1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

Term "Wallet" is used without being defined

Issue #1390 resolved
Michael Jones created an issue

Both the OIDC4VP and OIDC4VCI specifications use the term “Wallet” without defining the abstraction or saying how it relates to other abstractions used in the specifications. I understand that the term is in common usage in some communities but if we use it in our specifications, we owe it to implementers to say what it is (and possibly what it is not), so that whatever it refers to is clearly defined and actionable by implementers and End-Users.

(Note that we chose to avoid the term entirely in the SIOPv2 spec exactly because the term “Wallet” appear to mean many different things to different people.)

I’m OK with us fixing this after the Implementer’s Draft is approved, but we should work on the fix in the meantime and be ready to update the specs at that point.

Official response

Comments (11)

  1. Tom Jones

    It seems that a wallet is any mobile app that is not a Bowser but has access to some level of security. It appears that it securely stores creds as well.

  3. Kristina Yasuda

    If we are to define a term wallet, I think we may want to avoid defining the specific form of implementing a wallet (native app, PWA, local, in the cloud, etc.) and instead describe the functionality - storing, and presenting user claims, etc.

  4. David W Chadwick

    In the VC/VP specification the term wallet is not used. The term is Holder. Perhaps OIDC4VP should use this term instead of wallet

  5. Tom Jones

    David might be right as defining wallet requires a description of how it operates internally. That sort of definition is not a black-box or external protocol definition, but rather an internal description of how the wallet handles the credentials, including the private key. OIDF has traditionally avoided talking about that, although i will point out that FAPI has moved more into that space. There is a DIF wg on wallet, but they seem to be floundering.

  6. Thomas Bellebaum

    A holder is not necessarily a wallet. Usually, the former refers to an entity, which may or may not be the subject of a set of claims, while a wallet refers to the storage solution of sets of claims.

    OIDF has traditionally avoided talking about that

    I agree. Even the term OpenID Provider is vague enough to refer to either an entity like Google or a piece of software implementing the specs.

    I am in favor of using holder, as it continues that trend.

  8. Kristina Yasuda

    Definition below has been introduced to the Issuance spec per Whitepaper conversation. Could we agree to use the same definition in SIOPv2 and OpenID4VP specs?

    Wallet

    Entity that receives, stores, presents, and manages Credentials and key material of the End-User. There is no single deployment model of a Wallet: Credentials and keys can both be stored/managed locally by the end-user, or by using a remote self-hosted service, or a remote third party service. In the context of this specification, the Wallet acts as an OAuth 2.0 Client (see [@!RFC6749]) towards the Credential Issuer.

  12. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
Verifiable Presentation
Milestone
Implementer's Draft
Version
Votes
0
Watchers
5
Jira: the preferred issue tracker for Bitbucket. Join the team!