[Openid-specs-digital-credentials-protocols] What does Presentation Exchange do and what parts of it do we actually need? (redux)

[Gabe Cohen]

 Mike,

Thanks for writing down your thoughts, very helpful! I’ve spent time
thinking about, and have had discussions about your post script:

When a verifier needs multiple credentials, they may be in different
> wallets. If the verifier tries to make a PE request for multiple
> credentials that are spread between wallets, will it always fail because no
> single wallet can satisfy it?
>


My answer to our team internally has been “yes it will fail.” PE was
designed in a weird spot between a data model and a protocol, maybe more
accurately described as a *data model for a protocol*, but it has left out
a few pieces of the data model that would make it even more useful for a
robust protocol.

To mitigate in the short term, we are going with multiple finer-grained PE
requests; however, there’s still the question of how a wallet can
communicate with a verifier that they need a single request broken up into
N pieces—that’s part 1 of what’s missing in the data model.

There’s another problem, too—what happens if a wallet does not have the
credential(s) they need, where do they go and get them? In the OID4VC world
we could leverage an issuer’s well known endpoints to discover the
credential’s they offer, but it may be more useful to encode this
information directly in PE as a part of a “discovery” request. Especially
useful in cases where the verifier is not the issuer of the credentials
being requested.

I’d like to see two additions to PE:


   - A new data object that enables a wallet to communicate how many
   submission’s they’ll make against a single presentation request
   (multi-part) OR a way for a wallet to specify they need N presentation
   requests (while also specifying which input descriptors/submission
   requirements they’ll fulfill for each).
   - A new data object for a verifier to advertise where a wallet can
   obtain the credentials they’re requesting


And in a protocol (OID4VP):

   - The ability to support multi-step presentations including a
   negotiation step with wallets
   - (Possibly) A well known endpoint for a verifier to advertise the
   credentials they trust, for which purpose, from different issuers, and
   where to get them (perhaps similar to the work we started on DIF Trust
   Establishment <https://identity.foundation/trust-establishment/>)


PE needs other changes too, as you called out. I had a few conversations at
IIW which made me think PEv3 may be need to be started sooner, rather than
later, and this group may be the right place to do it.

Gabe

On Oct 14, 2023 at 6:11:18 PM, Michael Jones via
Openid-specs-digital-credentials-protocols <
openid-specs-digital-credentials-protocols at lists.openid.net> wrote:

> I thought I’d share my write-up of the Presentation Exchange session at
> IIW for those of you who couldn’t be there.
>
>
>
> See https://self-issued.info/?p=2427.
>
>
>
>                                                        -- Mike
>
>
> --
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
>
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20231016/47f9ea8e/attachment-0001.html>