RFC 002 - Add Client Metadata for relying parties

[lalc]

In several situations, we realised the need to show the user who the relying party is. E.g. Payments. It provides a better user experience by showing the merchant's logo on the payment screen, e.g.

[peppelinux]

It would be interesting using a cryptografically verifiable trust Mark in the form of qrcode

[lalc]

Or simply an LPID @malinnorlander @michelleludovici1 @celiacouson @georgepadayatti

[lalc]

Comments from Stefan / VISA towards RFC008.

• Not sure that you as a wallet would want to load and try to display binary data appearing to be an image from an arbitrary URI on a per-transaction basis without further security guards. Hence I would not recommend putting this into the transaction_data. This would also open doors to deceiving the consumer (i.e. logo does not match the merchant).

• Client metadata of the RP seems to be a better approach as this way, at least the URI is read from a resource that can be associated with the RP.

• Ideally, I would say that this type of data should also be connected to the RP's access certificate and information in there (e.g. a shared base URL at least). But I am aware that this is still open and future-looking.

[endimion]

Hey all,

Yes I agree with Stefan, for me the client metadta is the natural place for adding this info...