Closed acrusage-iaik closed 2 months ago
acrusage-iaik
commented
3 months ago Just a few remarks, since this is a draft still. But wouldn't it be cleaner to create a new, separate, library for JSON Path processing? There seems to be a lot of classes involved.
Thanks! Yes, that would be a better approach, but I'm unfortunately not yet familiar with creating KMP libraries or publishing..
acrusage-iaik
commented
2 months ago @JesusMcCloud PR is now ready for review & merge (Couldn't request re-review as there has not been a review yet)
acrusage-iaik
commented
2 months ago externalisation of jsonpath looks good, but is should we not wait for the next release of the library before we continue here? (I'll try to do that today)
This should not be an issue for us The next jsonpath release only makes changes to function extensions, which we will most likely not use for now
acrusage-iaik
commented
2 months ago Great work, just some minor "editorial" changes requested
Unfortunately I also implemented other things while doing the refactoring to make the method "smaller", so I guess I'll have to re-request a review.. Sorry about that!
JesusMcCloud
commented
2 months ago To be frank: I lack the context to judge these last changes.
acrusage-iaik
commented
2 months ago To be frank: I lack the context to judge these last changes.
I removed work towards submission requirements as it wasn't polished at all, maybe it's easier to review now?
JesusMcCloud
commented
2 months ago Well now that its out, we could just bump jsonpath to 2.0.0?
This pull requests adds logic to handle a presentations more diligently, but this unfortunately leads to some changes in semantics expected from the "createPresentation" function before that. I hope the changes are reasonable, I tried following the guide from PresentationExchange at: https://identity.foundation/presentation-exchange/spec/v2.0.0/#input-evaluation
I tried to stay conform with openId4vp, but I hope that we don't need to support other presentation specifications?
Semantic changes to be approved:
Presentation Submissions now only contain matches from input descriptors.
Previously a verifiable presentation contained all the verifiable credentials with the required credential scheme, but not anymore. Each input descriptor matches to exactly one verifiable credential, and that verifiable credential must satisfy all constraint fields. This may actually break some things, as it was previously possible to present multiple AtomicCredentials at once, but after this change each AtomicCredential attribute needs to be requested separately (in separate input descriptors). -> result.vp.verifiableCredentials now always has size 1! Impacted Tests (among others):
Presentation Submissions where no fields are requested don't return any fields
Previously it seems like not requesting any claims should return all available claims, but not anymore. Impacted Tests (among others):
Scope value semantics have somewhat changed
Previously the scope values were used to deduce the requested credential schemes, but not anymore. As per openid4vp the scope values have the following semantics:
scope values are therefore only taken into consideration now in case neither presentationDefinition nor presentationDefinitionUri return a presentation definition.
Users can now define a path authorization validator
This can mainly be done by providing a default authorizer in the constructor of HolderAgent.