search

w3c / charter-drafts

Draft W3C WG and CG charters for public review
https://w3c.github.io/charter-drafts/charter-template.html
41 stars 59 forks source link

[wg/fedid] success criteria of Digital Credentials API may over-commit on document formats #541

Open npdoty opened 1 week ago

npdoty commented 1 week ago

In order to advance to Proposed Recommendation, the Digital Credential API must demonstrate support for at least two formats (e.g., W3C Verifiable Credentials, ISO mDoc).

I'm not sure there is consensus on which formats or whether multiple formats will be supported.

I would be concerned about committing to support of the ISO mDoc format or associated protocols, as those specs aren't easily publicly accessible, and haven't gone through our privacy reviews.

samuelgoto commented 1 week ago

committing to support of the ISO mDoc format or associated protocols

If we removed from the text the reference to e.g. ISO mDocs, but kept the requirement of at least two formats, would that address your concern (of the fact that those specs aren't easily publicly accessible)?

npdoty commented 1 week ago

Are there multiple formats beyond W3C VC and ISO mDoc being considered?

samuelgoto commented 1 week ago

Are there multiple formats beyond W3C VC and ISO mDoc being considered?

I think any format that is usable by OpenID4VP is fair game to be considered [0].

I think it would be fair to say that ISO mDocs does come up more often than not, specifically in the context of European deployments, but I don't think we need to, as you suggest, "over-commit" on a specific one (whereas I do believe that we should "over-commit" on the fact that the WG should assume that there will be more than one).

[0]

https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#name-overview

This specification supports any Credential format used in the Issuer-Holder-Verifier Model, including, but not limited to those defined in [VC_DATA] (VCDM), [ISO.18013-5] (mdoc), [I-D.ietf-oauth-sd-jwt-vc] (SD-JWT VC), and [Hyperledger.Indy] (AnonCreds). Credentials of multiple formats can be presented in the same transaction. The examples given in the main part of this specification use W3C Verifiable Credentials, while examples in other Credential formats are given in Appendix A.

simoneonofri commented 6 days ago

Hi all,

This is the latest PR to integrate also the OpenID4VP thing.

https://github.com/w3c/charter-drafts/pull/542

We'll review today in the call

npdoty commented 6 days ago

My concern was that the group might choose to support formats that don't provide the necessary privacy capabilities for selective disclosure or unlinkable presentation or formats that aren't publicly accessible or haven't received broad review for issues like privacy.

The charter could commit the group to coming up with a design agnostic to formats, but also note that it should only support formats that satisfy the group's requirements.

samuelgoto commented 6 days ago

The charter could commit the group to coming up with a design agnostic to formats, but also note that it should only support formats that satisfy the group's requirements.

I think this would work.