Are you using DPoP at issuance of the credential and embedding the public key as the means to verify the subject? Are you going so far as using DPoP in lieu of Verifiable Presentation wrappers?
-DW > On Sep 30, 2021, at 12:47 AM, Nikos Fotiou <fot...@aueb.gr> wrote: > > FYI, this is exactly what we are doing in [1] to manage Verifiable > Credentials using OAuth2.0. The AS issues a verifiable credential that stays > (for long time) in the client. The client uses DPoP to prove ownership of the > credential. We just started a new project funded by essif [2] that will > further develop this idea and provide implementations. > > Best, > Nikos > > [1] N. Fotiou, V.A. Siris, G.C. Polyzos, "Capability-based access control for > multi-tenant systems using Oauth 2.0 and Verifiable Credentials," Proc. 30th > International Conference on Computer Communications and Networks (ICCCN), > Athens, Greece, July 2021 > (https://mm.aueb.gr/publications/0a8b37c5-c814-4056-88a7-19556221728c.pdf) > [2]https://essif-lab.eu > -- > Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou > Researcher - Mobile Multimedia Laboratory > Athens University of Economics and Business > https://mm.aueb.gr _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
