From f9ddbff4d813822c10fc7a06e901314d7fb92b77 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Sat, 28 Sep 2024 10:37:13 -0700 Subject: [PATCH 1/7] Start IANA Registrations --- ...id-4-verifiable-credential-issuance-1_0.md | 81 ++++++++++++------- 1 file changed, 51 insertions(+), 30 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 5af3c42c..0e264f4b 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1713,25 +1713,25 @@ regulation), the Credential Issuer should properly authenticate the Wallet and e - + OpenID Connect Core 1.0 incorporating errata set 2 - - NRI + + NAT.Consulting - - Ping Identity + + Yubico - - Microsoft + + Self-Issued Consulting - - Google + + Google - - Salesforce + + Disney - + @@ -1804,15 +1804,6 @@ regulation), the Credential Issuer should properly authenticate the Wallet and e - - - COSE Algorithms - - IANA - - - - OpenID for Verifiable Presentations @@ -1882,11 +1873,11 @@ regulation), the Credential Issuer should properly authenticate the Wallet and e Connect2id - + - + OAuth Parameters @@ -2220,9 +2211,13 @@ The following is a non-normative example of a Credential Response containing a C # IANA Considerations -## Sub-Namespace Registration +## OAuth URI Registry -This specification registers the following URN in the IANA "OAuth URI" registry [@!IANA.OAuth.Parameters] established by [@!RFC6755]. +This specification registers the following URN +in the IANA "OAuth URI" registry [@IANA.OAuth] +established by [@!RFC6755]. + +### urn:ietf:params:oauth:grant-type:pre-authorized_code * URN: urn:ietf:params:oauth:grant-type:pre-authorized_code * Common Name: Pre-Authorized Code @@ -2231,38 +2226,54 @@ This specification registers the following URN in the IANA "OAuth URI" registry ## OAuth Parameters Registry -This specification registers the following parameter names in the IANA "OAuth Parameters" registry [@!IANA.OAuth.Parameters] established by [@!RFC6749]. +This specification registers the following parameter names +in the IANA "OAuth Parameters" registry [@IANA.OAuth] +established by [@!RFC6749]. + +### wallet_issuer * Parameter Name: wallet_issuer * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification +### user_hint + * Parameter Name: user_hint * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification +### issuer_state + * Parameter Name: issuer_state * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification +### pre-authorized_code + * Parameter Name: pre-authorized_code * Parameter Usage Location: token request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-request) of this specification +### tx_code + * Parameter Name: tx_code * Parameter Usage Location: token request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-request) of this specification +### c_nonce + * Parameter Name: c_nonce * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-response) of this specification +### c_nonce_expires_in + * Parameter Name: c_nonce_expires_in * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net @@ -2270,7 +2281,9 @@ This specification registers the following parameter names in the IANA "OAuth Pa ## OAuth Dynamic Client Registration Metadata Registry -This specification registers the following client metadata name in the IANA "OAuth Dynamic Client Registration Metadata" registry [@!IANA.OAuth.Parameters] established by [@!RFC7591]. +This specification registers the following client metadata name in the IANA "OAuth Dynamic Client Registration Metadata" registry [@IANA.OAuth] established by [@!RFC7591]. + +### credential_offer_endpoint * Client Metadata Name: credential_offer_endpoint * Client Metadata Description: Credential Offer Endpoint @@ -2280,16 +2293,24 @@ This specification registers the following client metadata name in the IANA "OAu ## Well-Known URI Registry -This specification registers the following well-known URI in the IANA "Well-Known URI" registry established by [@!RFC5785]. +This specification registers the following well-known URI +in the IANA "Well-Known URI" registry [@IANA.OAuth] +established by [@!RFC5785]. + +### .well-known/openid-credential-issuer * URI suffix: openid-credential-issuer * Change controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net -* Specification document: (#credential-issuer-wellknown) of this document +* Specification document: (#credential-issuer-wellknown) of this specification * Related information: (none) ## Media Types Registry -This specification registers the following media types in the IANA "Media Types" registry [@!IANA.MediaTypes] in the manner described in [@!RFC6838]. +This specification registers the following media type [@RFC2046] +in the IANA "Media Types" registry [@IANA.MediaTypes] +in the manner described in [@RFC6838]. + +### application/openid4vci-proof+jwt * Type name: `application` * Subtype name: `openid4vci-proof+jwt` From 6becbcf813077bd85258215ce211170eb712c091 