Skip to content

verifier_attestation and verifier_attestations.... #613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Sakurann opened this issue May 26, 2025 · 5 comments
Open

verifier_attestation and verifier_attestations.... #613

Sakurann opened this issue May 26, 2025 · 5 comments
Assignees
@Sakurann
Labels
ready-for-PR
Milestone
Final 1.0

Comments

@Sakurann
Copy link
Collaborator

In the spec, we currently have verifier_attestation client identifier scheme and a container to pass RP registration cert is also called verifier_attestations. we should rename one of them...?
@Sakurann Sakurann added this to the Final 1.0 milestone May 26, 2025
@babisRoutis
Copy link

Having implemented both, indeed the usage of the same term creates confusion.

To my understanding the client identifier scheme is used (as the rest of the schemes) to authenticate verifier to the wallet.
whereas the verifier_attestations can be used by the wallet to take authorization decisions (What can the verifier request from the wallet).

Perhaps verifier_assertions instead verifier_attestations or even assertions

@Sakurann
Copy link
Collaborator Author

i like suggested direction but verifier_assertions and verifier_attestations sounds pretty similar too..

@Sakurann
Copy link
Collaborator Author

WG discussion:

  • rename verifier_attestation (client identifier prefix) to verifier_jwt

@Sakurann Sakurann self-assigned this May 27, 2025
@jogu
Copy link
Collaborator

jogu commented May 31, 2025
edited
Loading

I think the issue with renaming verifier_attestation to verifier_jwt is it refers to the "Verifier Attestation JWT" section, which defines the "application/verifier-attestation+jwt". I'm not sure a mimetype application/verifier+jwt is good, and not renaming these things seems like it still leaves a lot of scope for confusion.

Other ideas (in no particular order):

  1. Rename verifier_attestation client id prefix to verifier_authentication_attestation
  2. Rename verifier_attestation client id prefix to client_attestation (it's kind of an oauth layer thing rather than an OID4VP things, but this risks confusion with https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/ perhaps)
  3. Remove verifier_attestation client id prefix from 1.0, readd later. (or re-add something that builds on top of https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/ ?)
  4. Rename verifier_attestations to verifier_data_attestations
  5. Rename verifier_attestations to verifier_info_attestations
  6. Rename verifier_attestations to verifier_context_attestations
  7. Rename verifier_attestations to verifier_metadata_attestations

@c2bo
Copy link
Member

c2bo commented Jun 2, 2025

I am leaning towards 3 if that is an option tbh. I don't think I've seen this scheme used anywhere?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Sakurann Sakurann

Labels
ready-for-PR
Projects
None yet
Milestone
Final 1.0
Development

No branches or pull requests
4 participants
@jogu @c2bo @Sakurann @babisRoutis