[Openid-specs-ab] Issue #1599: Do not limit Dynamic Credential Requests to OpenID4VP (openid/connect)
Thomas Bellebaum
issues-reply at bitbucket.org
Tue Aug 16 08:58:30 UTC 2022
New issue 1599: Do not limit Dynamic Credential Requests to OpenID4VP
https://bitbucket.org/openid/connect/issues/1599/do-not-limit-dynamic-credential-requests
Thomas Bellebaum:
From the current spec:
> The Issuer MUST utilize \[@OpenID4VP\] to dynamically request additional Credential Presentations
From RFC 2119 \(Defining “MUST”\):
> Imperatives of the type defined in this memo must be used with care
>
> and sparingly. In particular, they MUST only be used where it is
>
> actually required for interoperation or to limit behavior which has
>
> potential for causing harm \(e.g., limiting retransmisssions\) For
>
> example, they must not be used to try to impose a particular method
>
> on implementors where the method is not required for
>
> interoperability.
It is unclear to me why exactly any presentations must be exchanged using OpenID4VP, and why other protocols may not be used. The only interaction with OpenID4VCI are the `wallet_issuer` and `user_hint` request parameters, which exist exclusively to support OpenID4VP. As long as other protocols for presentation exchanges can be employed, this should be possible.
As a potential use-case: Assume I have several wallets on my phone, into one of which I would like to import my university diploma. To retrieve it however, I need to present my state id card, which uses its own wallet \(for whatever reasons\) and does not even use OpenID4VP, but its own custom protocol.
More information about the Openid-specs-ab
mailing list