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Wed, 2 Oct 2024 21:32:25 -0700 Subject: [PATCH 2/7] Completed IANA Considerations section --- ...id-4-verifiable-credential-issuance-1_0.md | 69 ++++++++++++++----- 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 0e264f4b..fdeffb40 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1354,7 +1354,7 @@ The following is a non-normative example of Credential Issuer metadata of a Cred Note: The Client MAY use other mechanisms to obtain information about the Verifiable Credentials that a Credential Issuer can issue. -## OAuth 2.0 Authorization Server Metadata +## OAuth 2.0 Authorization Server Metadata {#as-metadata} This specification also defines a new OAuth 2.0 Authorization Server metadata [@!RFC8414] parameter to publish whether the Authorization Server that the Credential Issuer relies on for authorization supports anonymous Token Requests with the Pre-Authorized Grant Type. It is defined as follows: @@ -1877,7 +1877,7 @@ regulation), the Credential Issuer should properly authenticate the Wallet and e - + OAuth Parameters @@ -2214,7 +2214,7 @@ The following is a non-normative example of a Credential Response containing a C ## OAuth URI Registry This specification registers the following URN -in the IANA "OAuth URI" registry [@IANA.OAuth] +in the IANA "OAuth URI" registry [@IANA.OAuth.Parameters] established by [@!RFC6755]. ### urn:ietf:params:oauth:grant-type:pre-authorized_code @@ -2222,79 +2222,100 @@ established by [@!RFC6755]. * URN: urn:ietf:params:oauth:grant-type:pre-authorized_code * Common Name: Pre-Authorized Code * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net -* Reference: (#token-request) of this specification +* Reference: (#credential-offer-parameters) of this specification ## OAuth Parameters Registry -This specification registers the following parameter names -in the IANA "OAuth Parameters" registry [@IANA.OAuth] +This specification registers the following OAuth parameters +in the IANA "OAuth Parameters" registry [@IANA.OAuth.Parameters] established by [@!RFC6749]. ### wallet_issuer -* Parameter Name: wallet_issuer +* Name: wallet_issuer * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification ### user_hint -* Parameter Name: user_hint +* Name: user_hint * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification ### issuer_state -* Parameter Name: issuer_state +* Name: issuer_state * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification ### pre-authorized_code -* Parameter Name: pre-authorized_code +* Name: pre-authorized_code * Parameter Usage Location: token request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-request) of this specification ### tx_code -* Parameter Name: tx_code +* Name: tx_code * Parameter Usage Location: token request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-request) of this specification ### c_nonce -* Parameter Name: c_nonce +* Name: c_nonce * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-response) of this specification ### c_nonce_expires_in -* Parameter Name: c_nonce_expires_in +* Name: c_nonce_expires_in * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-response) of this specification +### credential_identifiers + +* Name: credential_identifiers +* Parameter Usage Location: token response +* Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net +* Reference: (#token-response) of this specification + +## OAuth Authorization Server Metadata Registry + +This specification registers the following authorization server metadata parameter +in the IANA "OAuth Authorization Server Metadata" registry [@IANA.OAuth.Parameters] +established by [@!RFC8414]. + +### pre-authorized_grant_anonymous_access_supported + +* Metadata Name: pre-authorized_grant_anonymous_access_supported +* Metadata Description: Boolean indicating whether Credential Issuer accepts Token Request with Pre-Authorized Code but without `client_id` +* Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net +* Reference: (#as-metadata) of this specification + ## OAuth Dynamic Client Registration Metadata Registry -This specification registers the following client metadata name in the IANA "OAuth Dynamic Client Registration Metadata" registry [@IANA.OAuth] established by [@!RFC7591]. +This specification registers the following client metadata parameter +in the IANA "OAuth Dynamic Client Registration Metadata" registry [@IANA.OAuth.Parameters] +established by [@!RFC7591]. ### credential_offer_endpoint * Client Metadata Name: credential_offer_endpoint * Client Metadata Description: Credential Offer Endpoint * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net -* Reference: (#credential-offer-endpoint) of this specification - +* Reference: (#client-metadata) of this specification ## Well-Known URI Registry This specification registers the following well-known