Hi Dick,
Batch credential (not claims) issuing has become the default approach to
circumvent the inherent limitations of salted-hash-based credentials
formats. This was neither invented by us, nor is it unreasonable to ask
implementers to do it. Protocols such as OpenID4VCI support it.
-Daniel
Am 21.09.24 um 06:42 schrieb Dick Hardt:
Is it really going to be practical to batch issue claims, and have the
holder randomly choose between them on presentation?
As an implementer, what is the right number of claims to be in a batch?
This section of the draft reads as a hack to add a new capability
(unlinkability) to a mechanism that did not have that as a design
objective.
This is going to be like the "alg":"null" for SD-JWT. :-)
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
