Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why is HAIP looser regarding Verifier vp_formats than OID4VP? #100

Closed
joelposti opened this issue May 6, 2024 · 3 comments
Closed

Why is HAIP looser regarding Verifier vp_formats than OID4VP? #100

joelposti opened this issue May 6, 2024 · 3 comments

Comments

@joelposti
Copy link

OID4VP version 20 says in section 5.1. presentation_definition Parameter

Note: When a Verifier is requesting the presentation of a Verifiable Presentation containing a Verifiable Credential, the Verifier MUST indicate in the vp_formats parameter the supported formats of both Verifiable Credential and Verifiable Presentation.

and in section 9.1. Additional Verifier Metadata Parameters

vp_formats: REQUIRED.

HAIP version 00, on the other hand, says in section 7.2.7. Verifier Metadata.

The Verifier SHOULD add a vp_formats element to its metadata

Why is HAIP looser regarding vp_formats than OID4VP? What is the rationale behind this?

I also have questions regarding vp_formats.vc+sd-jwt.sd-jwt_alg_values and vp_formats.vc+sd-jwt.kb-jwt_alg_values. Why are they defined as optional in the same HAIP section 7.2.7. Verifier Metadata:

sd-jwt_alg_values: OPTIONAL.
kb-jwt_alg_values: OPTIONAL.

I think the optionality of vp_formats, vp_formats.vc+sd-jwt.sd-jwt_alg_values and vp_formats.vc+sd-jwt.kb-jwt_alg_values increases complexity in the wallet's end.
@paulbastian
Copy link
Collaborator

As I read it, Authorization Request in OpenID4VP does not mandate client_metadata or client_metadata_uri, which are actually used to communicate the data. Therefore the rules are meant to be: You may chose to transfer Verifier Metadata and if you do so, you MUST send vp_formats.

However, you are right, the text in HAIP should say "MUST".

However, it doesn't matter, because the SD-JWT VC specific text will move out of HAIP, as it has been moved over to OpenID4VCI directly: #96

@joelposti
Copy link
Author

joelposti commented May 7, 2024
edited
Loading

Thank you for your response!

However, it doesn't matter, because the SD-JWT VC specific text will move out of HAIP, as it has been moved over to OpenID4VCI directly: #96

What about sections 7.2.7. Verifier Metadata and 7.2.8. Presentation Definition? Surely they have been moved somewhere else since those sections are about presentation?

@joelposti joelposti changed the title Why is HAIP is looser regarding Verifier vp_formats than OID4VP? Why is HAIP looser regarding Verifier vp_formats than OID4VP? May 17, 2024
@Sakurann
Copy link
Contributor

resolved by #96, which also removed section 7.2.7 and 7.2.8 from -00 from HAIP and refers to VCI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joelposti @paulbastian @Sakurann