Currently, if a VPR is used in an exchange, the exchanger assumes that an authentication proof must be present on the submitted VP and attempts verification of the VP. Instead, the exchanger should check to see if a challenge was used in the VPR or if DID Authn was requested. If so, only then should the VP proof be checked. Otherwise, the individual VCs should be checked instead.
If individual VCs are to be checked, the exchanger instance will need a zcap to enable this.
dlongley
commented
2 months ago
Currently, if a VPR is used in an exchange, the exchanger assumes that an authentication proof must be present on the submitted VP and attempts verification of the VP. Instead, the exchanger should check to see if a challenge was used in the VPR or if DID Authn was requested. If so, only then should the VP proof be checked. Otherwise, the individual VCs should be checked instead.
If individual VCs are to be checked, the exchanger instance will need a zcap to enable this.