search

peppelinux / draft-demarco-oauth-status-assertions

OAuth 2.0 Status Assertions for Digital Credentials
Other
4 stars 4 forks source link

credential_hash within the status.status_assertion #66

Open peppelinux opened 3 weeks ago

peppelinux commented 3 weeks ago

to simplify the implementation we may think to add the credential_hash directly in the status object representing the support of status assertion

this would avoid the calculation of the hash by the wallet instance that may only validate the computed hash

{
    "vct": "https://credentials.example.com/identity_credential",
    "given_name": "John",
    "family_name": "Doe",
    "email": "johndoe@example.com",
    "phone_number": "+1-202-555-0101",
    "address": {
      "street_address": "123 Main St",
      "locality": "Anytown",
      "region": "Anystate",
      "country": "US"
    },
    "birthdate": "1940-01-01",
    "is_over_18": true,
    "is_over_21": true,
    "is_over_65": true,
    "status": {
       "status_assertion": {
           "credential_hash_alg": "sha-256",
           "credential_hash": ..........,
       }
    }
   }
peppelinux commented 3 weeks ago

as discussed with @OR13 this cannot be done and this reminds us why we didn't make it

we cannot evaluate an hash and put its value about something that is contained in the payload where the hash must be evaluated from

a circular dependency breaks the approach