Clarify what can go in client_metadata authz request parameter

[jogu]

As per working group consensus agreed on 21st May call:

#17 (comment)

closes #17

[Sakurann]

Suggested change

	Other metadata parameters defined in, for example, Section 4.3 and Section 2.1 of the OpenID Connect Dynamic Client Registration 1.0 [@!OpenID.Registration] specification or [@!RFC7591] MUST NOT be used unless a profile of this specification explicitly defines them as usable in the `client_metadata` parameter.
	Other metadata parameters MUST NOT be used unless a profile of this specification explicitly defines them as usable in the `client_metadata` parameter.

per WG discussion. personally, I would like to see this sentence in line 264

[jogu]

I'll apply this suggestion.

I can't see a way to have the text read nicely that moves the line up to line 264.

[peppelinux]

Suggested change

	Values passed in `client_metadata` MUST NOT override authorative data the wallet is able to obtain about the client from other sources, for example those from an OpenID Federation Entity Statement.
	Values passed in `client_metadata` MUST NOT override authoritative data the Wallet is able to obtain about the Client from other sources, for example those from an OpenID Federation Entity Statement.

[peppelinux]

@jogu here I would add an additional guidance for the implementers about how to deal with overlapping metadata, one obtained within the request and another one from an authoritative sources such as Federation or any other trusted metadata registry.

We may apply a rule based on the json object update

we have two objects in an hierarchy of priority: json_authoritative and json_ephemeral, the first from Federation and the latter from the request.

In [1]: json_authoritative = {"a": 1, "b": 2, "c": 3}

In [2]: json_ephemeral = {"a": 2, "b":1, "d":5}

In [3]: json_ephemeral.update(json_authoritative)

In [4]: json_ephemeral
Out[4]: {'a': 1, 'b': 2, 'd': 5, 'c': 3}

therefore we may say that authoritative one must overwrite the ephemeral one.
As we may notice, the parameters that are not present in the authoritative but in the ephemeral, will be added to the authoritative one. The weakness of this approach is that the authoritative is therefore "updated" due to the merge with the ephemeral one, and this eluded the federation policies.

For this reason we should say something about this, and therefore distinguish two different moments:

1. merge the two metadata having the federation one as priority
2. apply again the trust chain policies

This might find space in the openid federation wallet architecure draft, for its specific purpose on this topic

[Sakurann]

therefore we may say that authoritative one must overwrite the ephemeral one.

I think the text already says that?

[Sakurann]

Suggested change

	Values passed in `client_metadata` MUST NOT override authorative data the wallet is able to obtain about the client from other sources, for example those from an OpenID Federation Entity Statement.
	Authoritative data the wallet is able to obtain about the client from other sources, for example those from an OpenID Federation Entity Statement, overrides the values passed in `client_metadata`.

we could paraphrase like this, but I am hesitant to add anything more than that

[jogu]

I think Giuseppe is asking: what happens if an encryption key is specified both in the request and in OpenID Federation?

I think this is a bigger topic that probably needs a specific issue and separate PR. This is problem that already exists without this PR.

There are two conflicting requirements:

1. Some people want to use per-session encryption keys
2. Some people want to ensure that only encryption keys from federation are used

I am pretty sure it is not possible to put an ephemeral key into federation metadata (it's just technically not feasible to have the federation metadata for a client potentially changing multiple times in a second?), so I'm not sure I see an obvious way to satisfy both sets of people.

[jogu]

I'll apply something along the lines of Kristina's suggestions.

[peppelinux]

Suggested change

	Other metadata parameters defined in, for example, Section 4.3 and Section 2.1 of the OpenID Connect Dynamic Client Registration 1.0 [@!OpenID.Registration] specification or [@!RFC7591] MUST NOT be used unless a profile of this specification explicitly defines them as usable in the `client_metadata` parameter.
	Other metadata parameters defined in, for example, Section 4.3 and Section 2.1 of the OpenID Connect Dynamic Client Registration 1.0 [@!OpenID.Registration] specification or [@!RFC7591] SHOULD NOT be used unless a profile of this specification explicitly defines them as usable in the `client_metadata` parameter.

I have changed my mind on this, according to OAuth philosophy things that you don't understand you ignore. It would be better to not break this rule to facilitate extensions based on openid4vp

[Sakurann]

I think what you are trying to get at, Giuseppe, is totally possible with a current text, you just need an extension or a profile says why it is ok to use a specific parameter. i would have a strong preference to keep it must not.

[jogu]

I've changed to 'MUST be ignored" which I think better reflects the intent and extensibility. As Kristina says, it is very deliberate to make clear people must not just use other already defined client metadata values.

[peppelinux]

Suggested change

	To obtain Verifier's public key for the input to the key agreement to encrypt the Authorization Response, the Wallet MUST use `jwks` claim within the `client_metadata` request parameter, or within the metadata defined in the Entity Configuration when [@!OpenID.Federation] is used, or other mechanisms.
	To encrypt the Authorization Response, the Wallet uses the 'jwks` parameter within the `client_metadata` request parameter. This is REQUIRED if no other methods are available to retrieve the Verifier's metadata, such as through the trust chain described in [@!OpenID.Federation].

Generally metadata in Federation are only final metadata derived from the trust chain.

[jogu]

This reads like encryption is mandatory, but we've not agreed that as a WG. Also I don't think 'securely encrypt' should be used, it's just encryption. As this is existing text (I only removed 'jwks_uri' from this sentence) I think we should handle changing this in a separate issue.

[Sakurann]

how about paraphrasing like this?

Suggested change

	To obtain Verifier's public key for the input to the key agreement to encrypt the Authorization Response, the Wallet MUST use `jwks` claim within the `client_metadata` request parameter, or within the metadata defined in the Entity Configuration when [@!OpenID.Federation] is used, or other mechanisms.
	To obtain Verifier's public key for the input to the key agreement to encrypt the Authorization Response, the Wallet MUST use `jwks` claim within the `client_metadata` request parameter, if no other mechanisms such as the metadata defined in the Entity Configuration in [@!OpenID.Federation] are used.

[jogu]

@Sakurann I'm not sure how to read this. Does it mean "if the verifier has a jwks in its federation metadata it can't use ephemeral encryption keys"? If so I think that would be a normative change that I'm not sure I'm comfortable making in this PR.

[peppelinux]

Applied @jogu 's suggestion here: https://github.com/openid/OpenID4VP/pull/233/files#r1752230536

[jogu]

I'm somewhat confused as to what the latest suggestion here is, but I think if people think updates are needed to the text around how keys from Federation overlap with keys from client_metadata parameter then we should handle that in a separate issue please as that's outside of the scope of this PR and hasn't been discussed in the working group yet. This PR does not make anything worse in that area.

[peppelinux]

I approve this PR, I ask changes from an editorial perspective and for some further pedantic clarifications

[jogu]

Thanks everyone for this comments - this is ready for re-review! I've applied most suggestions, other than some I've commented that I think we should handle separately if they're needed.

[Sakurann]

LGTM - thanks a lot, Joseph!

[c2bo]

Linking #251 here: We still have a dedicated section (Section 9) for client_metadata which is currently linked to only in section 5.1 and has less detail than the introduction done here. Should we just remove section 9 then?

on the current changes of the PR: I think this makes it a lot easier to understand 👍

[Sakurann]

I don't think there is a need to remove section 9. that one defines a new parameter and talks about discovery.

[peppelinux]

Approved in advance with some pending suggestions I feel familiar to get included

[awoie]

With ISO mdocs, this key is also used with ECDH + HMAC; not only for JARM. Does this language prevent the usage of this? I assume some similar usage is done also with SD-JWT VC @paulbastian ?

Suggested change

* `jwks`: OPTIONAL. A JWKS as defined in [@!RFC7591] that can contain one or more public keys with the `"use": "enc"` parameter to be used by the Wallet as an input to the key agreement to encrypt the Authorization Response (see (#jarm)). This allows the verifier to pass an empheral encryption key that is only used for this authorization request. Public keys included in the `jwks` parameter MUST NOT be used to verify the signature of signed Authorization Requests.

* `jwks`: OPTIONAL. A JWKS as defined in [@!RFC7591] that can contain one or more public keys with the `"use": "enc"` parameter to be used by the Wallet as an input to the key agreement to encrypt the Authorization Response (see (#jarm)). This allows the verifier to pass an empheral encryption key that is only used for this authorization request. Public keys included in the `jwks` parameter MUST NOT be used to verify the signature of signed Authorization Requests.

[paulbastian]

thats true, in Designated Verifier Signatures for JOSE, we don't define what the protocol layers above should use, but we definitly need something for RP public key and it makes sense to use this one

[awoie]

Generally looks good. I just had some questions on the limitations of the usage of the keys in the jwks parameter.

[paulbastian]

I approve given that the key usage for jwks for signature algorithms is accepted

[jogu]

I've applied all comments now (other than two about the overlap with federation that I believe aren't in scope nor agreed with WG yet and have responded saying so).

@awoie could you check the new text please and approve if you're happy? It should allow for both the mdoc & jwt mac based signature you/Paul mentioned.

[awoie]

lgtm. it would be great if we could incorporate my suggestion.