Sending the presentation definition by reference
Currently the RP sends its VC requirements in a presentation definition that is embedded in the request. An alternative approach is for the RP to send its VC requirements to the (SI)OP by reference. This reference could be to a public policy server, so that multiple RPs (e.g. members of a federation) can reference the same VC requirements. Furthermore by making their requirements publicly visible, this ensures compliance with GDPR’s minimal disclosure rules, and aides inspection by the ICO.
The proposal is for the presentation definition to be referenced by a URL to its location on the policy server (or it could be by a URI and the policy could be stored on a blockchain).
Comments (9)
-
-
reporter Yes this looks pretty good to me
-
This is actually already achievable using
request_uri
to point to the policy-agreed request parameters that include the VP.The way
request_uri
works is that it is loaded and the values it contains are merged with any additional dynamic parameters passed in on the request (but not overridden), such that it can be static and shared across many uses for just the fixed/policy values.I do think it would make a good addition to the spec to describe this usage of it.
-
reporter Thanks for this Jeremie. Would you be so good as to write the PR describing this use of request_uri.
Torsten, can we add to Section 9 a new example showing the use of request_uri to pass the presentation definition by reference.
-
- changed status to open
Discussed on the 20-Sep-21 working group call.
-
- changed component to Verifiable Presentation
at Sept-20-2021 Connect call, Jeremie agreed to file a PR on this issue when current set of SIOP PRs are done
-
at Dec-2-2021 SIOP call, David C. agreed to work on it.
-
reporter This has been fixed in PR
101https://bitbucket.org/openid/connect/pull-requests/101 -
- changed status to resolved
- Log in to comment
We could introduce
verifiable_presentations_uri
, so that the request will look like:or