Closed OR13 closed 4 years ago
We may consider this ticket resolved once we have some comments of the feasibility of QR Code support for OIDC SIOP from some wallet implementers.
https://github.com/hellobloom/share-kit-react
^ Bloom library for handling QR Codes.
We're also looking for ways to make the QR less dense so it works on lower res displays. See PR here: https://github.com/hellobloom/share-kit/pull/60
basically the request data would be at a payload URL within the QR. this will allow us to get super granular about when claims were issue and by whom (whitelist, blacklist)
@ipatka I think there's merits to this approach. There's also been some attempts to handle this via a rotating QR code to make the QR like a stream of data. Here's an example: https://github.com/digitalbazaar/qram
One of the considerations of using a link in a QR code is that it has potential analytics concerns. For example, when using bit.ly links bit.ly provides analytics data around the usage of the link to the creator. Do we want to try to prevent the url used from being able to analyze usage in order to account for privacy considerations or should we address these aspects at a later time?
Streaming QRs are a cool solution. Regarding analytics I had imagined that the recipient requesting the data would also host the endpoint with the payload. But I suppose if they were using a standard request they might use a link someone else created. Definitely worth considering.
qram is interesting, but I'd like us to focus on simple static QR Codes for first phase.
A few years ago we had a discussion on streaming QR codes in one of the ISO groups I was participating. There are some patents that need to be considered there.
I think this is essentially blocked by Hubs / EDV / DIDComm... Credential size limits will prevent direct transfer by QR Codes.
Let use consider the case of using OIDC SIOP QR Codes, separate from potential DIDComm QR Codes.
OIDC SIOP does not have a concrete implementation yet: https://github.com/decentralized-identity/interop-project/issues/14
In order to complete one, we need to commit to the QR Codes and share enough information about the implementation to support Identity Wallet providers.
The specific handling of the QR Codes is according to the spec