Skip to content


Posted on:August 3, 2023 at 12:00 AM

We define the term provider in this context to be a trusted intermediary service used by a person as they interact with an app/site (app). That app might be playing the role of relying party, service, provider, VC issuer, VC verifier, or other roles. Examples of providers include:

Individuals are free to adopt whatever providers they wish from among many alternatives. However, this creates a problem for the app developer: how does the app know which provider the person would like to use? The app developer is faced with two choices:

If an app could discover the provider’s capabilites, it could do things like:

But this begs the question, how does the app discover the provider’s capabilities?.

These two questions have not been answered in a general way, although partial answers exist:

Authorization providers and the NASCAR problem

An app instead of, or in addition to, authenticating the person using a username and password may choose to rely on an external OpenID Connect-compatible Authorization Server (provider) and it authentication and authorization of the person. Theoretically, the app could implement OpenID Connect Discovery but due to usability issues it has not been widely adopted.

Instead, the app displays a button for each provider. However, if there are too many options the resulting site starts to look like a car at NASCAR which is ugly, confusing, and inconvenient.


There are dozens of OpenID Connect Authorization providers each with its own logo-ed button such as Continue-with-Google, Continue-with-Twitter, -Apple, -Facebook, -LinkedIn, and so on.


The problem is exacerbated by protocols like OpenID SIOP that allow each person to have a personal identity provider (aka a wallet) from one of hundreds of alternative wallet providers.

The app doesn’t know which authorization provider the person would like to use before the person is looking at the initial app/site screen. The NASCAR problem would be solved if the app could (i) discover a priori the set of authorization providers the person has available and (ii) find one or more matches with the set of authorization providers the app/site supports and then (iii) display only the matches. The result would be a small, although hopefully not the null, set of alternatives and the app would display a button for each.