Permit the use of the new query language instead of presentation exchange. #258
Conversation
Remove requirements to use the presentation exchange specification.
There was a problem hiding this comment.
I do not think this is the best way to proceed in terms of extensibility. Rather, there should be two parameters, type of query followed by the query itself. In this way we can have
type=presentation_definition_url and the query can be the URL,
type= presentation_definition and the query can be the PD,
type=oid_query_language and the query can be the new query language we are defining
This also allows other query languages to be added in future should that be necessary (and history has proved it will be, given the current evolution of PEv1, PEv1.1, PEv2, PEv2.1, OIDquery language etc.
|
@David-Chadwick we can introduce an additional type parameter later on, at this stage, all we are trying to do is to prevent adding a new query language being a breaking change if we do it in 1.1 and not 1.0. so I think the changes Martijn is proposing are actually the simplest, cleanest thing we can/should do now |
|
@Sakurann Adding the type parameter later on will be a breaking change. Adding it now will ensure extensibility in a non-breaking way for 1.1, 2, 2.1, 3 etc ad infinitum |
In principle I agree that adding a query language type parameter would be beneficial IMHO. Do you think it makes sense to introduce the query type parameter with the new query language PR? We can also add it as an optional parameter and defaulting to presentation exchange if not present - that way it would be a simple extension without any breaking changes. |
|
We should probably also adjust these lines: 244
547
Apart from that looking good imho. |
|
I think a type parameter is a separate discussion, and this PR also leaves the door open to adding a type parameter in the future (i.e. with language like 'if type isn't present look for presentation_definition parameter for backwards compatibility'). I think I am missing what the key advantage of a type parameter is over (if we really need to do it and I'm really hoping we don't) having a |
|
also agree that |
Prevent duplicates of presentation definition to be present. Clarify presence requirements for presentation_submission. Co-authored-by: Kristina <[email protected]> Co-authored-by: Joseph Heenan <[email protected]>
It provides extensibility and backwards compatibility for ever. As requirements change, it automatically meets them. It is a well known and well recognised way of adding extensibility. |
How does that cater for |
You can add a I'm not supportive of changing the query language parameter to be an array. It's adding unnecessary complexity. But I think we're off topic for this PR, anyway. |
|
I agree with @c2bo that we need to do this:
|
There was a problem hiding this comment.
This change does not say what should be present if presentation_definition and presentation_definition_uri and scope are missing. The current text allows all to be missing. A must better solution is to have a type, followed by one of these three, and then in future a new type can be added
I don't think this is a good idea. Particularly not once it was suggested that means having both type and the query as arrays and defining some new rules around that. We can instead change the language to 'If neither presentation_definition nor presentation_definition_uri nor a scope indicating a credential to be used nor any other parameter indicating what credential is being requested'. That's all that would be in scope for this PR. This language would allow 'type' to be added in the future if the working group decided to. This PR is just about giving us options later. |
|
I am ok with "If neither |
|
@David-Chadwick could you please take a look at my suggestions? |
fix typo Co-authored-by: Christian Bormann <[email protected]>
| @@ -572,11 +572,11 @@ When a VP Token is returned, the respective response MUST include the following | |||
| : REQUIRED. JSON String or JSON object that MUST contain a single Verifiable Presentation or an array of JSON Strings and JSON objects each of them containing a Verifiable Presentations. Each Verifiable Presentation MUST be represented as a JSON string (that is a Base64url encoded value) or a JSON object depending on a format as defined in Appendix A of [@!OpenID.VCI]. When a single Verifiable Presentation is returned, the array syntax MUST NOT be used. If Appendix A of [@!OpenID.VCI] defines a rule for encoding the respective Credential format in the Credential Response, this rules MUST also be followed when encoding Credentials of this format in the `vp_token` response parameter. Otherwise, this specification does not require any additional encoding when a Credential format is already represented as a JSON object or a JSON string. | |||
There was a problem hiding this comment.
Here, vp_token is still required, above it is optional.
There was a problem hiding this comment.
umm.. in the new query language, vp_token would still be present, just it's structure would change, no? PR #266 seems to be silent on the response?
There was a problem hiding this comment.
Yes, I was just saying that there was language above making VP Token optional, that's inconsistent with the REQUIRED here.
There was a problem hiding this comment.
And this definition MUST be relaxed as well when we want to allow a different structure with a new query language.
There was a problem hiding this comment.
Why has this been resolved? The definition of the VP Token is not working for the new query language right now.
