<div><span style="color:rgb(49,49,49);word-spacing:1px">Inconsequential, but it’s already the second time I see it spelled this way so I can’t help pointing out that it’s “Pareto” principle :)</span><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 16, 2022 at 11:09 David Chadwick via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<p><strong>This message originated outside your organization.</strong></p><br>
<hr><br>
</div>
<p><br>
</p>
<div>On 16/05/2022 18:31, George Fletcher
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">That's very helpful! So for this to work, both
the RP and the Wallet(s) have to implement this complex logic
and somehow turn it into something easy for the user :)</div>
</div>
</blockquote>
<p>Which is why DIF PEv2 has adopted the Piretto Principle of
satisfying 80% of requirements with 20% of the implementation
effort (i.e. it covers conjunctive requests and selective
disclosure). Whether disjunctive requests will become predominant
or not is too early to say. Whether implementors will decide the
extra effort is worth it or not will depend upon many factors, and
again is too early to tell.<br>
</p>
<p>Kind regards</p>
<p>David</p>
<p>p.s. You many find that some implementors already have their own
proprietary ways of specifying more complex disjunctive forms in
easy to implement and use ways.<br>
</p></div><div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"> I suspect we have a bunch of work to do in this
regard though maybe that isn't specification work and just
rather implementation work to differentiate solutions?<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"5","compose-window":{"secure":false}}"></div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 16, 2022 at 1:27
PM David Chadwick <<a href="mailto:d.w.chadwick@verifiablecredentials.info" target="_blank">d.w.chadwick@verifiablecredentials.info</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi George<br>
</p>
<div>On 16/05/2022 17:48, George Fletcher wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">Thanks Torsten and David. I think you
are getting to the crux of my question at the end of
your response David. The Verifier/RP is willing to
accept a DoB from a Driver’s license, Passport and a
financial institution but not the Boy Scouts. </div>
<div dir="auto"><br>
</div>
<div dir="auto">How does the Verifier/RP specify those
constraints in the Request?</div>
</blockquote>
<p>This gets more complicated because now you have a
disjunctive request. So the RP will specify 3
alternative filters, one for the DL type, one for the
Passport type, and one for whatever type banks issue
that contain your DoB.</p>
<p>To do this you need to use the group extension of DIF
PE, put each filter in a different group (A, B and C)
and then specify a presentation submission saying that
only one of these needs to be returned, by using the
from_nested construct.</p>
<p>Personally I think that the way disjunctive requests
are specified in DIF PE is not the most elegant way, nor
is it in disjunctive normal form, but it does allow to,
for example, say pick 2 from 5, which is long winded
using normal forms.</p>
<p>On the plus side, DIF PE does allow the RP to specify
any arbitrarily complex set of requirements (by an
equally complex construct)<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p>
<blockquote type="cite">
<div dir="auto"> Or is this a multiple step process
where the RP asks for a DoB and then gets one it won’t
accept and asks again requiring the user to choose a
different credential with the same claim?</div>
<div dir="auto"><br>
</div>
<div dir="auto">It’s fine if this level of
standardization isn’t happening yet.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks,</div>
<div dir="auto">George</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 16,
2022 at 12:31 PM David Chadwick via
Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi George</p>
<p>I can supplement what Torsten said below by
adding that multiple different types of
credentials might have the same schema. For
example, a credit card schema could be used by
Amex, Visa and Mastercard types. So instead of
filtering on the credentialSchema property,
which could cover several different types of
credential, you might prefer to filter on the
"type" property, which should be more narrowly
scoped to just one type of credential. Note
that it is unlikely that driving license and
passport types, which both contain the DoB
property, will use the same credentialSchema,
so filtering on the latter would not work for
DoB in this case.</p>
<p>Ultimately the RP has to decide what type of
credential it is willing to accept. (It might
not accept a boys scout credential for
providing DoB)<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p>
</div>
<div>
<div>On 16/05/2022 16:56, Torsten Lodderstedt
via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"> Hi George,
<div>
<div><br>
<blockquote type="cite">
<div>Am 16.05.2022 um 15:54 schrieb
George Fletcher via Openid-specs-ab
<<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>:</div>
<br>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>What would I use in the current
spec as a relying party to inform
the wallet that I need an "age
over 13“ claim </div>
</div>
</div>
</blockquote>
<div><br>
</div>
First of all you need to request that
contains such a claim. We use Presentation
Exchange as language for that, in this
case the so-called
presentation_definition. </div>
<div><br>
</div>
<div>It may restrict the desired result by
defining a constraint, in this case over
the credentialSchema. The following
requests an „idcard" credential. </div>
<div><br>
</div>
<div>"presentation_definition":{<br>
"constraints": {<br>
"fields": [<br>
{<br>
"path": [<br>
"$.<a href="https://urldefense.com/v3/__http://credentialSchema.id__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAQ4apws8$" target="_blank">credentialSchema.id</a>"<br>
],<br>
"filter": {<br>
"type": "string",<br>
"pattern": "<a href="https://urldefense.com/v3/__https://example.org/idcard__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAp8DP56Y$" target="_blank">https://example.org/idcard</a>"<br>
}<br>
}<br>
]<br>
}<br>
}<br>
<br>
Note: the concrete paths and patterns
depend on the credential format (here
JSON-LD/LD Proofs). <br>
<div><br>
</div>
<div>You may also explicitly request a
certain claim by defining a further
path, such as </div>
<div><br>
</div>
{"path":["$.values.is_over_13"]}, </div>
<div><br>
</div>
<div>This would require a „is_over_13“
booelan claim to be present in the
credential. </div>
<div><br>
</div>
<div>Something more generic could perhaps be
implemented using PE`s predicate feature.
I assume the support of this feature
depends on certain credential format &
crypto suite capabilities. Here is a (made
up) example:</div>
<div><br>
</div>
<div>{<br>
"path":[<br>
"$.dob"<br>
],<br>
"filter":{<br>
"type":"number",<br>
"min":1242489139<br>
}<br>
}
<div><br>
</div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>and it can be form one of N
issuers that the Verifier/RP
trusts? </div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>The recommended way is to use a claim
in the credential conveying the trust
framework/federation the issuer shall
belong to. Here is an example: </div>
<div><br>
</div>
<div>
<div>{</div>
<div> "vp_token": {</div>
<div> "presentation_definition":
{</div>
<div> "id":
"32f54163-7166-48f1",</div>
<div> "input_descriptors": [</div>
<div> {</div>
<div> "id":
"federationExample",</div>
<div> "purpose": "To
pick a UK university that is a member
of the UK academic federation",</div>
<div> "constraints":
{</div>
<div> "fields":
[,</div>
<div> <b>{</b></div>
<div><b>
"path": [</b></div>
<div><b>
"$.termsOfUse.federations"</b></div>
<div><b>
],</b></div>
<div><b>
"filter": {</b></div>
<div><b>
"type": "string",</b></div>
<div><b>
"const": "<a href="https://urldefense.com/v3/__http://ukuniversities.ac.uk__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAAcUYuKc$" target="_blank">ukuniversities.ac.uk</a>"</b></div>
<div><b>
}</b></div>
<div><b> }</b></div>
<div> ]</div>
<div> }</div>
<div> }</div>
<div> ]</div>
<div> }</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div>The verifier will need to check
that relationship using a registry. </div>
<div><br>
</div>
</div>
<div>There is text about this in the spec
at <a href="https://urldefense.com/v3/__https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html*name-support-for-federations-tru__;Iw!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UA1GqAZ4U$" target="_blank">https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru</a></div>
<div><br>
</div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>I'm losing that context in all
the JSON examples :)</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I hope that helps. </div>
<div><br>
</div>
<div>best regards,</div>
<div>Torsten. </div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div>George<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div style="font-family:optimist,Arial,Helvetica,sans-serif;font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px;color:rgb(28,43,57)"><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" style="vertical-align:middle;border-style:none;width:80px;height:28px;max-width:80px;display:block;font-size:14px;font-weight:600;font-family:Optimist;color:rgb(1,61,91)" width="80"></div>
<div>
<div style="font-size:14px;line-height:1.5em;font-weight:600;color:rgb(1,61,91);margin:0px">George
Fletcher (he/him)</div>
<p style="margin:0px 0px 16px;font-size:12px;line-height:16px;white-space:nowrap;color:rgb(1,61,91)">Executive
Distinguished Engineer •
Identity Architect<br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align:middle;border-style:none;width:8px;margin-right:3px"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><span style="font-family:optimist,Arial,Helvetica,sans-serif"><a href="https://urldefense.com/v3/__https://www.google.com/maps/search/8020*Towers*Crescent*0D*0A**cDrive,*Vienna,*VA?entry=gmail&source=g__;KyslJSsrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr!!FrPt2g6CO4Wadw!I1LiQ9hb4bDIBa3aH7cH0kXKero7Ge3TQLVMETZeJJjLtmMV5bIkLycDEMr8DE0j9j-4NmeRKaZR744QhQIEwT3kiqCWnVyBDMObcuggvW4AdA$" style="font-family:optimist,Arial,Helvetica,sans-serif" target="_blank">8020 Towers Crescent Drive, Vienna, VA</a> 22128</span><br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align:middle;border-style:none;width:5px;height:9px;margin-right:6px;font-family:optimist,Arial,Helvetica,sans-serif"><span style="font-family:optimist,Arial,Helvetica,sans-serif">616-498-8240</span><br>
<br>
<span style="line-height:1.4;font-family:optimist,Arial,Helvetica,sans-serif">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" style="vertical-align:middle;border-style:none;width:10px;margin-left:5px;margin-right:2px;font-family:optimist,Arial,Helvetica,sans-serif" height="7"><span style="line-height:1.4;font-family:optimist,Arial,Helvetica,sans-serif"> <a href="mailto:sharon.anderson@capitalone.com" style="font-family:optimist,Arial,Helvetica,sans-serif" target="_blank">sharon.anderson@capitalone.com</a></span></span></p>
</div>
</div>
</div>
</div>
</div>
<hr><br>
<br>
<font style="color:rgb(64,64,64)">The
information contained in this e-mail
is confidential and/or proprietary
to Capital One and/or its affiliates
and may only be used solely in
performance of work or services for
Capital One. The information
transmitted herewith is intended
only for use by the individual or
entity to which it is addressed. If
the reader of this message is not
the intended recipient, you are
hereby notified that any review,
retransmission, dissemination,
distribution, copying or other use
of, or taking of any action in
reliance upon this information is
strictly prohibited. If you have
received this communication in
error, please contact the sender and
delete the material from your
computer.</font><br>
<br>
<table width="100%" height="30" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<pre style="font-family:monospace">_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" style="font-family:monospace" target="_blank">Openid-specs-ab@lists.openid.net</a>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" style="font-family:monospace" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$</a>
<br>
</blockquote>
</div>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div style="font-family:optimist,Arial,Helvetica,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px"><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" style="vertical-align:middle;border-style:none;width:80px;height:28px;max-width:80px;display:block;color:rgb(1,61,91);font-size:14px;font-weight:600;font-family:Optimist" width="80"></div>
<div>
<p style="font-size:14px;line-height:1.5em;font-weight:600;color:rgb(1,61,91);margin:0px">George
Fletcher (he/him)</p>
<p style="margin:0px 0px 16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap">Executive
Distinguished Engineer • Identity Architect<br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align:middle;border-style:none;width:8px;margin-right:3px"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><span><a href="https://www.google.com/maps/search/8020%0D%0A++++++++++++++++++++++++++++Towers+Crescent+Drive,+Vienna,+VA?entry=gmail&source=g">8020
Towers Crescent Drive, Vienna, VA</a> 22128</span><br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align:middle;border-style:none;width:5px;height:9px;margin-right:6px"><span>616-498-8240</span><br>
<br>
<span style="line-height:1.4">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" style="vertical-align:middle;border-style:none;width:10px;margin-left:5px;margin-right:2px" height="7"><span style="line-height:1.4"> <a href="mailto:sharon.anderson@capitalone.com" target="_blank">sharon.anderson@capitalone.com</a></span></span></p>
</div>
</div>
</div>
<hr><br>
<br>
<font color="#404040">The information contained in this
e-mail is confidential and/or proprietary to Capital
One and/or its affiliates and may only be used solely
in performance of work or services for Capital One.
The information transmitted herewith is intended only
for use by the individual or entity to which it is
addressed. If the reader of this message is not the
intended recipient, you are hereby notified that any
review, retransmission, dissemination, distribution,
copying or other use of, or taking of any action in
reliance upon this information is strictly prohibited.
If you have received this communication in error,
please contact the sender and delete the material from
your computer.</font><br>
<br>
<table width="100%" height="30" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
<br>
</blockquote>
</div>
</blockquote>
</div>
</div>
<hr><br>
<br>
<font color="#404040">The information contained in this e-mail is
confidential and/or proprietary to Capital One and/or its
affiliates and may only be used solely in performance of work or
services for Capital One. The information transmitted herewith
is intended only for use by the individual or entity to which it
is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any review,
retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this
information is strictly prohibited. If you have received this
communication in error, please contact the sender and delete the
material from your computer.</font><br>
<br>
<table width="100%" height="30" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
<br>
</blockquote>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote></div></div>