OID credential issuer identifier

[fabrii]

Hi!

We can see in the specification the following text:

12.4. Relationship between the Credential Issuer Identifier in the Metadata and the Issuer Identifier in the Issued Credential
The Credential Issuer Identifier is always a URL using the https scheme, as defined in Section 10.2.1. Depending on the Credential Format, the Issuer identifier in the issued Credential may not be a URL using the https scheme. Some other forms that it can take are a DID included in the issuer property in a [VC_DATA] format, or the Subject value of the document signer certificate included in the x5chain element in an [ISO.18013-5] format.

We were thinking about using OIDs, managed by ISO & ITU-T (ISO/IEC 8824-1 Information Technology - Abstract Syntax Notation One (ASN.1))

For example:

"issuer": "urn:oid:2.16.858.0.0.0.3.0",

Is this aligned with the spec?

Thank you

[jogu]

Could you share a bit more about the design of your system, e.g. what credential format this is for etc please?

[fabrii]

This is for a ldp_vc credential.

Example

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://example.com/api/contexts/transport/driverlicense-v1"
    ],
    "type": [
        "VerifiableCredential",
        "DriverLicenseCredential"
    ],
    "id": "urn:uuid:f3d85c09-965a-4dea-9681-3f4120df6bdb",
    "issuer": "urn:oid:2.16.858.0.0.0.3.0",
    "issuanceDate": "2022-12-01T18:08:24Z",
    "credentialSubject": {
        "id": "did:key:z2DfPjA1yT6cWbLjxavov7PpqNipHUNW8QMuj6SQPPm11zP",
        "name": "X"
    },
    "credentialStatus": { type: 'StatusList2021Entry', .... },
    "proof": {
        "type": "RsaSignature2018",
        "created": "2022-12-01T18:08:24Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "urn:oid:2.16.858.0.0.0.3.0#1",
        "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJSUzI1NiJ9..H5da7Jq118Wo31QrJsUY3Z1C7--kyUoXHoo5N2WDWfz9ma5TdilcE4Os5CGQEuOAWTF3wXIYj6qne4nZ1nGGj2Nz7KjH5xsetzAIWexTzq8hzz8ACanmbb3SIE7O9zJlA79F5TkYDFo72PXJpu0NLmksY-LUh9fLWxQcNYQvwWVUYX2h_gk8S_UnvvFDRbkAVJZT-QvpQ4kvWmv6SPWMZyw1ghVrdJLSe_k1VCmdDl4RQ66zjAmxzOkjgqCTsQEm-qpBD3eDLx_VioFOK9Qz9AReoHctnfvx-bj3Y6bDq5U7gmSIy_OfWuw48Dejz7AvbgQq2uHm9DTQN71WFxleAA"
    }
}

Every issuer will have a unique oid identifier, valid and unique in the entire world.
We also have a Verifiable Data Registry with issuers public keys, and a custom document loader that can handle urn:oid:2.16.858.0.0.0.3.0#1 keys.
Personally, I’m not a fan of using HTTPS URLs as issuer identifiers, since the issuer’s domain could change over time. An assigned OID, however, remains permanent.