Skip to content

Add X.509 thumbprint client identifier scheme #430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Mar 6, 2025
Merged

Add X.509 thumbprint client identifier scheme #430

merged 11 commits into from
Mar 6, 2025

Conversation

@martijnharing
Copy link
Contributor

@martijnharing martijnharing commented Feb 17, 2025

Implements #320 : add x509_x5t, copied text from other client identifier schemes where applicable.

@martijnharing
Update openid-4-verifiable-presentations-1_0.md
5f52629 
Add x509_x5t, copied text from other client identifier schemes where applicable.
@bc-pi bc-pi mentioned this pull request Feb 17, 2025
Closed
bc-pi
bc-pi requested changes Feb 17, 2025
View reviewed changes
Copy link
Member

@bc-pi bc-pi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the Wallet can establish trust in the Client Identifier authenticated through the certificate, e.g. because the leaf X.509 certificate is signed by a trusted X.509 certificate.

is missing the latter part of the typical 'If [condition], then [result]' construction.

x509_x5t is probably not a good name #320 (comment)

and I had thought we had "agreed to drop x509_san_uri" #320 (comment)

@martijnharing
Copy link
Contributor Author

martijnharing commented Feb 17, 2025
edited by bc-pi
Loading

If the Wallet can establish trust in the Client Identifier authenticated through the certificate, e.g. because the leaf X.509 certificate is signed by a trusted X.509 certificate.

is missing the latter part of the typical 'If [condition], then [result]' construction.

x509_x5t is probably not a good name #320 (comment)

and I had thought we had "agreed to drop x509_san_uri" #320 (comment)

Changed to x509_hash and removed x509_san_uri and updated relevant examples to x509_san_dns (hopefully correctly)

c2bo
c2bo reviewed Feb 18, 2025
View reviewed changes
martijnharing and others added 2 commits February 18, 2025 16:35
@martijnharing @c2bo
Update openid-4-verifiable-presentations-1_0.md
77bb61b 
clarify x509_hash definition

Co-authored-by: Christian Bormann <8774236+c2bo@users.noreply.github.com>
@martijnharing
Update openid-4-verifiable-presentations-1_0.md
dd00441 
Remove unnecessary sentence
@bc-pi
Copy link
Member

bc-pi commented Feb 18, 2025

updated relevant examples to x509_san_dns (hopefully correctly)

did you search for all occurrences of x509_san_dns in the repo?

c2bo
c2bo reviewed Feb 18, 2025
View reviewed changes
@c2bo
Copy link
Member

c2bo commented Feb 18, 2025

examples/response/jwt_vp.json contains x509_san_uri in the example (and is used in the spec) -> would need to change that

@bc-pi
Copy link
Member

bc-pi commented Feb 20, 2025

examples/response/jwt_vp.json contains x509_san_uri in the example (and is used in the spec) -> would need to change that

yes, that's one one would find when search for all occurrences of x509_san_dns in the repo

paulbastian
paulbastian reviewed Feb 25, 2025
View reviewed changes
martijnharing and others added 3 commits February 25, 2025 14:44
@martijnharing @c2bo
Update openid-4-verifiable-presentations-1_0.md
12154dd 
Clarify that it's the hash of the certificate.

Co-authored-by: Christian Bormann <8774236+c2bo@users.noreply.github.com>
@martijnharing
Update openid-4-verifiable-presentations-1_0.md
2e128d4 
Clarify it's the hash of the cert and don't use thumbprint as a descriptor.
@martijnharing
Update jwt_vp.json
4896bbc 
Change example to not use san_uri
paulbastian
paulbastian reviewed Feb 25, 2025
View reviewed changes
@TimoGlastra TimoGlastra mentioned this pull request Mar 3, 2025
Closed
@Sakurann Sakurann added this to the Final 1.0 milestone Mar 4, 2025
martijnharing and others added 2 commits March 5, 2025 10:06
@martijnharing @paulbastian
Update openid-4-verifiable-presentations-1_0.md
5ed485e 
Clarify the language of trust chain validation

Co-authored-by: Paul Bastian <paul.bastian@posteo.de>
@Sakurann
Merge branch 'main' into client-id-scheme-x5t
4eebedd
@Sakurann Sakurann merged commit ea45b16 into main Mar 6, 2025
2 checks passed
@bc-pi bc-pi mentioned this pull request Mar 17, 2025
Merged
@peppelinux peppelinux mentioned this pull request Mar 18, 2025
Closed
bc-pi added a commit that referenced this pull request Apr 1, 2025
@bc-pi
x509_san_uri went away with #430
e2530c2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@c2bo c2bo c2bo approved these changes

@tplooker tplooker tplooker approved these changes

@paulbastian paulbastian paulbastian approved these changes

@bc-pi bc-pi bc-pi approved these changes

@hlozi hlozi hlozi approved these changes

@danielfett danielfett Awaiting requested review from danielfett

@jogu jogu Awaiting requested review from jogu

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

@leecam leecam Awaiting requested review from leecam

@awoie awoie Awaiting requested review from awoie

@Sakurann Sakurann Awaiting requested review from Sakurann

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Final 1.0

Development

Successfully merging this pull request may close these issues.

8 participants

@martijnharing @bc-pi @c2bo @tplooker @paulbastian @hlozi @Sakurann