02-28, 09:30–12:30 (UTC), Ríma
This tutorial will cover all the changes made in OpenID4VC specifications in the past year. This is a perfect opportunity to get an overview of how a Final specification would look like and provide feedback. It is not OpenID4VC 101.
OpenID4VC specifications are widely used to issue and present verifiable credentials. The WG has been working hard towards publishing final versions of three main OpenID4VC specifications: OpenID4VP, OpenID4VCI and HAIP.
This tutorial will cover all major changes that were made in the specification in the past year. Below is a non-exhaustive list of the changes that will be covered:
In OpenID4VP:
- a new query language (DCQL)
- OpenID4VP over the W3C Digital Credentials API
- Wallet Authentication towards the Verifier
- transaction authorization (QES, payments use-cases)
- communicating wallet capabilities before verifier sends authorization request
- supporting multiple RP Authentication mechanisms in one request
In OpenID4VCI:
- key attestation in the Credential Request
- wallet attestation in the Token Request
- incorporating batch issuance functionality into credential endpoint and removing batch credential endpoint
- identifying requested credential configuration throughout the flow
- structural changes to credential request and response
Major learnings obtained throughout the process of making these changes will also be share. These include current assumptions about:
- credential lifecycle management
- wallet architecture (mainly the usage of a backend)
- authentication requirements for each entity (issuer, wallet, verifier)
The talk will also cover topics that the WG plans to continue working on after publishing a Final specification such as OpenID4VP over proximity (CTAP Hybrid), etc.