[Openid-specs-digital-credentials-protocols] A simple presentation endpoint

Fri Feb 16 00:48:49 UTC 2024

I gave the classic over 18 example, in my last email, but I'll give another
here to try and refine the simplicity argument.

Wallet has credentials that prove employment.

RP offers discounts to veterans.

Wallet asks for nonce, RP responds with nonce.

Wallet presents proof of employment.

Let's assume there won't be global agreement on how to query employment
credentials.

Instead there will be presentation exchange, and a bunch of other query
systems, with non uniform adoption in the market.

Can all these systems use the same presentation endpoint even if they don't
use the same nonce retrieval and query language?

That's the opportunity.

OS

On Thu, Feb 15, 2024, 6:08 PM Joseph Heenan via
Openid-specs-digital-credentials-protocols <
openid-specs-digital-credentials-protocols at lists.openid.net> wrote:

> Hi Orie
>
> Could you share an example of a use case where your assumptions hold true
> please?
>
> Thanks
>
> Joseph
>
>
> On 15 Feb 2024, at 22:03, Orie Steele via
> Openid-specs-digital-credentials-protocols <
> openid-specs-digital-credentials-protocols at lists.openid.net> wrote:
>
>
> ( I signed the contributor agreement in docusign ).
>
> My ideal flow:
>
> GET relying-party.example/nonce
> POST relying-party.example/presentations
>
> If the RP wants to demand extra state commitments from the wallet, that's
> fine, but if the wallet just wants a nonce to make a presentation, the
> wallet should be able to just get a nonce.
>
> Once the wallet has used the nonce, the wallet wants to send the
> presentation to the RP.
>
> If the RP wants to demand extra state commitments from the wallet, that's
> fine, but if the wallet just wants to send a presentation, the wallet
> should be able to just send a presentation.
>
> In other words, all the parameters that are "not a nonce" and "not a
> presentation" are getting in the way of a simple spec.
>
> We have a proposal for a simple endpoint for getting nonces:
>
> https://datatracker.ietf.org/doc/draft-demarco-oauth-nonce-endpoint/
>
> I want a simple endpoint for sending presentations.
>
> Assume an api gateway will filter out anything it does not recognize as
> being encrypted to an internal verifier, or as a well formed signed
> presentation.
> Assume the nonce is negotiated out of band.
> Assume credential types are negotiated out of band.
> Assume credential claims are negotiated out of band.
> Assume the presentation endpoint is negotiated out of band.
>
> How does a wallet submit a presentation?
>
> Regards,
>
> OS
>
> --
>
> ORIE STEELE
> Chief Technology Officer
> www.transmute.industries
> <https://transmute.industries/>
> --
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
>
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>
>
> --
> Openid-specs-digital-credentials-protocols mailing list
> Openid-specs-digital-credentials-protocols at lists.openid.net
>
> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20240215/04d8d2cd/attachment.html>