Define claims display description and claims path query #276
Conversation
| } | ||
| {"path": ["email"]}, | ||
| {"path": ["phone_number"]}, | ||
| {"path": ["address", "street_address"]}, |
There was a problem hiding this comment.
We would like to give display properties to an object of claims. The wallet could use this property when collapsing the object's claims in the UI. Is this possible and would the following be the right way?
If so, this should be part of an example.
{
"path": ["address"],
"display": [
{
"name": "Address",
"locale": "en-US"
},
{
"name": "Adresse",
"locale": "de-DE"
}
],
"value_type": "object"
},
{"path": ["address", "street_address"]},
There was a problem hiding this comment.
+1 for this! I think supporting this is mandatory for having a clear and defined way to present this kind of data to the user. Let's use the example from your documentation and extend it with an arbitrary example:
...
"address": {
"street_address": "42 Market Street",
"city": "Milliways",
"postal_code": "12345"
},
...
"work_address": {
"city": "Berlin",
...
},
I would expect/imagine this to be displayed in the ui similar to this:
place of residence
+- street: 42 Market Street
+- city: Milliways
`- post code: 12345
....
place of work
+- city: Berlin
+...
Sakurann
requested review from
jogu,
selfissued,
c2bo,
tplooker,
awoie,
bc-pi,
ve7jtb and
pmhsfelix
| @@ -2215,7 +2194,7 @@ The following is a non-normative example of an object comprising the `credential | |||
| The following additional claims are defined for authorization details of type `openid_credential` and this Credential format. | |||
|
|
|||
| * `vct`: REQUIRED. String as defined in (#server-metadata-sd-jwt-vc). This claim contains the type values the Wallet requests authorization for at the Credential Issuer. It MUST only be present if the `format` claim is present. It MUST not be present otherwise. | |||
| * `claims`: OPTIONAL. Object as defined in (#server-metadata-sd-jwt-vc) excluding the `display` and `value_type` parameters. `mandatory` parameter here is used by the Wallet to indicate to the Issuer that it only accepts Credential(s) issued with those claim(s). | |||
| * `claims`: OPTIONAL. An array of claims description objects as defined in (#claims-description), excluding the `display` and `value_type` parameters. The `mandatory` parameter here is used by the Wallet to indicate to the Issuer that it only accepts Credential(s) issued with those claim(s). | |||
There was a problem hiding this comment.
| * `claims`: OPTIONAL. An array of claims description objects as defined in (#claims-description), excluding the `display` and `value_type` parameters. The `mandatory` parameter here is used by the Wallet to indicate to the Issuer that it only accepts Credential(s) issued with those claim(s). | |
| * `claims`: OPTIONAL. An array of claims path queries as defined in (#claims-path-query). The parameter is used by the Wallet to indicate to the Issuer that it only accepts Credential(s) issued containing exactly those claim(s). |
There was a problem hiding this comment.
I put a comment in issue #266, but after today's WG call where a concern that this is a very big breaking change was raised, we discussed this internally with Microsoft engineers. We do not currently have use-cases with the claims that have nested structure and array-based solution is too big of a breaking change since we just finished implementing OpenID4VCI based on the text that went to ID-1 voting. So our preference is actually defining the new property nested which may contain descriptions about nested objects (original approach 2).
As a compromise for the existing implementations, my suggestion would be fixing the text that becomes ID-1 with nested approach. and than after ID-1, incorporating the array approach defined in this PR.
Then we need a new PR for that.
That would mean two breaking changes. |
Co-authored-by: Giuseppe De Marco <[email protected]>
danielfett
requested review from
awoie,
paulbastian,
c2bo,
sloops77,
jogu,
tplooker and
mickrau
| wallet did not request the inclusion of the claim, and/or if the Credential | ||
| Issuer chose to not include the claim. If the `mandatory` parameter is | ||
| omitted, the default value is `false`. | ||
| * `value_type`: OPTIONAL. String value determining the type of value of the |
|
|
||
| In detail, the array is processed from left to right as follows: | ||
|
|
||
| 1. Select the root element of the Credential, i.e., the top-level JSON object. |
There was a problem hiding this comment.
In the W3C VCDM 1.1, a credential can be represented by a JWT with the object following the data model inside a "vc" claim (https://www.w3.org/TR/vc-data-model/#example-usage-of-the-id-property). It presume that the root element of the Credential refers to the value of the "vc" claim and not to the JWT payload object, right? If so, should we be explicit about it?
There was a problem hiding this comment.
I guess a similar question may be made when using SD-JWT with JWS JSON Serialization (https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-14.html#section-8) - the root element of the Credential is the JWS payload object and not the top-level JSON object of the serialized credential, right?
There was a problem hiding this comment.
I'll change the wording to "Select the root element of the Credential, i.e., the top-level object of the
JSON structure representing the claims in the Credential"
Done |
Mainly fixes #266 based on https://vcstuff.github.io/sd-jwt-vc-types/danielfett/fix-claims/draft-fett-oauth-sd-jwt-vc-types.html#section-8
Also Fixes #272
Also Fixes #271