Open llorllale opened 4 years ago
During yesterday's call there seemed to be confusion and/or disagreement around whether this is a problem or not.
First, we need to be clear and aligned on the model we are demonstrating here.
When we say "an issuer issues a credential to the user" in this demo, we are:
Since in this model there are no third parties involved, there is no one else for the user to delegate authority unto.
After the user has logged in, the issuer offers the capability to "download their credential" via an onscreen button. The user clicks on that button and the issuer fetches the data and transfers it over to the user's agent.
This is akin to downloading a digital copy of your credit card statement from your bank. After you log in, you just click the download button and viola.
@llorllale Currently the issuer (CMS) contains multiple sets of data for the user and the user is giving consent to the issuer to release (create credential for) certain set of data (represented by scope). This was original requirement from @troyronda. We may not need it any more, however @troyronda has to confirm it.
@sandrask
Currently the issuer (CMS) contains multiple sets of data for the user and the user is giving consent to the issuer to release (create credential for) certain set of data
I see three parties mentioned here: the user, an issuer of a credential, and a third party collecting and producing the user's data.
Introducing the third party just seems like a demonstration of the OAuth2 auth code flow... which is not very useful in this leg of the demo's flow.
During the process of connecting the issuer adapter with the user's wallet, the user is asked for their consent:
Click to expand
![image](https://user-images.githubusercontent.com/2019896/87990203-8f466980-cab1-11ea-9d25-ddc141ddb538.png)This screen should either be hidden altogether from the user or refactored to make it look like the user is approving Terms+Conditions. Or some other creative solution.
The problem with this screen right now are: