search

w3c-ccg / vc-api

A specification for an HTTP API used to issue and verify Verifiable Credentials.
https://w3c-ccg.github.io/vc-api
Other
123 stars 46 forks source link

Proposal to Recommend Coordinators to Expose the Same Endpoints as Services #406

Open laysakura opened 1 month ago

laysakura commented 1 month ago

Based on the description in Section 3.6, I created the following diagram: (Quoted from https://laysakura.github.io/2024/07/19/vc-api-v0.3/)

image

This diagram clearly illustrates the issue I'm pointing out.

https://github.com/w3c-ccg/vc-api/blob/066f0309d2c5e8b5a2bc972a0a60464c805e1705/index.html#L401-L403

In the VC API, the Holder Coordinator initiates all flows. They request VCs from Issuers. They decide if, and when, to share those VCs with Verifiers.

However, there is almost no mention in this specification about the interfaces through which the Holder Coordinator communicates with Issuers and Verifiers.

While {Issuer, Verifier} Coordinators should certainly be allowed to have their own functions and interfaces, I propose that it should be recommended that {Issuer, Verifier} Coordinators expose all endpoints of the {Issuer, Verifier} Services.

This would allow implementers of Holder Coordinators to ensure interoperability across many {Issuer, Verifier} Coordinators.

dlongley commented 1 month ago

The Workflows and Exchanges section of the spec is for crossing trust boundaries (e.g., Holders communicating with Issuers or Verifiers):

https://w3c-ccg.github.io/vc-api/#workflows-and-exchanges

It needs to be fleshed out more from the content we have developed in various issues but haven't created PRs for yet to the spec.

msporny commented 1 month ago

The group discussed this on the 2024-07-23 telecon:

The discussion revolved around clarifying that workflows enable a caller to exchange credentials with a coordinator.

A PR should be raised to highlight the notion that workflows are used to exchange credentials across trust boundaries with issuer coordinators or verifier coordinators.