VCR: EmployeeCredential not in Nuts JSON-LD context

nuts-foundation / nuts-node

The reference implementation of the Nuts specification. A decentralized identity network based on the w3c ssi concepts with practical functionality for the healthcare domain.

https://nuts-foundation.gitbook.io

GNU General Public License v3.0

25 stars 16 forks source link

VCR: EmployeeCredential not in Nuts JSON-LD context #3176

Open reinkrul opened 5 months ago

reinkrul commented 5 months ago

The newly introduced EmployeeCredential is not in the Nuts JSON-LD context. Meaning, they can't be issued through the API (we have client-side validation there) and if someone still manages to issue it in JSON-LD format (we use JWT), the fields (name, role, identifier) won't be protected by the signature.

woutslakhorst commented 4 months ago

~~is this still correct? We can now pass holder credentials with the request-service-access-token flow. The existing context also contains a NutsEmployeeCredential.~~

This concerns the OpenID4VP user flow where the Nuts node is acting as user wallet. Since we're not going to be a user wallet, removing the rc label.

reinkrul commented 4 months ago

This also applies when performing the service-to-service flow, in which the caller wants to provide employee details. Although the v5 NutsEmpoyeeCredential could be used for that?

woutslakhorst commented 1 month ago

The NutsEmpoyeeCredential can cover any need for user claims (using schema.org namespace). Do we still need this other one?