-
Notifications
You must be signed in to change notification settings - Fork 37
Closed
Labels
Description
In the credential issuer metadata in credential_configurations_supported the parameters cryptographic_binding_methods_supported and cryptographic_suites_supported are defined as a format unspecific parameter and can be configured separately.
Several problems exist with this approach
- When using a single value in
cryptographic_binding_methods_supportedthe meaning ofcryptographic_suites_supportedis obvious, all included values refer to the one binding method. But if several binding methods are used, it is not that easy. Some of the suites may only be valid for some of the binding methods. Different binding methods may require different values and formats for the same crypto suites (like JOSE and COSE). - Currently the values for
cryptographic_suites_supportedare tied to the credential format. For jwt_vc IANA.JOSE.ALGS should be used and for ldp_vc LD_SUITES_REGISTRY. In fact the valid values depend more on the cryptographic_binding_method used and not the credential format. - It is unclear which binding method will be used in the credential when several are supported.
I suggest
- to remove
cryptographic_suites_supportedand use objects as values incryptographic_binding_methods_supported. This way the suites valid for a specific binding method can be mentioned there, - to remove the suggestion to use specific values depending on the credential format and suggest specific values depending on the binding method,
- to leave it up to credential format profiles to further constrain the usage of specific binding methods and suites with specific formats and
- to discuss problem 3 raised above.
Another option could be to remove both parameters completely as format unspecific parameters and let the credential format profiles define custom parameters if required.
Example:
"credential_configurations_supported": {
"UniversityDegreeCredential": {
"format": "jwt_vc_json",
"scope": "UniversityDegree",
"cryptographic_binding_methods_supported": {
"jwk": {
"cryptographic_suites_supported": [
"ES256"
]
},
"cose_key": {
"cryptographic_suites_supported": [
{
"cose_algorithm": -7, // COSE Algorithms value for ES256
"curve": 1 // COSE Curve P-256
}
]
}
},
...
}