Episode 086: 01‐30‐2025 OpenID for Verifiable Credentials Update - GluuFederation/identerati-office-hours GitHub Wiki
Title: OpenID for Verifiable Credentials Update
-
Host: Mike Schwartz, Founder/CEO Gluu
-
Guest: Kristina Yasuda, Identity Architect at SPRIND - Bundesagentur für Sprunginnovationen
-
Guest: Torsten Lodderstedt, Digital Identity Architect at SPRIND - Bundesagentur für Sprunginnovationen
Description
OpenID for Verifiable Presentations (OpenID4VP) is an implementers draft specification that defines a mechanism on top of OAuth that enables presentation of Verifiable Credentials (in any format) as Verifiable Presentations. Kristina, Torsten and others have been presenting OpenID4VP at conferences and IIWs for years. Where is it now? What can we expect in 2025? What is the feedback from early adopters? Join us for this discussion, and bring your own questions for two of the spec authors.
Homework
- OpenID for Verifiable Presentations - Editor's Draft
- OpenID for Verifiable Credential Issuance - Editor's draft
- All OpenID4VC Drafts
Takeaways
-
⚡ OpenID4 VC Editor Drafts are now upon us (aka version 24), and the plan is for a stable 1.0 OpenID4VP release in June 2025! After that, no breaking changes -- just enhancements.
-
⚡ Hopefully there will be a myriad of RPs, many issuers and a few wallets. People having many wallets on their device is not ideal--they will need to select a wallet, and then select a credential to present.
-
⚡ All sorts of credentials will be presented from wallets--not just identity credentials. OpenID4VC has always been credential-format-neutral. An example of a non-identity credential presentation is a payment: the credential may contain only a transaction id.
-
⚡ Once a person authenticates, the IDP may have certain requirements around the security of the wallet's private key. If some wallets don't meet these security requirements, the IDP may not want to issue the credential. You could say that the IDP needs to trust the wallet not to lose this credential. To address this, the IDP may require the wallet to produce an "attestation" about the security of the platform.
-
⚡ OpenID4VP is only a small portion of the total wallet ecosystem needed for success. The tools and rules we still need as a society to move from federated identity (IDP-SP) to wallet-based identity (Holder-Verifier-Issuer) are significant. OpenID4VP credential issuance and presentation may be final in June, but this new global wallet ecosystem is going to take more work.