Clarify selective disclosure of the evidence claim

[fmarino-ipzs]

In the current version of the Credential data model, we have a selective disclosable evidence field. We need to clarify the sub-claims included in the evidence. We don't enable nested SDs. Then the Holder can selectively disclosure the entire evidence, and it is not allowed to selectively disclose only a subset of the claims contained in the evidence.

[balanza]

My opinion:

for version 0.6.0:

• evidence can be selectively disclosed (it's obfuscated in the jwt)
• evidence's subfields cannot be selectively disclosed
• We define a fixed shape for the evidence field so we nudge Issuers to use only proper data

for next versions:

• we define a more admissive shape for the evidence field
• we define the needed granularity for evidence's subfields
• we set evidence's subfields to be selectively disclosable

[rohe]

I agree with the notion that evidence's subfield should not be selectively disclosed. To that I would like to add that one has to weigh the benefit of being able to enable nested/recursive selective disclosures against the increased complexity it will bring to the implementations.

[peppelinux]

Over the past few weeks, my team has addressed the following:

• Low stakeholder interest: We've addressed the lack of interest in the initial proposal by incorporating transparency about data origin, a key requirement in Italy.
• OpenID4IDA limitations: We've acknowledged that OpenID4IDA breaks interoperability due to its data structure and inability to include multiple "authentic sources."

To overcome these limitations, we've decided to:

• Remove OpenID4IDA from issued credentials: This will allow us to move authentic source information into the OpenID4VCI metadata.
• Provide citizens with additional information: This includes displaying the data origin during the credential issuance process, within the consent screen.

Below I share a pull request that introduces this "feature" within the OpenID4VCI metadata (and divides AS metadata from OpenID4VCI metadata as well). A subsequent pull request will modify the PID data model.

https://github.com/italia/eudi-wallet-it-docs/pull/216/files#diff-94e69d33268a4f2df6ac286d8ab2f24606e869d55c6d8ed1bc35884c14e12abaR1076