6.3.5. Relying Party MetadataΒΆ
The openid_credential_verifier metadata MUST contain the following parameters (Remote Credential Verifier Test Matrix).
Claim |
Description |
---|---|
client_id |
It MUST contain an HTTPS URL that uniquely identifies the RP. See RFC 7591#section-3.2.1 and OpenID Connect Dynamic Client Registration 1.0 Section 3.2. |
client_name |
Human-readable string name of the RP. See RFC 7591#section-2. |
application_type |
String indicating the type of application. It MUST be set to "web" value. See OpenID Connect Dynamic Client Registration 1.0 Section 2. |
request_uris |
JSON Array of request_uri values that are pre-registered by the RP. These URLs MUST use the https scheme. See OpenID Connect Dynamic Client Registration 1.0 Section 2. |
response_uris |
JSON Array of response URI strings to which the Wallet Instance MUST send the Authorization Response using an HTTP POST request as defined by the Response Mode |
authorization_signing_alg_values_supported |
JSON array containing the list of signing [RFC 7515] alg algorithm that MUST be used for signing authorization responses. The algorithm "none" MUST NOT be used. See OIDC-RP-Metadata. |
authorization_encryption_alg_values_supported |
JSON array containing a list of algorithm used to encrypt the authorization response. It specifies to the Wallet Instance the asymmetric encryption algorithms. See OIDC-RP-Metadata. |
authorization_encryption_enc_values_supported |
JSON array containing a list of encryption algorithm used for the authorization response. It specifies to the Wallet Instance the symmetric encryption algorithms. See OIDC-RP-Metadata. |
vp_formats |
JSON object defining the formats and proof types of Verifiable Presentations and Verifiable Credentials the RP supports. It consists of a list of name/value pairs, where each name uniquely identifies a supported type. The RP MUST support at least |
jwks |
JSON Web Key Set document, passed by value, containing the protocol specific keys for the Relying Party. See JARM Section 3, OID-FED Draft 41 Section 5.2.1 and JWK. |
erasure_endpoint |
[CONDITIONAL] JSON String that represents the URI to which the Wallet Instance can request deletion of Users' attributes. This URL MUST use the https scheme. This endpoint MUST be present whenever the Relying Parties requested attributes that can uniquely identify Users such as the tax_id_code claim of the PID. |
Note
The parameters response_uris and erasure_endpoint are introduced in this specification.