You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: openid-4-verifiable-presentations-1_0.md
+12-11Lines changed: 12 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -316,14 +316,14 @@ The following is a non-normative example of a transaction data content, after ba
316
316
}
317
317
```
318
318
319
-
`verifier_attestations`:
319
+
`verifier_info`:
320
320
: OPTIONAL. A non-empty array of attestations about the Verifier relevant to the Credential Request. These attestations MAY include Verifier metadata, policies, trust status, or authorizations. Attestations are intended to support authorization decisions, inform Wallet policy enforcement, or enrich the End-User consent dialog. Each object has the following structure:
321
321
322
322
* `format`: REQUIRED. A string that identifies the format of the attestation and how it is encoded. Ecosystems SHOULD use collision-resistant identifiers. Further processing of the attestation is determined by the type of the attestation, which is specified in a format-specific way.
323
-
* `data`: REQUIRED. An object or string containing an attestation (e.g. a JWT). The payload structure is defined on a per format level. It is at the discretion of the Wallet whether it uses the information from `verifier_attestations`. Factors that influence such Wallet's decision include, but are not limited to, trust framework the wallet supports, specific policies defined by the Issuers or ecosystem, and profiles of this specification. If the Wallet uses information from `verifier_attestations`, the Wallet MUST validate the signature and ensure binding.
323
+
* `data`: REQUIRED. An object or string containing an attestation (e.g. a JWT). The payload structure is defined on a per format level. It is at the discretion of the Wallet whether it uses the information from `verifier_info`. Factors that influence such Wallet's decision include, but are not limited to, trust framework the wallet supports, specific policies defined by the Issuers or ecosystem, and profiles of this specification. If the Wallet uses information from `verifier_info`, the Wallet MUST validate the signature and ensure binding.
324
324
* `credential_ids`: OPTIONAL. A non-empty array of strings each referencing a Credential requested by the Verifier for which the attestation is relevant. Each string matches the `id` field in a DCQL Credential Query. If omitted, the attestation is relevant to all requested credentials.
325
325
326
-
See (#verifier-attestations) for more details.
326
+
See (#verifier-info) for more details.
327
327
328
328
The following is a non-normative example of an attested object:
329
329
@@ -669,19 +669,19 @@ The Wallet then validates the request as specified in OAuth 2.0 [@RFC6749].
669
669
670
670
If the Verifier responds with any HTTP error response, the Wallet MUST terminate the process.
671
671
672
-
## Verifier Attestations {#verifier-attestations}
672
+
## Verifier Info {#verifier-info}
673
673
674
-
Verifier Attestations allow the Verifier to provide additional context or metadata as part of the Authorization Request attested by a trusted third party. These inputs can support a variety of use cases, such as helping the Wallet apply policy decisions, validating eligibility, or presenting more meaningful information to the End-User during consent.
674
+
Verifier Info parameter allows the Verifier to provide additional context or metadata as part of the Authorization Request attested by a trusted third party. These inputs can support a variety of use cases, such as helping the Wallet apply policy decisions, validating eligibility, or presenting more meaningful information to the End-User during consent.
675
675
676
-
Each Verifier Attestation is an object containing a type identifier, associated data and optionally references to credential ids. The format and semantics of these attestations are defined by ecosystems or profiles.
676
+
Each Verifier Info object contains a type identifier, associated data and optionally references to credential ids. The format and semantics of these attestations are defined by ecosystems or profiles.
677
677
678
678
For example, a Verifier might include:
679
679
680
680
- A **registration certificate** issued by a trusted authority, to prove that the verifier has publicly registered its intend to request certain credentials.
681
681
- A **policy statement**, such as a signed document describing acceptable use, retention periods, or access rights.
682
682
- The **confirmation of a role** of the verifier in a certain domain, e.g. the verifier might be a certified payment service provider under the EU's Payment Service Directive 2.
683
683
684
-
Verifier Attestations are optional. Wallets MAY use them to make authorization decisions or to enhance the user experience, but they SHOULD ignore any unrecognized or unsupported Verifier Attestation types.
684
+
The Verifier Info parameter is optional. Wallets MAY use them to make authorization decisions or to enhance the user experience, but they SHOULD ignore any unrecognized or unsupported Verifier Info types.
685
685
686
686
### Proof of Possession
687
687
@@ -2360,7 +2360,7 @@ Out of the Authorization Request parameters defined in [@!RFC6749] and (#vp_toke
2360
2360
*`request`
2361
2361
*`transaction_data`
2362
2362
*`dcql_query`
2363
-
*`verifier_attestations`
2363
+
*`verifier_info`
2364
2364
2365
2365
The `client_id` parameter MUST be omitted in unsigned requests defined in (#unsigned_request). The Wallet MUST ignore any `client_id` parameter that is present in an unsigned request.
2366
2366
@@ -2418,7 +2418,7 @@ The JWS JSON Serialization [@!RFC7515]) allows the Verifier to use multiple Clie
2418
2418
In this case, the following request parameters, if used, MUST be present only in the protected header of the respective `signature` object in the `signatures` array defined in [@!RFC7515, section 7.2.1]:
2419
2419
2420
2420
*`client_id`
2421
-
*`verifier_attestations`
2421
+
*`verifier_info`
2422
2422
* parameters that are specific to a Client Identifier Prefix, e.g., the `trust_chain` JWS header parameter for the `openid_federation` Client Identifier Prefix
2423
2423
2424
2424
All other request parameters MUST be present in the `payload` element of the JWS object.
@@ -3313,9 +3313,9 @@ established by [@!RFC6749].
3313
3313
* Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net
3314
3314
* Reference: (#response-parameters) of this specification
3315
3315
3316
-
### verifier_attestations
3316
+
### verifier_info
3317
3317
3318
-
* Name: `verifier_attestations`
3318
+
* Name: `verifier_info`
3319
3319
* Parameter Usage Location: authorization request
3320
3320
* Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net
3321
3321
* Reference: (#new_parameters) of this specification
@@ -3484,6 +3484,7 @@ The technology described in this specification was made available from contribut
3484
3484
* make the `meta` parameter mandatory in DCQL query
3485
3485
* explicitly state that various arrays need to be non-empty
3486
3486
* clarify text about how encryption keys are obtained
3487
+
* rename `verifier_attestations` parameter name to `verifier_info`
0 commit comments