Description
With verifier authorization generally being optional in frameworks such as the EUDI ARF, it seems that some user agents would find it desirable to restrict their support for government credentials to verifiers that have undergone some registration and certification process with the issuer / the government.
@marcoscaceres's comment in #262 (comment) makes it sound like that is the requirement WebKit ships today. Marcos, can you comment more on this?
I believe that @martinthomson mentioned to me that such a limitation could also be desirable for Mozilla
Even if a user agent does not want to outright block requests from unauthorized verifiers, it might be desirable to increase user friction and show some kind of warning.
Assuming that there are > 0 implementers that desire this, is this something that should be defined more formally in the DC API spec?