Section 5.10 is confusing when describing the usage of the request_object_signing_alg_values_supported parameter. This chapter uses the parameter term for both Request URI parameters (namely wallet_metadata and wallet_nonce) and Wallet Metadata parameters ("the Wallet […] SHOULD use the jwks parameter within the wallet_metadata parameter…"). The paragraph about request_object_signing_alg_values_supported says "the Wallet SHOULD list […] algorithms […] through the request_object_signing_alg_values_supported parameter". It is difficult to tell if this parameter is a Request URI parameter or a Wallet Metadata parameter.
Also:
- Section 10, despite defining the Wallet metadata parameters for OID4VP, does not list
request_object_signing_alg_values_supported (nor jws also described in 5.10).
request_object_signing_alg_values_supported is defined in OpenID Connect Discovery 1.0, but this specification is not referenced by OID4VP.- The example in Section 13.1.2 shows
request_object_signing_alg_values_supported as a parameter inside Wallet metadata, along with parameters defined both in OID4VP and RFC 8414.
It seems that request_object_signing_alg_values_supported was intended as a Wallet metadata parameter, but confusion remains possible. Could someone please confirm this position?
Section 5.10 is confusing when describing the usage of the
request_object_signing_alg_values_supportedparameter. This chapter uses the parameter term for both Request URI parameters (namelywallet_metadataandwallet_nonce) and Wallet Metadata parameters ("the Wallet […] SHOULD use thejwksparameter within thewallet_metadataparameter…"). The paragraph aboutrequest_object_signing_alg_values_supportedsays "the Wallet SHOULD list […] algorithms […] through therequest_object_signing_alg_values_supportedparameter". It is difficult to tell if this parameter is a Request URI parameter or a Wallet Metadata parameter.Also:
request_object_signing_alg_values_supported(norjwsalso described in 5.10).request_object_signing_alg_values_supportedis defined in OpenID Connect Discovery 1.0, but this specification is not referenced by OID4VP.request_object_signing_alg_values_supportedas a parameter inside Wallet metadata, along with parameters defined both in OID4VP and RFC 8414.It seems that
request_object_signing_alg_values_supportedwas intended as a Wallet metadata parameter, but confusion remains possible. Could someone please confirm this position?