Skip to content

How to convey RP metadata to be shown to the user? #677

New issue
New issue
Open
Open
How to convey RP metadata to be shown to the user?#677
@paulbastian

Description

@paulbastian
paulbastian
opened on Oct 23, 2025

Wallet gets information from:

  • request

  • cert

  • well-known

  • Logo seems important, but not a blocker

  • bare minimum information is

    • name
    • logo
    • privacy terms

  • What do we show if request is multi-signed?

    • include hash of [name,logo,privacy_tos] in cert to avoid duplicate logos
    • put [name,logo,privacy_tos] in request, match to hash in cert

request

  • potentially self-asserted, phishing issue?

cert

  • secure but potentially cumbersome
  • could only include a hash as optimization for multi-signed requests
  • this is what eIDAS does (but doesn't have a logo in there yet)

well-known

  • requires network calls, problems if not fetched in time
  • potentially self-asserted, phishing issue?
  • doesn't work for offline flows

Summary

Cert seems the least problematic solution
todo:

  1. define mechanism in VP
  2. define x509 extension

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions