Skip to content

Security considerations for client_metadata parameters#735

Open
dpostnikov wants to merge 2 commits into
mainfrom
dpostnikov-patch-3
Open

Security considerations for client_metadata parameters#735
dpostnikov wants to merge 2 commits into
mainfrom
dpostnikov-patch-3

Conversation

@dpostnikov

@dpostnikov dpostnikov commented Apr 27, 2026

Copy link
Copy Markdown
Collaborator

resolves #670

Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>

In case of using OpenID4VP over DC API, as defined in (#dc_api), it is at the discretion of the Wallet whether it validates the signature on the Request Object following the processing rules defined by a relevant Client Identifier Prefix. Factors that influence the Wallet's decision include, but are not limited to, the trust framework the Wallet supports, the specific policies defined by the Issuers or ecosystem, and profiles of this specification.

* `redirect_uri`: This prefix value indicates that the original Client Identifier part (without the prefix `redirect_uri:`) is the Verifier's Redirect URI (or Response URI when Response Mode `direct_post` is used). The Verifier MAY omit the `redirect_uri` Authorization Request parameter (or `response_uri` when Response Mode `direct_post` is used). All Verifier metadata parameters MUST be passed using the `client_metadata` parameter defined in (#new_parameters). An example Client Identifier value is `redirect_uri:https://client.example.org/cb`. Requests using the `redirect_uri` Client Identifier Prefix cannot be signed because there is no method for the Wallet to obtain a trusted key for verification. Therefore, implementations requiring signed requests cannot use the `redirect_uri` Client Identifier Prefix.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest we put at least this change into 1.0 errata too.

Comment on lines +1985 to +1989
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.

Ecosystems can use other ecosystem-specific trusted data sources as long as they conduct a proper trust evaluation.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have to be careful not to conflict with this text:

Image

"It is recommended" probably needs to be reworded, and 'Ecosystems' we used 'profiles' in the other text.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jogu What specifically is the problem with the "it is recommended" text? Just that it reads as a normative statement?

And what about something like this:

Suggested change
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.
It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.
Ecosystems can use other ecosystem-specific trusted data sources as long as they conduct a proper trust evaluation.
Ecosystems can define other ecosystem-specific trusted data sources in a profile as long as they conduct a proper trust evaluation.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jogu where do you think it conflicts? Is it the example of the public key and should we be more specific that it is about specific, ephemeral public keys as described in the section?

In the spec I also often notice we use "ecosystems or profiles" instead of the one or the other. Maybe that applies here as well.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jogu Would be great to have some more detail on this.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think my concern was in the conflict between

It is recommended (for Wallet implementers) to use client_metadata parameters...

and

Other metadata parameters MUST be ignored unless a profile <...>'

If the recommendation is scoped to profiles that's better. But maybe something like:

Profiles MAY define additional client_metadata parameters for client-supplied parameters that can be used untrusted, for example, a public key.

(Pretty sure that can be improved upon)


## Source of verifier metadata considerations

Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

@jogu jogu May 7, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe something more like this:

Suggested change
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a End-User. For example, a client name obtained from an X.509 certificate that was used to a signed request, or a client name obtained from OpenID Federation from a signed requested, can be trusted, whereas a client name from the `client_metadata` parameter cannot.

@paulbastian

Copy link
Copy Markdown
Contributor

@fkj to re-review
@jogu please re-review
@c2bo @javereec to also add reviews

@fkj fkj requested review from c2bo and javereec June 4, 2026 15:13
MUST perform its own security checks on the returned Credentials and
Presentations.

## Source of verifier metadata considerations

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: match the style of the other headings in this section:

Suggested change
## Source of verifier metadata considerations
## Source of Verifier Metadata


## Source of verifier metadata considerations

Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A competing suggestion to @jogu's:

Suggested change
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. The trust in the client metadata determines whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate used in a signed request can be trusted, whereas a client name from the `client_metadata` parameter cannot.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated version of this - I think the 'can be trusted' in the original sentence is a bit too strong:

Suggested change
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. The trust in the client metadata determines whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate used in a signed request can potentially be trusted, whereas a client name from the `client_metadata` parameter cannot.

I think it'd be good to mention OpenID Federation as an example too, but that's not a hill I feel I need to die on.

Comment on lines +1985 to +1989
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.

Ecosystems can use other ecosystem-specific trusted data sources as long as they conduct a proper trust evaluation.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jogu What specifically is the problem with the "it is recommended" text? Just that it reads as a normative statement?

And what about something like this:

Suggested change
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.
It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.
Ecosystems can use other ecosystem-specific trusted data sources as long as they conduct a proper trust evaluation.
Ecosystems can define other ecosystem-specific trusted data sources in a profile as long as they conduct a proper trust evaluation.

@fkj fkj requested a review from jogu June 15, 2026 19:33
Comment on lines +1985 to +1989
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.

Ecosystems can use other ecosystem-specific trusted data sources as long as they conduct a proper trust evaluation.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think my concern was in the conflict between

It is recommended (for Wallet implementers) to use client_metadata parameters...

and

Other metadata parameters MUST be ignored unless a profile <...>'

If the recommendation is scoped to profiles that's better. But maybe something like:

Profiles MAY define additional client_metadata parameters for client-supplied parameters that can be used untrusted, for example, a public key.

(Pretty sure that can be improved upon)


## Source of verifier metadata considerations

Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated version of this - I think the 'can be trusted' in the original sentence is a bit too strong:

Suggested change
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.
Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. The trust in the client metadata determines whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate used in a signed request can potentially be trusted, whereas a client name from the `client_metadata` parameter cannot.

I think it'd be good to mention OpenID Federation as an example too, but that's not a hill I feel I need to die on.

@brentzundel

Copy link
Copy Markdown
Collaborator

@dpostnikov can you respond to reviews here before the WG calls this week?


Wallet implementers need to choose a source of client metadata they can trust within their own ecosystem or implementation. This should determine whether it is safe to use or display to a User. For example, a client name obtained from an X.509 certificate can be trusted, whereas a client name from the `client_metadata` parameter cannot.

It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably need to clarify this - a public key used for signature verification probably can't be trusted:

Suggested change
It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key.
It is recommended to use `client_metadata` parameters only for client-supplied parameters that can be used untrusted, for example, a public key used to encrypt the response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Retrieving all client metadata from client_metadata parameter seems too restrictive

6 participants