credential_issuer |
The Credential Issuer identifier. It MUST be a case sensitive URL using HTTPS scheme as defined in OpenID4VCI Sections 11.2.1 and 11.2.3. |
credential_endpoint |
URL of the Credential endpoint. See OpenID4VCI Section 11.2.3. |
nonce_endpoint |
URL of the Nonce Endpoint, as defined in Section 7 of OpenID4VCI. |
revocation_endpoint |
URL of the revocation endpoint. See RFC 8414#section-2. |
deferred_credential_endpoint |
URL of the deferred credential endpoint, as defined in Section 11.2.3 of OpenID4VCI. |
status_assertion_endpoint |
It MUST be an HTTPs URL indicating the endpoint where the Wallet Instances can request Status Assertions. See Section Digital Credential Lifecycle for more details. (OAUTH-STATUS-ASSERTION Section 11.1.). |
notification_endpoint |
It MUST be an HTTPs URL indicating the notification endpoint. See Section 11.2.3 of [OpenID4VCI]. |
authorization_servers |
OPTIONAL. Array of strings, where each string is an identifier of the OAuth 2.0 Authorization Server (as defined in [RFC 8414]) the Credential Issuer relies on for authorization. If this parameter is omitted, the entity providing the Credential Issuer is also acting as the Authorization Server. |
display |
See OpenID4VCI Section 11.2.3. Array of objects containing display language properties. The parameters that MUST be included are:
name: String value of a display name for the Credential Issuer.
locale: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC 5646. There MUST be only one object for each language identifier.
|
credential_configurations_supported |
JSON object that outlines the details of the Credential supported by the Credential Issuer. It includes a list of name/value pairs, where each name uniquely identifies a specific supported Credential. This identifier is utilized to inform the Wallet Instance which Credential can be provided by the Credential Issuer. The associated value within the object MUST contain metadata specific to that Credential, as defined following. See OpenID4VCI Sections 11.2.3 and A.3.2.
format: String identifying the format of this Credential. The Digital Credential MUST support the value string "dc+sd-jwt" in case of SD-JWT VC (See OpenID4VCI Section A.3.1.) and "mso_mdoc" in case of mdoc (see OpenID4VCI Section A.2.1.).
scope: JSON String identifying the supported scope value. The Wallet Instance MUST use this value in the Pushed Authorization Request. Scope values MUST be the entire set or a subset of the scope values in the scopes_supported parameter of the Authorization Server. [See OpenID4VCI Section 11.2.3].
cryptographic_binding_methods_supported: JSON Array of case sensitive strings that identify the representation of the cryptographic key material that the issued Credential is bound to. The Credential Issuer MUST support the value "jwk" for "dc+sd-jwt" format and "cose_key" for "mso_mdoc".
credential_signing_alg_values_supported: JSON Array of case sensitive strings that identify the algorithms that the Credential Issuer MUST support to sign the issued Credential. See Section Cryptographic Algorithms for more details.
proof_types_supported: JSON object which provides detailed information about the key proof(s) supported by the Credential Issuer. It consists of a list of name/value pairs, where each name uniquely identifies a supported proof type. The Credential Issuer MUST support at least "jwt" as defined in OpenID4VCI Section 8.2. The value associated with each name/value pair is a JSON object containing metadata related to the key proof. The Credential Issuer MUST support at least the parameter proof_signing_alg_values_supported which MUST be a JSON Array of case sensitive strings that identify the supported algorithms (see Section Cryptographic Algorithms for more details about the supported algorithms).
display: Array of objects containing display language properties. The parameters that MUST be included are
name: String value of a display name for the Credential.
locale: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC 5646. There MUST be only one object for each language identifier.
vct: REQUIRED only if format is set to "dc+sd-jwt". As defined in [SD-JWT-VC Credential Format].
doctype: REQUIRED only if format is set to "mso_mdoc". As defined in [mdoc-CBOR Credential Format].
claims: Array of JSON object each describing how a certain claim related to the Credential MUST be displayed to the User. This Array lists the claims in the order they MUST be displayed by the Wallet. To provide detailed information about the claim, the innermost value MUST contain at least the following parameters. See OpenID4VCI Section A.3.2.
path: It contains the pointer that specifies the path to a specific claim within the Credential as defined in Appendix C of OpenID4VCI.
display: Array of objects containing display language properties. The parameters that MUST be included are
name: String value of a display name for the claim.
locale: String value that identifies the language of this object represented as a language tag taken from values defined in BCP47 RFC 5646. There MUST be only one object for each language identifier.
|
jwks |
JSON Web Key Set document, passed by value, containing the protocol specific keys for the Credential Issuer. See OID-FED Section 5.2.1 and JWK. |
trust_frameworks_supported |
- JSON array containing all supported trust frameworks. See OIDC-IDA Section 8. The supported values are:
it_cie: CIE id trust framework supported.
it_wallet: IT-Wallet trust framework supported.
eudi_wallet: Member State EUDI Wallet trust framework supported.
|
evidence_supported |
JSON array containing all types of identity evidence supported by the Credential Issuer. See OIDC-IDA Section 8. The supported value is vouch . |
credential_hash_alg_supported |
The supported algorithm used by the Wallet Instance to hash the Digital Credential for which the Status Assertion is requested. It is RECOMMENDED to use sha-256. (See OAUTH-STATUS-ASSERTION Section 11.1.). |