editorial: Credential response Encrypted, is it possibile having a nested JWT? #154
Comments
peppelinux
changed the title
|
https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-12.html#name-credential-response already describes unencrypted JSON responses and encrypted JWT responses. The only reason you might have a nested JWT in my mind would be if the response is signed. But that isn't described in the spec, nor have I heard a request to be able to do so. The credentials themselves, are of course signed. It would be OK to be 100% clear that for encrypted responses, the JSON response body is the JWT Claims Set. That currently seems to be implied but not explicitly stated. |
|
@selfissued you words exactly explain the purpose of this issue that aims to introduce in the current document some explicit text about this. |
|
@peppelinux are you asking for an explicit text that Credential response cannot be a nested JWT because entire response is encrypted and signed credentials are contained as claims in the encrypted payload? |
|
Do we need a whole section in VCI on how to encrypt credential response without signing the whole payload again? something like only encrypted JARM in VP? https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-8.3-2 cc @bc-pi |
That's what is already there as far as I understand.
no
I'm honestly having a hard time understanding why this issue exists or what is being asked. |
The response is an encrypted json and not a Netsted JWT, signed and then encrypted.
Is there any possibility that implementers look for having a Nested JWT? Probably not.
I would give more clarification, as OIDC with the userinfo response (or id token) made:
@sakimura @selfissued ^
Originally posted by @peppelinux in #136 (comment)
The text was updated successfully, but these errors were encountered: