-
Notifications
You must be signed in to change notification settings - Fork 37
Closed
Description
The Verifier Attestation JWT is good for authentication, but limited in further usage. Current requirements from the Implementing Acts require that the Relying Party need to present a so called Registration Certificate, where the intended use is attested by the Wallet-Relying Party Registrar. To avoid requests from the wallet to the registrar, the Relying Party should be able to attach this certificate to the presentation request.
The request includes a new credentials attribute, that allows to attach
certificates like registration and authorization certificates.
type: STRING, media type of the attached credential, helping to parse the credential by the Wallet. The value has to be registered in the IANA media types registry.data: ANY, content of the credential. Will be parsed by the Wallet based on the type.credentialsMatch: STRING[], when the provided certificate is used for authorization, it will list the credential ids from thedcql_query.
{
"x5c": ["mcnwmx...."], certificate to prove the signature
"typ": "JWT",
"alg": "ES256"
}
.
{
"response_type":"vp_token",
"client_id":"x509_san_dns:client.example.org",
"response_mode":"direct_post",
"dcql_query":{
"credentials":[
{
"id":"my_credential",
"format":"vc+sd-jwt",
"meta":{
"vct_values":[
"https://credentials.example.com/identity_credential"
]
},
"claims":[
{
"path":[
"last_name"
]
},
{
"path":[
"first_name"
]
},
{
"path":[
"address",
"street_address"
]
}
]
}
]
},
"credentials":[
{
"type:" "jose",
"data": "base64-encoded-registrationCertificate-jws"
},
{
"type:" "jose",
"data": "base64-encoded-authorizationCertificate-jws",
"credentialsMatch": ["my_credential"]
}
]
}.ejsdbwjhsbsstefan2904