diff --git a/1.0/openid-4-verifiable-presentations-1_0.md b/1.0/openid-4-verifiable-presentations-1_0.md index ba3165f9..c670199a 100644 --- a/1.0/openid-4-verifiable-presentations-1_0.md +++ b/1.0/openid-4-verifiable-presentations-1_0.md @@ -2507,7 +2507,7 @@ This is an example of the payload of a signed OpenID4VP request used with the W3 #### JWS JSON Serialization {#multi_signed_request} -The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different attestations for each Client Identifier. +The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different Verifier Info for each Client Identifier. In this case, the following request parameters, if used, MUST be present only in the protected header of the respective `signature` object in the `signatures` array defined in [@!RFC7515, section 7.2.1]: @@ -3595,6 +3595,7 @@ The technology described in this specification was made available from contribut -31 * Clarify that `encrypted_response_enc_values_supported` applies only if JWE content encryption algorithm is used + * Clarified that Multi-RP-sig section means Verifier Info instead of attestations * Updated origin examples to remove trailing slash * Clarify that `aud` corresponds to `issuer` Wallet Metadata paremeter if Dynamic Discovery is used * Clarified that request_uri_method is a case-sensitive string diff --git a/1.1/openid-4-verifiable-presentations-1_1.md b/1.1/openid-4-verifiable-presentations-1_1.md index ae6f874d..34fccb21 100644 --- a/1.1/openid-4-verifiable-presentations-1_1.md +++ b/1.1/openid-4-verifiable-presentations-1_1.md @@ -2571,7 +2571,7 @@ This is an example of the payload of a signed OpenID4VP request used with the W3 #### JWS JSON Serialization {#multi_signed_request} -The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different attestations for each Client Identifier. +The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different Verifier Info for each Client Identifier. In this case, the following request parameters, if used, MUST be present only in the protected header of the respective `signature` object in the `signatures` array defined in [@!RFC7515, section 7.2.1]: @@ -3663,5 +3663,6 @@ The technology described in this specification was made available from contribut * Add security consideration not to use VP Token as Access Token * Clarify that `encrypted_response_enc_values_supported` applies only if JWE content encryption algorithm is used; e.g., it does not apply to JOSE HPKE * Clarify that `aud` corresponds to `issuer` Wallet Metadata paremeter if Dynamic Discovery is used + * Clarified that Multi-RP-sig section means Verifier Info instead of attestations * Updated origin examples to remove trailing slash * Clarified that request_uri_method is a case-sensitive string