ConfirmationClaim

RFC 7800: When the key held by the presenter is a symmetric key, the encryptedSymmetricKey member is an encrypted JsonWebKey encrypted to a key known to the recipient using the JWE Compact Serialization containing the symmetric key.

RFC 7800: When the key held by the presenter is an asymmetric private key, the jsonWebKey member is a JsonWebKey representing the corresponding asymmetric public key.

RFC 7800: The proof-of-possession key can be passed by reference instead of being passed by value. This is done using the "jku" member. Its value is a URI (RFC3986) that refers to a resource for a set of JSON- encoded public keys represented as a JsonWebKeySet, one of which is the proof-of-possession key. If there are multiple keys in the referenced JWK Set document, a keyId member MUST also be included with the referenced key's JWK also containing the same keyId value.

RFC 9449: JWK SHA-256 Thumbprint confirmation method. The value of the jsonWebKeyThumbprint member MUST be the base64url encoding (as defined in RFC7515) of the JWK SHA-256 Thumbprint (according to RFC7638) of the DPoP public key (in JWK format) to which the access token is bound.

RFC 7800: The proof-of-possession key can also be identified by the use of a Key ID instead of communicating the actual key, provided the recipient is able to obtain the identified key using the Key ID.

OID4VC HAIP: String that asserts the security mechanism the Wallet uses to manage the private key associated with the public key given in the cnf claim. This mechanism is based on the capabilities of the execution environment of the Wallet, this might be a secure element (in case of a wallet residing on a smartphone) or a Cloud-HSM (in case of a cloud Wallet).

OID4VC HAIP: String that asserts the security mechanism the Wallet uses to authenticate the user to authorize access to the private key associated with the public key given in the cnf claim.