Adoption of the "OpenID Connect for W3C Verifiable Credential Objects"
Issue #1229
resolved
SIOP SC recommended the adoption of “OpenID Connect for W3C Verifiable Credential Objects” [1] as a working group item.
[1] http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210505/a198527a/attachment-0001.pdf
Some concerns were expressed by a few WG members.
This ticket is to give an opportunity for those members to express their concerns and proposers to reply to them.
There are a few criteria for non-adoption of documents: namely
- If the draft does not fall into the scope of the WG.
-
If the draft is overlapping with existing drafts, the technical content should be raised as an issue and eventually result in PR rather than starting a new draft.
- NOTE: A non-overlapping portion can be made as an independent document so proposers should consider creating such.
-
If there is a legal or reputational risk for the OIDF in adopting the document. (The board may intervene on this ground.)
If the issues are only on the technical nature of the proposed draft that does not fall into the above criteria, then, it should be dealt with during and after the adoption of the document.
Comments (5)
-
-
reporter
- changed status to open
According to the discussion on the Monday call, there seems to be some overlap with the Claims Aggregation draft.
The relevant overlapping portions should be brought into that draft. @Edmund Jay and @Tobias Looker need to be circled in. (They cannot attend the SIOP SC that is happening at the Atlantic timezone due to their location.)
-
As already expressed in the list I fail to see the overlap. OIDC4VCO does not use aggregated claims. Based on WG and community feedback the draft uses special claims and a new vp token. OIDC4VCO also adds request syntax for VPs, which is not present in claims aggregation.
I would like to ask those WG members seeing an overlap between claims aggregation and OIDC4VCO to describe how the use cases as described in OIDC4VCO’s use case section shall be implemented using claims aggregation.
-
I believe the most straightforward and productive path forward will be to adopt this draft as-is, have people read both it and the Claims Aggregation draft, and decide later whether to merge them if the working group believes that the combined draft would have advantages over the individual drafts.
Note that the working group has shown willingness to do so in the past. For instance, we used to have OpenID Connect Messages and OpenID Connect Standard drafts (https://openid.net/specs/openid-connect-messages-1_0.html and https://openid.net/specs/openid-connect-standard-1_0.html) which we merged to create OpenID Connect core. We can do this again if doing so makes sense.
-
- changed status to resolved
This draft was adopted on 17-May-21 and is posted at https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html .
- Log in to comment
There is no legal or reputational risk for OIDF.
Explanation If there is no change in the documents given by an OIDF certification body, it means that there is no risk.