passing credential offer by reference

Suggest we add an option to send credential offer by reference (credential_offer_uri or credential_offer object)

First reason is size of the credential offer. Not only issuer_state and pre-auth_code can be pretty large (they are in our implementation and few others I am aware of), but also the size of the credential offer itself seems to be growing with changing it to the JSON object with introduction of Credential Format Profiles in PR # 240 and also with the changes agreed in Issues ~~#1734~~ and ~~#1686~~.

Another reason is versioning. It is very hard to ensure wallets as native apps support the same version of the protocol. Even after the final publication of this standard, it will take several years to ensure that all native apps support the final version, since realistically, the implementations will start before the final publication. If Credential Offer is sent by reference, the wallet can indicate the version of the protocol it supports and the server can generate the credential offer that that wallet can handle when the GET call to the credential_offer_uri comes.

(Yet another reason mentioned during the call was ability not to expose parameters when credential offer is sent by email)

Comments (6)