Permit the use of the new query language instead of presentation exchange. #258
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -241,7 +241,7 @@ that signals to the Wallet that it can make an HTTP POST request to the Verifier | |
| endpoint with information about its capabilities as defined in (#request_uri_method_post). The Wallet MAY continue with JAR | ||
| when it receives `request_uri_method` parameter with the value `post` but does not support this feature. | ||
|
|
||
| The requirements of the Credential(s) that are requested using `presentation_definition` and `presentation_definition_uri` parameters are articulated by the Verifier using a Presentation Definition JSON object as defined in Section 5 of [@!DIF.PresentationExchange]. When processing this Presentation Definition object, wallet implementations MUST process Presentation Definition JSON object and select candidate Verifiable Credential(s) using the evaluation process described in Section 8 of [@!DIF.PresentationExchange] unless implementing only a credential profile that provides rules on how to evaluate and process [@!DIF.PresentationExchange]. | ||
|
|
||
| The Verifier communicates a Client Identifier Scheme that indicate how the Wallet is supposed to interpret the Client Identifier and associated data in the process of Client identification, authentication, and authorization using `client_id_scheme` parameter. This parameter enables deployments of this specification to use different mechanisms to obtain and validate Client metadata beyond the scope of [@!RFC6749]. A certain Client Identifier Scheme MAY require the Verifier to sign the Authorization Request as means of authentication and/or pass additional parameters and require the Wallet to process them. | ||
|
|
||
|
|
@@ -252,10 +252,12 @@ This specification enables the Verifier to send both Presentation Definition JSO | |
| This specification defines the following new parameters: | ||
|
|
||
| `presentation_definition`: | ||
| : OPTIONAL. A string containing a Presentation Definition JSON object. See (#request_presentation_definition) for more details. This parameter MUST NOT be present if any of the following parameters are present: a `presentation_definition_uri` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined by this specification that indicates what credential is being requested. | ||
|
|
||
| `presentation_definition_uri`: | ||
| : OPTIONAL. A string containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST NOT be present if any of the following parameters are present: a `presentation_definition` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined by this specification that indicates what credential is being requested. See (#request_presentation_definition_uri) for more details. | ||
|
|
||
| One of the following parameters MUST be present to indicate what credential is being requested: a `presentation_definition` parameter, `presentation_definition_uri` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined for that purpose by this specification and all its future versions. | ||
|
There was a problem hiding this comment. "all its future versions." means that the parameter has to be defined by all future versions. That's certainly not intended. |
||
|
|
||
martijnharing marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| `client_id_scheme`: | ||
| : OPTIONAL. A string identifying the scheme of the value in the `client_id` Authorization Request parameter (Client Identifier scheme). The `client_id_scheme` parameter namespaces the respective Client Identifier. If an Authorization Request uses the `client_id_scheme` parameter, the Wallet MUST interpret the Client Identifier of the Verifier in the context of the Client Identifier scheme. If the parameter is not present, the Wallet MUST behave as specified in [@!RFC6749]. See (#client_metadata_management) for the values defined by this specification. If the same Client Identifier is used with different Client Identifier schemes, those occurrences MUST be treated as different Verifiers. Note that the Verifier needs to determine which Client Identifier schemes the Wallet supports prior to sending the Authorization Request in order to choose a supported scheme. | ||
|
|
@@ -544,7 +546,7 @@ If the Verifier responds with any HTTP error response, the Wallet MUST terminate | |
|
|
||
| # Response {#response} | ||
martijnharing marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| A VP Token MUST be returned when the corresponding Authorization Request contained a `presentation_definition` parameter, a `presentation_definition_uri` parameter, or a `scope` parameter representing a Presentation Definition (#vp_token_request). | ||
|
|
||
| VP Token can be returned in the Authorization Response or the Token Response depending on the Response Type used. See (#response_type_vp_token) for more details. | ||
|
|
||
|
|
@@ -572,11 +574,11 @@ When a VP Token is returned, the respective response MUST include the following | |
| : REQUIRED. JSON String or JSON object that MUST contain a single Verifiable Presentation or an array of JSON Strings and JSON objects each of them containing a Verifiable Presentations. Each Verifiable Presentation MUST be represented as a JSON string (that is a Base64url encoded value) or a JSON object depending on a format as defined in Appendix A of [@!OpenID.VCI]. When a single Verifiable Presentation is returned, the array syntax MUST NOT be used. If Appendix A of [@!OpenID.VCI] defines a rule for encoding the respective Credential format in the Credential Response, this rules MUST also be followed when encoding Credentials of this format in the `vp_token` response parameter. Otherwise, this specification does not require any additional encoding when a Credential format is already represented as a JSON object or a JSON string. | ||
|
There was a problem hiding this comment. Here, vp_token is still required, above it is optional. There was a problem hiding this comment. umm.. in the new query language, vp_token would still be present, just it's structure would change, no? PR #266 seems to be silent on the response? There was a problem hiding this comment. Yes, I was just saying that there was language above making VP Token optional, that's inconsistent with the REQUIRED here. There was a problem hiding this comment. And this definition MUST be relaxed as well when we want to allow a different structure with a new query language. There was a problem hiding this comment. Why has this been resolved? The definition of the VP Token is not working for the new query language right now. |
||
|
|
||
| `presentation_submission`: | ||
| : OPTIONAL. The `presentation_submission` element as defined in [@!DIF.PresentationExchange]. It MUST be present if any of the following parameters were present in the request: a `presentation_definition` parameter, a `presentation_definition_uri` parameter, or a `scope` parameter with a value representing a Presentation Definition. It contains mappings between the requested Verifiable Credentials and where to find them within the returned VP Token. This is expressed via elements in the `descriptor_map` array, known as Input Descriptor Mapping Objects. These objects contain a field called `path`, which, for this specification, MUST have the value `$` (top level root path) when only one Verifiable Presentation is contained in the VP Token, and MUST have the value `$[n]` (indexed path from root) when there are multiple Verifiable Presentations, where `n` is the index to select. Additional parameters can be defined by Credential Formats, see (#alternative_credential_formats) for details. | ||
|
|
||
| Other parameters, such as `state` or `code` (from [@!RFC6749]), or `id_token` (from [@!OpenID.Core]), and `iss` (from [@RFC9207]) can be included in the response as defined in the respective specifications. `state` values MUST only contain ASCII URL safe characters (uppercase and lowercase letters, decimal digits, hyphen, period, underscore, and tilde). For the implementation considerations of a `state` parameter, see (#state_management). | ||
|
|
||
| When the `presentation_submission` element is present, it MUST be included as a separate response parameter alongside the VP token. Clients MUST ignore any `presentation_submission` element included inside a Verifiable Presentation. | ||
|
|
||
| Including the `presentation_submission` parameter as a separate response parameter allows the Wallet to provide the Verifier with additional information about the format and structure in advance of the processing of the VP Token, and can be used even with the Credential formats that do not allow for the direct inclusion of `presentation_submission` parameters inside a Credential itself. | ||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What would be a "parameter defined for that purpose defined by this specification"?