Skip to content

Attempt to clarify intro text about key attestations #524

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 12, 2025
Merged

Attempt to clarify intro text about key attestations #524

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
edf2ec9
Attempt to clarify intro text about key attestations
jogu May 28, 2025
24fbca3
Apply Kristina's suggestion
jogu May 28, 2025
9ca0347
Mention use of one attestation for multiple keys to resolve Kristina'…
jogu Jun 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions openid-4-verifiable-credential-issuance-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -919,10 +919,10 @@ This specification defines the following proof types:

There are two ways to convey key attestations (as defined in (#keyattestation)) of the cryptographic key material during Credential issuance:

- The Wallet uses the `jwt` proof type in the Credential Request to create a proof of possession of the key and adds the key attestation in the JOSE header.
- The Wallet uses the `attestation` proof type in the Credential Request with the key attestation without a proof of possession of the key itself.
- The Wallet uses the `jwt` proof type in the Credential Request to create a proof of possession for one of the attested keys and adds the key attestation in the JOSE header.
- The Wallet uses the `attestation` proof type in the Credential Request to provide a key attestation without a proof of possession of any of the keys.

Depending on the Wallet's implementation, the `attestation` may avoid unnecessary End-User interaction during Credential issuance, as the key itself does not necessarily need to perform signature operations.
Depending on the Wallet's implementation, the `attestation` may avoid unnecessary End-User interaction during Credential issuance, as the key to which the Credential will be bound does not necessarily need to perform signature operations.

Additional proof types MAY be defined and used.

Expand Down