets MUST support both mdoc and sd-jwt-vc. Issuers MAY issue in either format.
346
-
- Wallets MUST register for the 'haip-vci://' custom scheme, where possible.
347
-
- Wallets and Issuers MUST support key attestations in the format specified in Annex D of [@!OIDF.OID4VCI].
348
-
- Wallets MUST register for the 'haip-vp://' custom scheme and DC API when they have credentials available, where possible.
349
-
350
-
Making these choices maximizes interoperability between the parties in the ecosystem while minimizing the burden on Issuers and Verifiers. This comes at the expense of an increased burden on Wallets as well as the potential privacy and security issues in (#interop-key-attestations).
351
-
352
-
### Existing Curve Requirements
353
-
354
-
This ecosystem places importance on maintaining compatibility with already issued cryptographic curves. To achieve this, the ecosystem could define the following:
355
-
356
-
- Verifiers MUST support all curves from Cipher Suite 1 as listed in table 22 of (@!ISO.18013-5).
357
-
- Verifiers MUST support all hash algorithms in table 21 of (@!ISO.18013-5).
358
-
- Issuers MAY sign credentials using any curve from Cipher Suite 1 as listed in table 22 of (@!ISO.18013-5).
359
-
- Issuers MAY use any hash algorithm in table 21 of (@!ISO.18013-5).
360
-
361
-
Making these choices ensures interoperability with any existing Issuer, at the cost of an increased burden on the Verifier.
Note that security considerations for OpenID for Verifiable Credential Issuance are defined in Section 13 of [@!OIDF.OID4VCI] and for OpenID for Verifiable Presentations in Section 14 (for redirect based flows) or Section A.5 (for DC API) of [@!OIDF.OID4VP].
0 commit comments