Does that include unknown data fields in an `openid_credential` within the `authorization_details` structure? RFC 9396, Section 7.1 states that the AS may enrich `authorization_details` in the Token Response. Since we added extensibility for the `openid_credential` type, I think we should be clear on how the Wallet must treat a response with unknown data fields. We can add a normative statement here or under #(authorization-details. @pmhsfelix had the same concern [in another comment](https://github.com/openid/OpenID4VCI/pull/382#discussion_r1757151581) and suggested that the Wallet MUST ignore any unrecognized data fields.

I wonder if this extensibility is actually compliant with RAR. Section 5 of RFC 9396 states that: > The AS MUST abort processing and respond with an error `invalid_authorization_details` to the client if [an object in the authorization_details structure] [...] is an object of known type but containing unknown fields, Does the proposed extensibility mean that, when it comes to the `openid_credential` type, there are no "unknown fields" because by definition, any unrecognized field gets ignored and consequently all fields are expected and thus "known"?

Not that I don't agree with this, I am just curious to see why this text is formulated in this way as this one breaks the pattern of "receiver decides". I ask because a Credential Issuer can contain a wide set of optional `proof_type`s, and I expected a sentence like: "Wallet MUST ignore any unrecognized proof types from Credential Issuer Metadata." "Credential Issuer MUST reject any Credential Request containing an unrecognized proof type." but maybe that is implied by the text.