Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Value used for 'aud' in SD-JWT key-binding JWT needs to be normatively defined #350

Closed
jogu opened this issue Nov 28, 2024 · 1 comment · Fixed by #357
Closed

Value used for 'aud' in SD-JWT key-binding JWT needs to be normatively defined #350

jogu opened this issue Nov 28, 2024 · 1 comment · Fixed by #357
Labels
has-PR
Milestone
Final 1.0

Comments

@jogu
Copy link
Collaborator

jogu commented Nov 28, 2024
edited
Loading

There doesn't appear to be anywhere that the actual value to be used in 'aud' in an SD-JWT key binding JWT is defined.

SD-JWT only says:

aud: REQUIRED. The intended receiver of the Key Binding JWT. How the value is represented is up to the protocol used and out of scope of this specification.

SD-JWT VC doesn't seem to say anything normative.

OID4VP doesn't seem to say anything normative.

HAIP doesn't currently say anything normative, but I'm also not sure HAIP is the right place to define this.

I suggest adding a clause in the SD-JWT credential format section in VP saying:

aud in the Key Binding JWT MUST be the client_id.
@jogu jogu mentioned this issue Nov 28, 2024
Merged
@awoie
Copy link
Contributor

awoie commented Nov 28, 2024

There doesn't appear to be anywhere that the actual value to be used in 'aud' in an SD-JWT key binding JWT is defined.

SD-JWT only says:

aud: REQUIRED. The intended receiver of the Key Binding JWT. How the value is represented is up to the protocol used and out of scope of this specification.

SD-JWT VC doesn't seem to say anything normative.

OID4VP doesn't seem to say anything normative.

HAIP doesn't currently say anything normative, but I'm also not sure HAIP is the right place to define this.

I suggest adding a clause in the SD-JWT credential format section in VP saying:

aud in the Key Binding JWT MUST be the client_id.

I agree that this is needed.

jogu added a commit that referenced this issue Dec 1, 2024
@jogu
Change note about SD-KWT KB JWT nonce/aud to be normative
c5249a0 
closes #350
@jogu jogu mentioned this issue Dec 1, 2024
Merged
@Sakurann Sakurann added the has-PR label Dec 5, 2024
@Sakurann Sakurann added this to the Final 1.0 milestone Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has-PR
Projects
None yet
Milestone
Final 1.0
Development

Successfully merging a pull request may close this issue.

Change note about SD-KWT KB JWT nonce/aud to be normative openid/OpenID4VP
3 participants
@jogu @awoie @Sakurann