mahoekst
commented
3 years ago -
the presentation request is signed by a DID as well, that is an important trust you need between the user and the verier since it might ask to share important and personal information
-
You are correct, terrible user experience. We are building an API which will address that where you can get a payload in the request which has an idtokenhint which can be mapped. This way you can sign in the user on your website, use that information, do a lookup to a DB or what not to get more info and make that part of the request.
-
That demo is using OIDC SIOP, thats the standard we use to communicate with authenticator, I guess you are talking about not using the ID Tokens from an OIDC endpoint to get custom data in the VC, see answer at point 2. Working on it and we should have something public soon.
I have a couple questions about Issuing and Verifying using AD and the Authenticator.
Why do the verifier needs to know the secret when verifying a VC? I'm asking because on this video it seems like we only need to check the DID (from ION/Bitcoin) to make sure the credential is properly signed, no?
If I want to simulate a web portal where the employee is already logged in but want to issue a credential to add to his Authenticator, it seems redundant that the authenticator asks for the sign in... Can't we just issue the credential through the issue request?
What if I don't want to use OpenID standard at all to issue a VC. Like in the Alice/Contoso University scenario video -- How could I do that with my DID and add it to the Authenticator? Btw is this demo open sourced? Does it work with the authenticator?
Thank you very much and sorry if I'm posting these questions since they are not real issues. I'm adding it here since I could not find any proper place on aka.ms/didfordevs