URI -in the IANA "Well-Known URI" registry [@IANA.OAuth] +in the IANA "Well-Known URI" registry [@IANA.OAuth.Parameters] established by [@!RFC5785]. ### .well-known/openid-credential-issuer @@ -2332,6 +2353,19 @@ in the manner described in [@RFC6838]. * Change controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Provisional registration? No +## Uniform Resource Identifier (URI) Schemes Registry + +This specification registers the following URI scheme +in the IANA "Uniform Resource Identifier (URI) Schemes" registry [@IANA.URI.Schemes]. + +### openid-credential-offer + +* URI Scheme: openid-credential-offer +* Description: Custom scheme used for credential offers +* Status: Provisional +* Well-Known URI Support: - +* Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net +* Reference: (#client-metadata-retrieval) of this specification # Use Cases @@ -2388,6 +2422,7 @@ The technology described in this specification was made available from contribut -15 * Fixed #375: Enabled non-breaking extensibility. + * Fixed #239: Completed IANA Considerations section. -14 From 45a618544f41209b2096707d56da978d4a4fe2f6 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Thu, 3 Oct 2024 07:38:30 -0700 Subject: [PATCH 3/7] Added IANA.URI.Schemes reference --- openid-4-verifiable-credential-issuance-1_0.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index fdeffb40..863be283 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1897,6 +1897,16 @@ regulation), the Credential Issuer should properly authenticate the Wallet and e + + + Uniform Resource Identifier (URI) Schemes + + IANA + + + + + REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC From 8c5587d604b8638ab1ae506c8290e6171c46881e Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Thu, 3 Oct 2024 08:20:39 -0700 Subject: [PATCH 4/7] Use IANA.JOSE reference --- openid-4-verifiable-credential-issuance-1_0.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 863be283..c67a5f1f 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -838,7 +838,7 @@ Additional proof types MAY be defined and used. The JWT MUST contain the following elements: * in the JOSE header, - * `alg`: REQUIRED. A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry [@IANA.JOSE.ALGS]. It MUST NOT be `none` or an identifier for a symmetric algorithm (MAC). + * `alg`: REQUIRED. A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry [@IANA.JOSE]. It MUST NOT be `none` or an identifier for a symmetric algorithm (MAC). * `typ`: REQUIRED. MUST be `openid4vci-proof+jwt`, which explicitly types the key proof JWT as recommended in Section 3.11 of [@!RFC8725]. * `kid`: OPTIONAL. JOSE Header containing the key ID. If the Credential shall be bound to a DID, the `kid` refers to a DID URL which identifies a particular key in the DID Document that the Credential shall be bound to. It MUST NOT be present if `jwk` is present. * `jwk`: OPTIONAL. JOSE Header containing the key material the new Credential shall be bound to. It MUST NOT be present if `kid` is present. @@ -853,7 +853,7 @@ The JWT MUST contain the following elements: The Credential Issuer MUST validate that the JWT used as a proof is actually signed by a key identified in the JOSE Header. -Cryptographic algorithm names used in the `proof_signing_alg_values_supported` Credential Issuer metadata parameter for this proof type SHOULD be one of those defined in [@IANA.JOSE.ALGS]. +Cryptographic algorithm names used in the `proof_signing_alg_values_supported` Credential Issuer metadata parameter for this proof type SHOULD be one of those defined in [@IANA.JOSE]. Below is a non-normative example of a `proof` parameter (with line breaks within values for display purposes only): @@ -1795,9 +1795,9 @@ regulation), the Credential Issuer should properly authenticate the Wallet and e - + - JSON Web Signature and Encryption Algorithms + JSON Object Signing and Encryption (JOSE) IANA From da640144dedc0f2a02ce1bbdcab129a9b1683fd5 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Thu, 3 Oct 2024 08:47:16 -0700 Subject: [PATCH 5/7] Put backquotes around registered names, as suggested by Daniel Fett --- ...id-4-verifiable-credential-issuance-1_0.