-
Notifications
You must be signed in to change notification settings - Fork 15
Closed
Description
My interpretation of the mdoc issuance profile as proposed in this PR is that it mandates support of custom scheme haip:// for credential issuance, this has a few issues:
- There is no normative language for what it means to support a custom scheme. Does it mean you have to be reachable, register etc. As an example, what does requirement mean in the context of a wearable.
- This means that all mdocs issued using vci are all required to support/register the same custom scheme. While the goal is understandable, it's not clear to me if this requirement is actually helpful for interoperability.
- Schemes have known security issues depending on how they are used, mandating support for them independent of whether protecting measures are in place is awkward.
Originally posted by @martijnharing in #228 (comment)