There was a problem hiding this comment.
i think an incorrect statement got introduced. i am very unsure about vp token text and waiting for my other suggestion to be resolved
also wouldn't the current suggested text prohibit from using a scope parameter representing requirements using a new query language? isn't that limiting?
|
Discussed on today's call - the new query language will still use vp_token, but we have a separate issue to address vp_token #249 |
|
discussed on the wg call, agreed to modify the PR in the direction that allows to change the structure of VP Token in the future. and change |
|
and all its future versions i.e. plural |
Co-authored-by: Kristina <[email protected]>
Co-authored-by: Kristina <[email protected]>
Co-authored-by: Kristina <[email protected]>
Co-authored-by: Kristina <[email protected]>
| : A string containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when `presentation_definition` parameter, or a `scope` value representing a Presentation Definition is not present. See (#request_presentation_definition_uri) for more details. | ||
| : OPTIONAL. A string containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST NOT be present if any of the following parameters are present: a `presentation_definition` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined by this specification that indicates what credential is being requested. See (#request_presentation_definition_uri) for more details. | ||
|
|
||
| One of the following parameters MUST be present to indicate what credential is being requested: a `presentation_definition` parameter, `presentation_definition_uri` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined for that purpose by this specification and all its future versions. |
There was a problem hiding this comment.
What would be a "parameter defined for that purpose defined by this specification"?
| : A string containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST be present when `presentation_definition` parameter, or a `scope` value representing a Presentation Definition is not present. See (#request_presentation_definition_uri) for more details. | ||
| : OPTIONAL. A string containing an HTTPS URL pointing to a resource where a Presentation Definition JSON object can be retrieved. This parameter MUST NOT be present if any of the following parameters are present: a `presentation_definition` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined by this specification that indicates what credential is being requested. See (#request_presentation_definition_uri) for more details. | ||
|
|
||
| One of the following parameters MUST be present to indicate what credential is being requested: a `presentation_definition` parameter, `presentation_definition_uri` parameter, a `scope` parameter with a value representing a Presentation Definition, or any other parameter defined for that purpose by this specification and all its future versions. |
There was a problem hiding this comment.
"all its future versions." means that the parameter has to be defined by all future versions. That's certainly not intended.
|
To elaborate what I said on the call, the following should be our target: From the view of a verifier,
From the view of a wallet,
To achieve this, the current spec without this PR is fine. Edited to add:
|
And then I have a request with no query in it. So what reply do I send to the RP? Protocol error? Ignoring it is the wrong behaviour. Rather the behaviour we want is: if somebody sends a parameter with a query in a new query language, I will know this has been standardised in a future version of the standard that I have not yet implemented, so I will reply "query language not implemented" or similar |
Appreciate the write up as I think its important to describe exactly what will be normatively required here in v1.0 vs v1.1. I think the most important question to answer is could a v1.1 RP (verifier) implementation and wallet use only the new query syntax if they wanted to OR would an RP effectively have to have the credential query repeated twice in the request one in the new format and one in the old (P.E)? IMO if we take the position in 1.0 that the query syntax supported by both implementations is negotiate-able rather then fixed then we could allow v1.1 implementations to only use P.E if they so wished, without it being a breaking change. Otherwise IMO we are stuck in a situation where a P.E based query has to be in the request of every v1.x to remain backward compatible. |
|
Negotiation requires the POST request based approach, right? How should that work for the DC API? Is the RP supposed to send two request objects at once? |
|
I was wondering if we also should relax the link of
In the future it could reference the new query language |
|
The way the discussion has gone,
|
I do not think that these two statements logically follow. PE is the only query language in 1.0, this is true. But in other versions there are other languages. So if a 1.0 implementation knows this, which the 1.0 specification can make clear, then if it receives another query language it knows it is not talking to a 1.0 implementation. But this is not a breaking change, because a 1.0 implementation can code for this now. |
If PE is not mandatory in versions after 1.1, an implementation that built following 1.1 will not be able to interoperate with implementation following 1.0... |
|
superseded by #266 |
|
It depends what you mean by interoperate. If you mean, talk to each other and know how to respond with a conforming response, then it is not a breaking change. If you mean provide a set of credentials in response, then it is a breaking change. But there are many cases of the latter in the existing specification such as: support for different DIDs, different cryptographic functions, different credential schemas/formats. So support for different query formats is just one of many "breaking changes" that already exist. |
Remove requirements to use the presentation exchange specification. Resolves #255