The OIDC4VCI spec is really flexible, but we don't need everything. Thus, to reduce complexity, we should specify what we actually use.
Part of the Nuts RFC on the topic.
Specify:
- which grants are supported (pre-authorized code)
- how wallet metadata is discovered (registration of
oidc4vci-wallet-metadata URL in DID document)
Could use a description of example use cases:
- Phase 1: Issuer initiated credential issuance of NutsAuthorizationCredential (e.g. initiating eOverdracht transfer)
- Phase 2: Requesting credential issuance of Nuts AuthorizationCredential (e.g. care professional requesting access to patient dossier at other care organization)
- Phase X: Receiving care organization credential (e.g. issued by LrZA)
- Phase X: Issuing and receiving any other credential (e.g. KIK-v)
Also determine and specify:
- which certificate(s) are to be used (PKIoverheid Private Services or a publicly trusted one).
- what is contained in the challenge, which is signed as
c_nonce
- do we support multiple credential subjects? (would require offering to multiple wallets)
The OIDC4VCI spec is really flexible, but we don't need everything. Thus, to reduce complexity, we should specify what we actually use.
Part of the Nuts RFC on the topic.
Specify:
oidc4vci-wallet-metadataURL in DID document)Could use a description of example use cases:
Also determine and specify:
c_nonce