openid / connect / issues / #1496 - OIDC4VPs: Request presentation per scope value — Bitbucket

Issue #1496 resolved

Torsten Lodderstedt created an issue 2022-05-06

I suggest to add the option to request verifiable presentations via scope value in the same way this is done in OIDC4VCI.

That would mean, a credential of type “healthCard“ could be requested using a scope value “openid_presentation:healthCard”. I think this would further simplify the developer experience for the simple use cases.

Comments (9)

Torsten Lodderstedt reporter
- edited description
- 2022-05-06T13:50:23+00:00
David W Chadwick
Does this mean that DIF PE would not be needed for this type of simple use case? If so, I fully support the simplification. (It has already been stated that if the VP only contains a single VC, then PE presentation submission is unnecessary)
- 2022-05-06T18:38:50+00:00
Anthony Nadalin
I think this is a bad idea to encode the cred request type in the scope since these are not defined by namespace so different meanings. Scope is to be open.
- 2022-05-06T18:41:59+00:00
David W Chadwick
Tony I think the solution to this is registering the claim names so that they are globally unique, otherwise if they are locally defined we are back to a similar situation/problem as arose with LDAP attribute names.
- 2022-05-06T19:51:57+00:00
Torsten Lodderstedt reporter
PR #176 (change OIDC4VPs to OAuth) also contains the scope value piece. Please have a look.

@David: yes.

@Tony: the scope value is just a default for a certain PE request (like the default claim sets in Core). So if there is an issue with uniquenesses, it will exist in the respective presentation definition, too.
- 2022-05-14T13:01:30+00:00
Kristina Yasuda
Tony is making a good point. To request an mDL, the verifier needs to specify doctype, namespace and the claim names + whether these claims are issuer signed or holder-signed…
- 2022-05-19T13:39:10+00:00
Torsten Lodderstedt reporter
To me this means, the scope based approach is not suitable for this use case. I would nevertheless assume it might be useful for other use cases where the credential type is sufficient.
- 2022-05-19T14:55:41+00:00
Torsten Lodderstedt reporter
discussion on WG call on 19th of May:
- the scope values to request credential presentations can be processed independently. Also there is no assumption about scope value order.
- we need to check whether : is a suitable delimiter and does not cause implementation problems.
  - One datapoint: Microsoft uses `https://graph.microsoft.com/Calendars.Read`
‌
- 2022-05-19T15:28:03+00:00
Kristina Yasuda
- changed status to resolved
PR 258 merged
- 2022-08-13T00:49:27+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: major

Status: resolved

Component: Verifiable Presentation

Milestone: –

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!