You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
openid/OpenID4VCI#441 introduces text that explains how the subject claim of wallet attestations are used and recommends to not introduce a correlatable identifier with that value. Given that there might be different systems building on top of OpenID4VP with different privacy assumptions, I think SHOULD makes sense there - there might be valid reasons to build a system that uses wallet attestations to identify a concrete wallet instance (e.g., a wallet used within a very specific scope / closed ecosystem).
openid/OpenID4VCI#441 introduces text that explains how the subject claim of wallet attestations are used and recommends to not introduce a correlatable identifier with that value. Given that there might be different systems building on top of OpenID4VP with different privacy assumptions, I think SHOULD makes sense there - there might be valid reasons to build a system that uses wallet attestations to identify a concrete wallet instance (e.g., a wallet used within a very specific scope / closed ecosystem).
In the scope of HAIP and open ecosystems (PID, mdl , etc.), that should be a MUST --> let's add 1 sentence in https://openid.github.io/oid4vc-haip/openid4vc-high-assurance-interoperability-profile-wg-draft.html#section-4.3.1
The text was updated successfully, but these errors were encountered: