-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align with ISO/IEC 18013-7 Annex B #62
Comments
just referencing makes it hard to read as ISO specs are not publicly available |
Agreed but I think realistically even with the way it currently is you have zero chance of implementing openid4vp for mdocs without access to the ISO spec? |
I double checked the examples and I think they look actually fine now except for the COSE_Mac0 that does not match the presentation_definition but they don't have to strictly align and can be seen as two independent examples. The updated SessionTranscript from part 7 does not have an impact on COSE_Mac0 since the payload (incl. SessionTranscript) is detached and not visible in the CBOR. @Sakurann @cobward @paulbastian what do you think? |
In 18013-7, the vp_token does not contain the DeviceResponse / IssuerSigned directly, it is additionally wrapped in a JWE. But that might be fine in OID4VP since strictly speaking somebody can implement OID4VP with mso_mdoc with/without ISO 18013-7 compliance. |
Sorry, could you clarify what you mean by this..?
Yeah, I think the high level question is whether we want to enable OID4VP with mso_mdoc without 18013-7 compliance. If no, we should either remove or strictly align the mso_mdoc examples in OID4VP to 18013-7. If yes, we should define interop profile parameter per discussion in #12 asap and make it clear that examples in OID4VP for mso_mdoc are not necessarily complianet with 18013-7 |
It'd seem strange to me to have an alternative to 18013-7 for mdoc+VP unless we have clear demand for it (and I don't think we do) so I would be in favour of strictly aligning the examples. One thing that's kind of strange to me is that for all the other credential formats the oid4vp profiles are credential-contents agnostic, but for mdoc we only have an mdl profile. Should we have a generic mdoc profile in VP? |
@tlodderstedt @jogu @Sakurann it seems that the updated examples for ISO 18013-7 might take a while. I think it is important to update the section ASAP to not confuse developers. This would allow us to cut a new version before we get the updated examples and avoid developer confusion if developers look at the editor's copy or a newly created version of the draft. For that reason I created this PR #128 . |
|
Is there any update on this?
I agree, but with or without deleting the examples as #128 does it might still be a good idea to add the references. In fact, until I noticed this thread here I didn't know that ISO 18013-7 had these examples at all.
In the version of ISO 18013-7 that I have, the value of the |
I think the was just misstated a little; in the latest ISO 18013-7 the response (that contains vp_token) is a JWE. |
The examples for mdoc/mDL are currently not aligned with the latest Annex B text. We should align as soon as Annex B was published. I'd suggest referencing Annex B instead of redefining the flow for
mso_mdoc
. We can still provide some examples I believe.The text was updated successfully, but these errors were encountered: