From eef90530426b7a06b8d7a0cc4e58187a69269045 Mon Sep 17 00:00:00 2001 From: Sakurann Date: Sun, 26 Apr 2026 22:30:44 +0200 Subject: [PATCH 1/2] fixes #635 --- 1.0/openid-4-verifiable-presentations-1_0.md | 2 +- 1.1/openid-4-verifiable-presentations-1_1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/1.0/openid-4-verifiable-presentations-1_0.md b/1.0/openid-4-verifiable-presentations-1_0.md index cccbdc27..65e7177e 100644 --- a/1.0/openid-4-verifiable-presentations-1_0.md +++ b/1.0/openid-4-verifiable-presentations-1_0.md @@ -2481,7 +2481,7 @@ This is an example of the payload of a signed OpenID4VP request used with the W3 #### JWS JSON Serialization {#multi_signed_request} -The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different attestations for each Client Identifier. +The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different Verifier Info for each Client Identifier. In this case, the following request parameters, if used, MUST be present only in the protected header of the respective `signature` object in the `signatures` array defined in [@!RFC7515, section 7.2.1]: diff --git a/1.1/openid-4-verifiable-presentations-1_1.md b/1.1/openid-4-verifiable-presentations-1_1.md index c82af1df..b8f95907 100644 --- a/1.1/openid-4-verifiable-presentations-1_1.md +++ b/1.1/openid-4-verifiable-presentations-1_1.md @@ -2545,7 +2545,7 @@ This is an example of the payload of a signed OpenID4VP request used with the W3 #### JWS JSON Serialization {#multi_signed_request} -The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different attestations for each Client Identifier. +The JWS JSON Serialization ([@!RFC7515]) allows the Verifier to use multiple Client Identifiers and corresponding key material to protect the same request. This serves use cases where the Verifier requests Credentials belonging to different trust frameworks and, therefore, needs to authenticate in the context of those trust frameworks. It also allows the Verifier to add different Verifier Info for each Client Identifier. In this case, the following request parameters, if used, MUST be present only in the protected header of the respective `signature` object in the `signatures` array defined in [@!RFC7515, section 7.2.1]: From c15b181b4a0dd6f4ca5ebe3b53502996952213c2 Mon Sep 17 00:00:00 2001 From: Sakurann Date: Sun, 26 Apr 2026 22:32:53 +0200 Subject: [PATCH 2/2] history entry --- 1.0/openid-4-verifiable-presentations-1_0.md | 3 ++- 1.1/openid-4-verifiable-presentations-1_1.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/1.0/openid-4-verifiable-presentations-1_0.md b/1.0/openid-4-verifiable-presentations-1_0.md index 65e7177e..a14a37f3 100644 --- a/1.0/openid-4-verifiable-presentations-1_0.md +++ b/1.0/openid-4-verifiable-presentations-1_0.md @@ -3567,7 +3567,8 @@ The technology described in this specification was made available from contribut -31 * Clarify that `encrypted_response_enc_values_supported` applies only if JWE content encryption algorithm is used - * Clarify that `aud` corresponds to `issuer` Wallet Metadata paremeter if Dynamic Discovery is used + * Clarify that `aud` corresponds to `issuer` Wallet Metadata paremeter if Dynamic Discovery is used + * Clarified that Multi-RP-sig section means Verifier Info instead of attestations -final diff --git a/1.1/openid-4-verifiable-presentations-1_1.md b/1.1/openid-4-verifiable-presentations-1_1.md index b8f95907..e0c0c738 100644 --- a/1.1/openid-4-verifiable-presentations-1_1.md +++ b/1.1/openid-4-verifiable-presentations-1_1.md @@ -3635,3 +3635,4 @@ The technology described in this specification was made available from contribut * Add security consideration not to use VP Token as Access Token * Clarify that `encrypted_response_enc_values_supported` applies only if JWE content encryption algorithm is used; e.g., it does not apply to JOSE HPKE * Clarify that `aud` corresponds to `issuer` Wallet Metadata paremeter if Dynamic Discovery is used + * Clarified that Multi-RP-sig section means Verifier Info instead of attestations