OIDC4VCI JFF PlugFest 2 Questions from Kayode Ezike on 2022-09-26 (public-vc-edu@w3.org from September 2022)

From: Kayode Ezike <kezike13@gmail.com>
Date: Mon, 26 Sep 2022 05:10:33 -0400
To: public-vc-edu@w3.org
Cc: David Chadwick <david.chadwick@crosswordcybersecurity.com>, Kristina Yasuda <kristina.yasuda@microsoft.com>, Torsten Lodderstedt <torsten@lodderstedt.net>
Message-ID: <CAPXfD679rsF+emB8tLsjrLR328pPDss9pWCCyUSXGABijy+fRQ@mail.gmail.com>

Hi there,

Calling on issuers in the JFF PlugFest 2 cohort and practitioners generally
that implement the OIDC4VCI spec as a means of delivering credentials with
the following questions:

   - How are holders redirected to their wallet from a QR code? In the
   spec, I see that clients can define a new *Issuance Initiation Endpoint
   (initiate_issuance_endpoint)* in its metadata, but it is unclear how and
   where this is supposed to be defined for a native wallet. Is this supposed
   to be communicated via the *wallet_issuer* parameter of an authorization
   request as defined in section *7.1.3* of the spec? If so, how is this
   endpoint exposed in a pre-authorized code flow?
   - Am I correct in my interpretation of the *issuer* parameter of
the *Issuance
   Initiation* request as the OP issuer URL, at which clients can discover
   the server metadata (located specifically at
   */.well-known/openid-configuration*, per the original OIDC Core spec),
   including the new *Credential Endpoint (credential_endpoint)*?


Cheers,

Kayode

Received on Monday, 26 September 2022 09:11:02 UTC