Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal to use aggregated/distributed claims for VCs/VPs #23

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

@tlodderstedt
Copy link
Collaborator

@tlodderstedt tlodderstedt commented Apr 12, 2021

I took the time to flush out how use of aggregated/distributed claims could look like. The nice thing with this approach is we could provide VPs/VCs as is either embedded or referenced objects as is without any embedding into new JWT claims.
Having it as a PR might be useful to compare it to the claims-based approach.

"https://www.w3.org/2018/credentials/examples/v1/AlumniCredential":[
"src1",
"src2"
],
Copy link
Collaborator

@AdamJLemmon AdamJLemmon Apr 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it common that a claim name / credential type would be mapped to multiple sources?
I am struggling to think of a situation for this...
How would the RP determine how to proceed?

Copy link
Collaborator Author

@tlodderstedt tlodderstedt Apr 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you think is reasonable? one source, multiple credentials (VP) but one credential at most one source?

Copy link
Collaborator

@AdamJLemmon AdamJLemmon Apr 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would initially think of 1 to 1 for a credential type to a credential type source?

ie. I request a Driver's License type credential and I get one src back? And that src will describe the format? It may come back as a vc_jwt... vp_jwt etc?

"_claim_sources":{
"src1":{
"format":"vp_jwt",
"value":"eyJraWQiOiJkaWQ6aW9uOkVpQzZZOV9hRGFDc0lUbFkwNkhJZDRzZUpq...5SRU16ZEdsUWR6SkdTbWNpZlgwIn0.nwxW-8GVL0msMAhZESDZkGC3U00iJgqQXyz3cpfQXIyzqD82A8Eko7nh-7U8-CZ3gl6tdLgxSJEc6nJM7G_-oQ"
Copy link
Collaborator

@Sakurann Sakurann Apr 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with Aggregated claims, vp_ldp would have to be embedded as a JWT, too?

Aggregated Claims
JSON object that MUST contain the JWT member whose value is a JWT [JWT] that MUST contain all the Claims in the _claim_names object that references the corresponding _claim_sources member.

"_claim_sources":{
"src1":{
"format":"vp_jwt",
"endpoint":"https://op.example.com/presentations/1234564",
Copy link
Collaborator

@Sakurann Sakurann Apr 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with Distributed claims, vp_ldp would have to be returned as a JWT from the endpoint?

endpoint
REQUIRED. OAuth 2.0 resource endpoint from which the associated Claim can be retrieved. The endpoint URL MUST return the Claim as a JWT.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants