-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Top level request object structure should be fully defined by protocol identifier #185
Comments
It seems like you are considering specifying request as being a JSON parsed version of https://www.iana.org/assignments/media-types/application/jose+json Not sure if you need agility here (for example to support more compact binary requests), but you might consider generalizing the signed request variant to support media types.
perhaps for If you are considering both signed and unsigned structured data, you might find this draft relevant to your design: https://datatracker.ietf.org/doc/draft-ietf-rats-eat-media-type/ |
As mentioned on yesterday's call - at this level, I'm in favor of continuing to treat OpenID4VP as one "protocol" and using a single protocol identifier for it. |
notes of yesterday's call copied below and noting this corresponding issue over in the OIDF's DCP WG openid/OpenID4VP#326 Issue: Top level request object structure should be fully defined by protocol identifier #185 |
Can we please consolidate the discussion on the protocol identifier for oid4vp in OID4VP? we can schedule a call dedicated to that with WICG participants? thank you. |
There was no intention to continue the discussion here. This was an issue to bring forward the initial topic for initial discussion, to gauge interest from the web platform angle. That is now complete with the creation of the issue in DCP WG. This issue will get closed out when there is closure from that discussion. |
To Do: add requirement to registry criteria (#157) |
Some protocols may have different modes / types for requests, such as signing the entire request object. This changes the top level structure of the request object in the Digital Credentials API.
OID4VP is a protocol which supports both unsigned and signed requests. For example:
OID4VP unsigned request
OID4VP signed request (proposed, not final)
So for these examples, the standard unsigned OID4VP request could just use the protocol name
openid4vp-v1
, whereas the signed request would useopenid4vp-signed-v1
(or do we always want to be explicit and not have a default mode, e.g.openid4vp-unsigned-v1
?)This would be instead of introducing another top level property to the API (such as
requestType
orrequestMode
).The registry in the spec would point to the specific portion of the protocol specification which defines that mode/type/behavior.
The text was updated successfully, but these errors were encountered: