New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal to use aggregated/distributed claims for VCs/VPs #23
base: main
Are you sure you want to change the base?
Conversation
"https://www.w3.org/2018/credentials/examples/v1/AlumniCredential":[ | ||
"src1", | ||
"src2" | ||
], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it common that a claim name / credential type would be mapped to multiple sources?
I am struggling to think of a situation for this...
How would the RP determine how to proceed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what do you think is reasonable? one source, multiple credentials (VP) but one credential at most one source?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would initially think of 1 to 1 for a credential type to a credential type source?
ie. I request a Driver's License type credential and I get one src back? And that src will describe the format? It may come back as a vc_jwt... vp_jwt etc?
"_claim_sources":{ | ||
"src1":{ | ||
"format":"vp_jwt", | ||
"value":"eyJraWQiOiJkaWQ6aW9uOkVpQzZZOV9hRGFDc0lUbFkwNkhJZDRzZUpq...5SRU16ZEdsUWR6SkdTbWNpZlgwIn0.nwxW-8GVL0msMAhZESDZkGC3U00iJgqQXyz3cpfQXIyzqD82A8Eko7nh-7U8-CZ3gl6tdLgxSJEc6nJM7G_-oQ" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with Aggregated claims, vp_ldp would have to be embedded as a JWT, too?
Aggregated Claims
JSON object that MUST contain the JWT member whose value is a JWT [JWT] that MUST contain all the Claims in the _claim_names object that references the corresponding _claim_sources member.
"_claim_sources":{ | ||
"src1":{ | ||
"format":"vp_jwt", | ||
"endpoint":"https://op.example.com/presentations/1234564", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with Distributed claims, vp_ldp would have to be returned as a JWT from the endpoint?
endpoint
REQUIRED. OAuth 2.0 resource endpoint from which the associated Claim can be retrieved. The endpoint URL MUST return the Claim as a JWT.
I took the time to flush out how use of aggregated/distributed claims could look like. The nice thing with this approach is we could provide VPs/VCs as is either embedded or referenced objects as is without any embedding into new JWT claims.
Having it as a PR might be useful to compare it to the claims-based approach.