- edited description
OIDC4VPs: Request presentation per scope value
I suggest to add the option to request verifiable presentations via scope value in the same way this is done in OIDC4VCI.
That would mean, a credential of type “healthCard“ could be requested using a scope value “openid_presentation:healthCard”. I think this would further simplify the developer experience for the simple use cases.
Comments (9)
-
reporter -
Does this mean that DIF PE would not be needed for this type of simple use case? If so, I fully support the simplification. (It has already been stated that if the VP only contains a single VC, then PE presentation submission is unnecessary)
-
I think this is a bad idea to encode the cred request type in the scope since these are not defined by namespace so different meanings. Scope is to be open.
-
Tony I think the solution to this is registering the claim names so that they are globally unique, otherwise if they are locally defined we are back to a similar situation/problem as arose with LDAP attribute names.
-
reporter PR #176 (change OIDC4VPs to OAuth) also contains the scope value piece. Please have a look.
@David: yes.
@Tony: the scope value is just a default for a certain PE request (like the default claim sets in Core). So if there is an issue with uniquenesses, it will exist in the respective presentation definition, too.
-
Tony is making a good point. To request an mDL, the verifier needs to specify doctype, namespace and the claim names + whether these claims are issuer signed or holder-signed…
-
reporter To me this means, the scope based approach is not suitable for this use case. I would nevertheless assume it might be useful for other use cases where the credential type is sufficient.
-
reporter discussion on WG call on 19th of May:
- the scope values to request credential presentations can be processed independently. Also there is no assumption about scope value order.
-
we need to check whether
:
is a suitable delimiter and does not cause implementation problems.- One datapoint: Microsoft uses `https://graph.microsoft.com/Calendars.Read`
-
- changed status to resolved
PR 258 merged
- Log in to comment