Jump to conversation
Unresolved conversations (2)
@paulbastian paulbastian Jan 7, 2025
```suggestion - The value of `OID4VPDCAPIHandoverInfoHash` MUST comply with the W3C Subresource integrity format as defined in [!W3C.SRI] (see below), e.g., `sha256-H8BRh8j48O9oYatfu5AZzq6A9RINhZO5H16dQZngK7T62em8MUt1FLm52t+eX6xO`. The `OID4VPDCAPIHandoverInfo` structure has the following elements: - The first element MUST be the UTF-8 encoded string representing the `origin` of the Verifier to protect against MITM attacks. The value for `origin` MUST be the one the web platform or app platform asserted the request was made by. - The second element MUST be the UTF-8 encoded string value of the `client_id` request parameter if the request was signed for audience binding. For unsigned requests, the value for the `client_id` MUST be derived from the `origin` value. - The third element MUST be the UTF-8 encoded string value of the `nonce` request parameter to enable session binding. ```
Outdated
openid-4-verifiable-presentations-1_0.md
awoie jogu
hlozi
Oliver Terbu, Joseph Heenan, and hlozi
@paulbastian paulbastian Jan 7, 2025
As we had the naming discussion recently, do we want these values to be OPENID4VP... to avoid confusion with Object Identifiers?
Outdated
openid-4-verifiable-presentations-1_0.md
Sakurann awoie
Kristina and Oliver Terbu
Resolved conversations (21)
@c2bo c2bo Jan 14, 2025
One of the commits somehow duplicated the line? ```suggestion ```
Outdated
openid-4-verifiable-presentations-1_0.md
@Sakurann Sakurann Jan 14, 2025
```suggestion - The first element MUST be the fixed UTF-8 encoded string `OID4VPDCAPIHandover`. This serves as a unique identifier for the handover structure to prevent misinterpretation or confusion. ``` i don't remember how 18013-5 and 18013-7 is written. this is probably less confusing since this text is outside CDDL definition
Outdated
openid-4-verifiable-presentations-1_0.md
@Sakurann Sakurann Jan 14, 2025
```suggestion * The first element MUST be the fixed UTF-8 encoded string `"OID4VPDCAPIHandover"`. This serves as a unique identifier for the handover structure to prevent misinterpretation or confusion. * The second element MUST be the `OID4VPDCAPIHandoverInfoHash`, represented as a CBOR byte string which encodes the sha-256 hash of the `OID4VPDCAPIHandoverInfo` CBOR array. * The `OID4VPDCAPIHandoverInfo` has the following elements: * The first element MUST be the UTF-8 encoded string representing the origin of the request as described in (#dc_api_request). * The second element MUST be the UTF-8 encoded string value of the effective Client Identifier as defined in (#dc_api_request). * The third element MUST be the UTF-8 encoded string value of the `nonce` request parameter. ``` because someone corrected my PR like this previously...
Outdated
openid-4-verifiable-presentations-1_0.md
@Sakurann Sakurann Jan 14, 2025
```suggestion client_id = tstr ; UTF-8 encoded string ``` same as above, re readability
openid-4-verifiable-presentations-1_0.md
@Sakurann Sakurann Jan 14, 2025
```suggestion OID4VPDCAPIHandoverInfoHash = bstr ; sha-256 hash of OID4VPDCAPIHandoverInfo ``` can we have empty lines to improve readability?
Outdated
openid-4-verifiable-presentations-1_0.md
@tlodderstedt tlodderstedt Jan 10, 2025
```suggestion - The second element MUST be the UTF-8 encoded string value of the effective Client Identifier as defined in (#dc_api_request). ```
Outdated
openid-4-verifiable-presentations-1_0.md
@tlodderstedt tlodderstedt Jan 10, 2025
Shouldn't that be the effective Client Identifier (as defined in (#dc_api_request)? I'm asking since there is no `client_id` parameter in case of an unsigned DC API request.
Outdated
openid-4-verifiable-presentations-1_0.md
awoie
Oliver Terbu
@hlozi hlozi Jan 9, 2025
Why are we using the term “audience binding”? I believe either we clarify its meaning here or we remove it altogether.