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index c67a5f1f..7cf6b589 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -2229,7 +2229,7 @@ established by [@!RFC6755]. ### urn:ietf:params:oauth:grant-type:pre-authorized_code -* URN: urn:ietf:params:oauth:grant-type:pre-authorized_code +* URN: `urn:ietf:params:oauth:grant-type:pre-authorized_code` * Common Name: Pre-Authorized Code * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-offer-parameters) of this specification @@ -2242,56 +2242,56 @@ established by [@!RFC6749]. ### wallet_issuer -* Name: wallet_issuer +* Name: `wallet_issuer` * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification ### user_hint -* Name: user_hint +* Name: `user_hint` * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification ### issuer_state -* Name: issuer_state +* Name: `issuer_state` * Parameter Usage Location: authorization request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#credential-authz-request) of this specification ### pre-authorized_code -* Name: pre-authorized_code +* Name: `pre-authorized_code` * Parameter Usage Location: token request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-request) of this specification ### tx_code -* Name: tx_code +* Name: `tx_code` * Parameter Usage Location: token request * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-request) of this specification ### c_nonce -* Name: c_nonce +* Name: `c_nonce` * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-response) of this specification ### c_nonce_expires_in -* Name: c_nonce_expires_in +* Name: `c_nonce_expires_in` * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-response) of this specification ### credential_identifiers -* Name: credential_identifiers +* Name: `credential_identifiers` * Parameter Usage Location: token response * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#token-response) of this specification @@ -2304,7 +2304,7 @@ established by [@!RFC8414]. ### pre-authorized_grant_anonymous_access_supported -* Metadata Name: pre-authorized_grant_anonymous_access_supported +* Metadata Name: `pre-authorized_grant_anonymous_access_supported` * Metadata Description: Boolean indicating whether Credential Issuer accepts Token Request with Pre-Authorized Code but without `client_id` * Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net * Reference: (#as-metadata) of this specification @@ -2317,7 +2317,7 @@ established by [@!RFC7591]. ### credential_offer_endpoint -* Client Metadata Name: credential_offer_endpoint +* Client Metadata Name: `credential_offer_endpoint` * Client Metadata Description: Credential Offer Endpoint * Change Controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Reference: (#client-metadata) of this specification @@ -2330,7 +2330,7 @@ established by [@!RFC5785]. ### .well-known/openid-credential-issuer -* URI suffix: openid-credential-issuer +* URI suffix: `openid-credential-issuer` * Change controller: OpenID Foundation Digital Credentials Protocols Working Group - openid-specs-digital-credentials-protocols@lists.openid.net * Specification document: (#credential-issuer-wellknown) of this specification * Related information: (none) From 9b619abfc4b67642b1274f02249b061dbf4587ca Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Thu, 3 Oct 2024 08:51:06 -0700 Subject: [PATCH 6/7] Use IANA.JOSE reference --- openid-4-verifiable-credential-issuance-1_0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 7cf6b589..d72bbf23 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -1956,7 +1956,7 @@ When the `format` value is `jwt_vc_json`, the entire Credential Offer, Authoriza #### Credential Issuer Metadata {#server-metadata-jwt-vc-json} -Cryptographic algorithm names used in the `credential_signing_alg_values_supported` parameter SHOULD be one of those defined in [@IANA.JOSE.ALGS]. +Cryptographic algorithm names used in the `credential_signing_alg_values_supported` parameter SHOULD be one of those defined in [@IANA.JOSE]. The following additional Credential Issuer metadata parameters are defined for this Credential Format for use in the `credential_configurations_supported` parameter, in addition to those defined in (#credential-issuer-parameters). @@ -2171,7 +2171,7 @@ The Credential Format Identifier is `vc+sd-jwt`. ### Credential Issuer Metadata {#server-metadata-sd-jwt-vc} -Cryptographic algorithm names used in the `credential_signing_alg_values_supported` parameter SHOULD be one of those defined in [@IANA.JOSE.ALGS]. +Cryptographic algorithm names used in the `credential_signing_alg_values_supported` parameter SHOULD be one of those defined in [@IANA.JOSE]. The following additional Credential Issuer metadata parameters are defined for this Credential Format for use in the `credential_configurations_supported` parameter, in addition to those defined in (#credential-issuer-parameters). From fc943419a8ae0b4f30a76b3ac750ed0f211619b5 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Tue, 8 Oct 2024 10:17:11 -0700 Subject: [PATCH 7/7] Make URI scheme registration Permanent --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index d72bbf23..4d159a09 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -2372,7 +2372,7 @@ in the IANA "Uniform Resource Identifier (URI) Schemes" registry [@IANA.URI.Sche * URI Scheme: openid-credential-offer * Description: Custom scheme used for credential offers -* Status: Provisional +* Status: Permanent * Well-Known URI Support: - * Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net * Reference: (#client-metadata-retrieval) of this specification