search

decentralized-identity / credential-manifest

Format that normalizes the definition of requirements for the issuance of a credential
https://identity.foundation/credential-manifest/
Apache License 2.0
29 stars 22 forks source link

Confusion with Credential Application definition #73

Closed DRK3 closed 2 years ago

DRK3 commented 2 years ago

Hi everyone,

There's something I'm finding confusing in the Credential Application section.

It says:

The Credential Application object MUST contain a credential_application property.

and...

The Credential Application object MUST contain a presentation_submission property IF the related Credential Manifest contains a presentation_definition.

... and here's the example from the spec:

{
  "credential_application": {
    "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
    "manifest_id": "WA-DL-CLASS-A",
    "format": {
      "ldp_vc": {
        "proof_type": [
          "JsonWebSignature2020",
          "EcdsaSecp256k1Signature2019"
        ]
      }
    }
  },
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "input_1",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "input_2",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "input_3",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  }
}

It sounds like a Credential Application contains a credential_application and (optionally) also a presentation_submission.

Does this mean that a Credential Application object, when embedded in another object, would look like this, with effectively a nested "credential_application" layer?

{
  "credential_application": {
    "credential_application": {
      "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
      "manifest_id": "WA-DL-CLASS-A",
      "format": {
        "ldp_vc": {
          "proof_type": [
            "JsonWebSignature2020",
            "EcdsaSecp256k1Signature2019"
          ]
        }
      }
    },
    "presentation_submission": {
      "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
      "descriptor_map": [
        {
          "id": "input_1",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[0]"
        },
        {
          "id": "input_2",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[1]"
        },
        {
          "id": "input_3",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[2]"
        }
      ]
    }
  }
}

I noticed that the examples for the Credential Manifest and Credential Fulfillment objects have that extra outer layer, I guess because they also specify how they're supposed to be embedded in a parent object, however Credential Application doesn't specify this. I just assumed it should be credential_application... but that creates a weird sort of duplicate nesting, so I'm not exactly sure what's intended.

Thanks!

JaceHensley commented 2 years ago

Yeah the wording is confusing. "Credential Application" can be thought of as the whole object that gets sent back to the issuer, and that object has an credential_application property and conditionally a presentation_submission object. These two properties are meant to be sent back to the issuer as sibling properties in whatever envelope is being used, that envelop then becomes a "Credential Application" in addition to what it was before. For example you can make a "Verifiable Presentation" into a "Credential Application" by adding "CredentialApplication" to the type array (with the extra context too) and adding the extra "credential_application" and "presentation_definition" properties. https://identity.foundation/credential-manifest/#credential-application-2

This is similar to Presentation Exchange's "Presentation Submission", the "Presentation Submission" envelope will contain a "presentation_submission" property. Except here there's multiple fields within the "Credential Application" spec.

I know this has been brought up before as a point of confusion so I think we'd be open to suggestions on naming :)

DRK3 commented 2 years ago

@JaceHensley Thanks so much for the clarification. I'll think about naming... I'm having a hard time coming up with a better name myself, but I'll let you know if I do.

brentzundel commented 2 years ago

I believe this issue has been addressed. It will be closed in 7 days if there is no opposition.

DRK3 commented 2 years ago

Left one comment on #102: https://github.com/decentralized-identity/credential-manifest/pull/102#issuecomment-1191978259