text about effective client id in DC API can probably be improved #399
Labels
ISO_VirtualMeeting
relevant for ISO OID4VP mdoc profile over DC API
Milestone
Comments
jogu
added
the
ISO_VirtualMeeting
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#dc_api_request says:
It's not completely clear that the two highlighted sentences apply only in the case of unsigned requests. I think we should consider moving this whole paragraph to the unsigned request section.
https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#appendix-B.3.4.1 says:
I am not sure it is good to use "effective Client Identifier" here. Effective Client Identifier is only defined in the context of unsigned requests, so written like this is it possible for people to get confused as to what client id the wallet should use in signed requests. Possibly just removing 'effective' would solve it.
Mentioned by Martijn during the ISO mDL meeting today.
My understanding of the working group position is that the client id for signed requests is always the
client_idparameter found in the request object. (With a possible exception for cases where the signature can't be validated depending on what happens with #395)The text was updated successfully, but these errors were encountered: