Generalize interaction model

Comments from TL regarding for pull request #39

https://bitbucket.org/openid/connect/pull-requests/39/merging-cp-into-ca#comment-238238513

Torsten Lodderstedt 2021-07-24

This interaction model fits well with standard OIDC aggregated claims. I don’t see how it fits Verifiable Credentials given that the presentation of such credentials with a CC does not require interactions (and shall prevent interactions) with the IA. There is also no need to bind the subject identifier in such a presentation with any identifier at the IdA simply because the holder proves control over key material.

I recommend to generalize the interaction model.

I also think there could be another variant of the interaction model where the IdA checks transforms the Verifiable Presentation into standard OIDC claims in order to make consumption easier for the CC. That would allow an architecture where the VCs are kept at the user’s device and provided to the IdA as VPs in the OIDC process.

Nat Sakimura 2021-08-09

The phases does not have to happen sequentially. They could happen out-of-order. For example, IdA could obtain the claimset long before the CC’s request.

The binding does not have to be identifier based but it could employ other methods. NB this PR is not to include all these methods or improvement but just to restructure so that these can be brought in easier. Tobias will be providing these right after this PR is being accepted.

‌

‌