Proposed alterations to how optionality is handled in query language (Approach 3) #281
Conversation
tplooker
force-pushed
the
tl/vp-query-language-3+
branch
2 times, most recently
from
755035f to
8caad42
Compare
tplooker
force-pushed
the
tl/vp-query-language-3+
branch
from
8caad42 to
d23be71
Compare
|
I'm not clear how the use cases I mentioned in #266 (comment) would work here.
I think this actually makes some cases harder, by forcing them to happen at credential selection time. In particular in the browser API because the credential selection has already happened by the time the wallet gets invoked, it seems like it leaves the wallet with nothing it needs to communicate with the user about as the only choice at that stage is "release selected credentials or don't". Trying to process the approach in this PR so that responsibility is divided between the wallet and the system credential selector actually feels harder for the wallet to me than the current approach. I'm personally currently finding the "select credentlals then deal with what claims will be shared" model in the existing PR mentally easier as well as being more expressive / covering more use cases. |
|
I've included an example here #266 (comment) |
|
discussed on the wg call. i think the asks were:
|
|
Post the WG call this morning I've done the following
|
|
Additionally here is some more detailed rationale for this change With the syntax in the original proposal optionality is expressed at both the claim and credential level, which leads to several UX challenges. The main issue boils down to how complex the consenting process would have to be in order to support optionality at both levels. For example optional claims would likely mean three possible different options
Instead if we step back and consider when a verifier is making a request for some claims that are optional to return, the group of optional claims being requested likely has a purpose (in the case there is more then one) and being able to group these optional claims and in future attach a purpose to that request is a useful UX simplification. Requests can shift from the framing of I want your "first_name", "last_name" and "birth_date" and optionally your "resident_address", "resident_state" and "resident_country" attributes from your mDL. Which could lead to any combo of returned attributes such as Possible Response 1 "first_name", "last_name", "birth_date", "resident_address", "resident_state" and "resident_country" Which if the verifier needed all three of "resident_address", "resident_state" and "resident_country" attributes to prove address, all but the first example response would be useless and actually result in a privacy issue because additional information (a partial address) could have been revealed to the verifier for no reason. To the framing of I want "proof of your ID" which involves sharing the "first_name", "last_name" and "birth_date" from your mDL AND optionally I want "proof of your address" which involves sharing the "resident_address", "resident_state" and "resident_country" attributes from your mDL. Where the only two possible successful responses are Possible Response 1 "first_name", "last_name", "birth_date", "resident_address", "resident_state" and "resident_country" OR Possible Response 2 "first_name", "last_name", "birth_date" |
tplooker
changed the title
|
I will argue that the revised reframing I want "proof of your ID" which involves sharing the "first_name", "last_name" and "birth_date" from your mDL AND optionally I want "proof of your address" so that we can post you a receipt which involves sharing the "resident_address", "resident_state" and "resident_country" attributes from your mDL. In addition the original service could be included as the purpose for requesting the mandatory attributes, but this may not be necessary if we can assume that the user already knows the service that s/he is requesting. |
| {"id": "e", "path": ["date_of_birth"]}, | ||
| {"id": "f", "path": ["email"]} | ||
| ], | ||
| "claim_sets": [ // defines the rules |
There was a problem hiding this comment.
@tplooker I think you wanted to remove claim_sets? For a fair comparison, please modify all examples so that it is not being used any longer.
| ], | ||
| "claim_sets": [ | ||
| ["current", "legacy?"] | ||
| ["current"] |
There was a problem hiding this comment.
As long as claim_sets is preserved, the ? semantic is still here, but hidden. Either we remove claim_sets or we should keep ? as an option.
| ["a", "b", "e", "f?!"], | ||
| ["a", "c", "d", "e", "f?!"] | ||
| // Note: the ?! to mark a claim as `required if present` is syntactical sugar; the rules could be rewritten without it, but that would require a lot of repetition |
There was a problem hiding this comment.
so this basically allows optionality around claim "c", even without ? syntax. so if we are removing optionality at the claim level, entireclaim_sets needs to be removed
| }, | ||
| "claims": [ | ||
| { | ||
| "id": "given_name", |
tlodderstedt
left a comment
tlodderstedt
left a comment
There was a problem hiding this comment.
I think the claim_set can and should be dropped. The combinations can be expressed on the ' credentials' level. That is sufficient and would simplify the syntax.
| }, | ||
| "claims": [ | ||
| { | ||
| "id": "given_name", |
| "claims": [ | ||
| { | ||
| "id": "given_name", | ||
| "namespace": "org.iso.18013.5.1", |
There was a problem hiding this comment.
add flag "provideIfAvailable" : true to imitate Daniel's ?! feature?
Sakurann
dismissed
tlodderstedt’s stale review
Torsten verbally agreed to merge this PR and review another PR once daniel applies torsten's suggested changes
|
Agreed on the WG call that in a new query language, we will:
for the sake of making progress, merging this PR and @danielfett will apply full set of these changes in his PR. no consensus on value matching. |
| Claims postfixed by `?!` have to be provided by the Wallet if they exist on | ||
| the matched Credential. The order of the options conveyed in the `claim_sets` | ||
| array expresses the Verifiers preference for what is returned. A wallet MUST | ||
| prioritise returning the most preferred option. |
There was a problem hiding this comment.
| prioritise returning the most preferred option. | |
| prioritize returning the most preferred option. |
As per #266 (comment) I also believe that optionality at the credential level as well as the claims level leads to difficult UX challenges and doesn't provide much value.
What I propose we do is elevate things so there is in effect only one level of optionality that a wallet would need to communicate to a user about, which is at the "credential set query" level (not sold on that name I believe "usecase" might be a better descriptor here).
The main things I have done in this PR is
credential_setslevel to handle optional queries instead.The easiest way to grok the difference from a syntax perspective IMO is through modification of the credentials_alternatives.json example
Note - I've included the
purposeproperty mainly to help in understanding the examples, it hasn't been defined in spec text and we will likely want to remove it (if/before) this PR is to be merged or shift away from a free text field as way of conveying purpose.