1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

Choosing how to transfer Presentation Definitions

Issue #1440 resolved
David W Chadwick created an issue

The syntax for Presentation Definitions is being specified by DIF. Two alternative ways of transferring the PD (by value or by reference) are specified in PR #101.

OIDC4VPs needs to decide the following:

  1. Should either of the two ways be made mandatory to implement? (or should implementors be free to chose depending upon their customers' requirements)
  2. Regardless of 1, should federations be able to determine their preferred way? (If the answers to both 1 and 2 are Yes then federation RPs should be able to switch off the mandatory way)
  3. If the answer to 1. is Yes, which of the two ways should be mandatory to implement, and hence be made the default way of transferring a PD.

Comments (6)

  1. Kristina Yasuda

    During the WG call we discussed that instead of making either mandatory, we make one a default and if metadata indicates otherwise, RP can use a non-mandatory mechanism.

    I am in favor of making passing presentation_definition by value a default. As I mentioned during the call, introducing another layer of indirection by passing presentation_definition by reference opens up a room for redirection attacks. Yes, including presentation_definition by value in a request could make request large, which is why we use request_uri.

  2. Jo Vercammen

    I would not make them both mandatory, as this will make it heavy for implementing the spec. Most implementation will stick with one mechanism. I’m in favour for passing it by value, this is the most simple approach in any given implementation.

    So short answer: One mandatory option (By value)

  3. David W Chadwick reporter

    I don't want to make either mandatory. I want federations to be able to choose. If one method is chosen to be mandatory I want a federation to be able to switch it off.

    Software vendors will typically provide the method(s) that best fits their target market(s)

    BTW, we have an open source implementation of a policy server that by_reference implementations can use.

    @kristina. What is the difference in having an indirection to a request_uri or an indirection to a Presentation Definition?

  4. Michael Jones
    • changed status to open

    This was discussed during the 24-Feb-22 working group call. People are encouraged to continue discussions on the issue.

  6. mayami.87@rambler.ru

    I believe that presenting your ideas and examples in a visually appealing and professionally prepared presentation, such as a pitch deck design agency doing can greatly enhance the persuasiveness of your arguments.

  7. Log in to comment
Assignee
Type
proposal
Priority
minor
Status
resolved
Component
Verifiable Presentation
Milestone
Version
Votes
0
Watchers
1
Jira Software: the preferred issue tracker for Bitbucket. Join the team!