group credential_response_encryption parameters in the Issuer Metadata#153
Conversation
|
@paulbastian yes an example would improve this PR |
Sakurann
left a comment
Sakurann
left a comment
There was a problem hiding this comment.
i don't think the current description is sufficient, and would like to see it expanded. having an example would be nice, but not mandatory to merge this PR IMO
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
|
@bc-pi I don't see anything in the PR that mandates the encryption when these metadata parameters are present. |
These bits of text, for example, that use the word "require" read that way to me.
|
|
@bc-pi I see your point - I made two suggestions to address them. changing "requires" to "supports" made a difference. |
Sakurann
left a comment
Sakurann
left a comment
There was a problem hiding this comment.
assuming something like my suggested changes will be accepted
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
|
to clarify, the existence of the encryption related parameters signal that issuer supports the encryption, and the existence of the boolean signals that the issuer requires encryption |
|
I plan to review this after the disposition of the set of suggested changes is known. |
|
@bc-pi @selfissued please review |
Co-authored-by: Joseph Heenan <joseph@heenan.me.uk>
| * `credential_response_encryption`: OPTIONAL. Object containing information whether the Credential Issuer supports encryption of the Credential and Batch Credential Response on top of TLS. | ||
| * `alg_values_supported`: REQUIRED. Array containing a list of the JWE [@!RFC7516] encryption algorithms (`alg` values) [@!RFC7518] supported by the Credential and Batch Credential Endpoint to encode the Credential or Batch Credential Response in a JWT [@!RFC7519]. | ||
| * `enc_values_supported`: REQUIRED. Array containing a list of the JWE [@!RFC7516] encryption algorithms (`enc` values) [@!RFC7518] supported by the Credential and Batch Credential Endpoint to encode the Credential or Batch Credential Response in a JWT [@!RFC7519]. | ||
| * `encryption_required`: REQUIRED. Boolean value specifying whether the Credential Issuer requires the additional encryption on top of TLS for the Credential Response. If the value is `true`, the Credential Issuer requires the encryption for every Credential Response and therefore the Wallet MUST provide encryption keys in the Credential Request. If the value is `false`, the Wallet MAY chose whether it provides encryption keys or not. |
There was a problem hiding this comment.
I think it logically makes more sense to bring this parameter before enc_values_supported and alg_values_supported when describing?
|
DCP WG call - Jan-04-2024 agreed to merge once Brian's approval is in. agreed |
|
Brian's approval is in |
7 participants
Closes #152
I want to note that we don't have an example for the usage of this parameter in the issuer metadata yet.
Should we add an example?