[has-PR] Define which object should be returned for `mdl_iso_cbor`
ISO 18013-5 does not define a CDDL for mdoc or mdl. We should define which object we return in the credential
response for mdl_iso_cbor
. One candidate is the Document
object from ISO 18013-5 8.3.2.1.2.2 but without deviceSigned
. The ISO spec describes the CDDL for Document
.
Comments (8)
-
reporter -
to add a little more context.
ISO 18013-5 specifies that wallet app has to send the following to the Verifier during the presentation (SD-JWT style selective disclosure is mandatory in ISO 18013-5):
- IssuerAuth - an object signed by the issuer that contains digests of all data elements disclosed (equivalent to SD-JWT in sd-jwt IETF draft)
- IssuerSigned - an object that contains actual values of the data elements disclosed (equivalent to SVC in sd-jwt IETF draft)
- DeviceSigned - an object signed by the wallet’s/holder’s key (holder binding is mandatory)
All these three items are returned inside a
Document
object.The options of what to return during issuance are:
- only IssuerSigned
- entire Document object with DeviceSigned as Null (or inexistent)
I think I prefer the first option for cleanness?
-
reporter Yes, I would also prefer option 1. In that case we could just refer to the normative definition in ISO 18013-5 of
IssuerSigned
without additional requirements. -
- changed title to [needs-PR] Define which object should be returned for `mdl_iso_cbor`
-
- changed title to [has-PR] Define which object should be returned for `mdl_iso_cbor`
-
-
I think that this should be addressed in ISO profile of this spec, because it is very ISO specific. pending close.
-
- changed status to resolved
Migrated to GitHub
- Log in to comment
We could also use
IssuerSigned
as per ISO.