search

openid / OpenID4VCI

66 stars 19 forks source link

[has-PR] Define which object should be returned for `mdl_iso_cbor` #12

Closed OIDF-automation closed 1 year ago

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1612

Original Reporter: oterbu

ISO 18013-5 does not define a CDDL for mdoc or mdl. We should define which object we return in the credential response for mdl_iso_cbor. One candidate is the Document object from ISO 18013-5 8.3.2.1.2.2 but without deviceSigned. The ISO spec describes the CDDL for Document.

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket - Original Commenter: oterbu

We could also use IssuerSigned as per ISO.

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda

to add a little more context.

ISO 18013-5 specifies that wallet app has to send the following to the Verifier during the presentation (SD-JWT style selective disclosure is mandatory in ISO 18013-5):

All these three items are returned inside a Document object.

The options of what to return during issuance are:

  1. only IssuerSigned
  2. entire Document object with DeviceSigned as Null (or inexistent)

I think I prefer the first option for cleanness?

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket - Original Commenter: oterbu

Yes, I would also prefer option 1. In that case we could just refer to the normative definition in ISO 18013-5 of IssuerSigned without additional requirements.

OIDF-automation commented 2 years ago

Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda

PR #315

OIDF-automation commented 1 year ago

Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda

I think that this should be addressed in ISO profile of this spec, because it is very ISO specific. pending close.

Sakurann commented 1 year ago

closing for the reason above. cc @awoie @cobward