Outdated
openid-4-verifiable-presentations-1_0.md
awoie
Oliver Terbu
@c2bo c2bo Jan 9, 2025
Is there any benefit in encoding w/ base64url here or should we just use the raw Hash? ```cddl ID4VPDCAPIHandover = [ "OID4VPDCAPIHandover", ; A fixed identifier for this handover type OID4VPDCAPIHandoverInfoHash ; A cryptographic hash of OID4VPDCAPIHandoverInfo ] OID4VPDCAPIHandoverInfoHash = bstr ; sha-256 hash of OID4VPDCAPIHandoverInfo ```
Outdated
openid-4-verifiable-presentations-1_0.md
awoie
Oliver Terbu
@paulbastian paulbastian Jan 7, 2025
```suggestion The `OID4VPDCAPIHandover` structure has the following elements: ```
Outdated
openid-4-verifiable-presentations-1_0.md
@paulbastian paulbastian Jan 7, 2025
Minor nitpicking, but ISO usually has the order the other way around, going from top level to bottom consistently ```suggestion OID4VPDCAPIHandoverInfoHash = tstr ; UTF-8 encoded string for the integrity hash of OID4VPDCAPIHandoverInfo OID4VPDCAPIHandoverInfo = [ origin, client_id, nonce ] ; Array containing handover parameters client_id = tstr ; UTF-8 encoded string origin = tstr ; UTF-8 encoded string nonce = tstr ; UTF-8 encoded string ```
Outdated
openid-4-verifiable-presentations-1_0.md
@paulbastian paulbastian Jan 7, 2025
What does Integrity mean in this context? It seems confusing to me. If Hash alone isn't enough, I would rather write cryptographic hash?
Outdated
openid-4-verifiable-presentations-1_0.md
awoie
Oliver Terbu
@c2bo c2bo Jan 7, 2025
I would prefer this for readability, but not important ```suggestion OID4VPDCAPIHandoverInfo = [ origin, client_id, nonce ] ; Array containing handover parameters ```
Outdated
openid-4-verifiable-presentations-1_0.md
@timcappalli timcappalli Jan 7, 2025
```suggestion - The second element MUST be the UTF-8 encoded string value of the `client_id` request parameter if the request was signed for audience binding. For unsigned requests, the value for the `client_id` MUST be derived from the `origin` value. ``` nit
Outdated
openid-4-verifiable-presentations-1_0.md
@Sakurann Sakurann Dec 19, 2024
```suggestion * Required Wallet and Verifier Metadata parameters and their values. * The `SessionTranscript` and `Handover` CBOR structure when OpenID4VP is used with the `mdoc-oid4vp://` custom URI scheme. Also see (#non-dc-api-invocation). ``` 18013-7 does define `SessionTranscript` and `Handover` CBOR structure when OpenID4VP is used with the `mdoc-oid4vp://` custom URI scheme, so I would still mention it
Outdated
openid-4-verifiable-presentations-1_0.md
awoie
Oliver Terbu
@timcappalli timcappalli Dec 19, 2024
```suggestion - The first element MUST be the UTF-8 encoded string representing the `origin` of the Verifier to protect against MITM attacks. The value for `origin` MUST be obtained from the Digital Credentials API request. ```
Outdated
openid-4-verifiable-presentations-1_0.md
jogu timcappalli
Joseph Heenan and Tim Cappalli
@Sakurann Sakurann Dec 19, 2024
```suggestion #### Invocation without using the Digital Credentials API {#non-dc-api-invocation} If the Digital Credentials API is not used to invoke the wallet, the rules for generating the `SessionTranscript` and `Handover` CBOR structure are specified in ISO/IEC 18013-5 [ISO.18013-5] and ISO/IEC 23220-4 [ISO.23220-4]. ```
Outdated
openid-4-verifiable-presentations-1_0.md
@timcappalli timcappalli Dec 19, 2024
```suggestion If the presentation request is invoked via other methods, the rules for generating the `SessionTranscript` and `Handover` CBOR structure are specified in ISO/IEC 18013-5 [ISO.18013-5] and ISO/IEC 23220-4 [ISO.23220-4]. ```
Outdated
openid-4-verifiable-presentations-1_0.md
@timcappalli timcappalli Dec 19, 2024
```suggestion #### Invocation via other methods ```
Outdated
openid-4-verifiable-presentations-1_0.md
@timcappalli timcappalli Dec 19, 2024
```suggestion If the presentation request is invoked using the Digital Credentials API, the `SessionTranscript` CBOR structure as defined in Section 9.1.5.1 in [ISO.18013-5] MUST be used with the following changes: ```
Outdated
openid-4-verifiable-presentations-1_0.md
@timcappalli timcappalli Dec 19, 2024
```suggestion #### Invocation via the Digital Credentials API ```
Outdated
openid-4-verifiable-presentations-1_0.md