Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify what profiling OID4VP means #339

Merged
merged 10 commits into from
Nov 28, 2024
Merged

Clarify what profiling OID4VP means #339

merged 10 commits into from
Nov 28, 2024

Conversation

Sakurann
Copy link
Collaborator

In summary, OpenID for Verifiable Presentations is a framework that requires profiling
to achieve interoperability within a certain ecosystem or a jurisdiction. Out of the
features that are optional in this specification, a profile MUST select features that are
mandatory and define a set of specific requirements.

text is adjusted to paraphrase where a term "profile" is not used as intended.

jogu
jogu reviewed Nov 20, 2024
View reviewed changes
openid-4-verifiable-presentations-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-presentations-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-presentations-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-presentations-1_0.md Outdated Show resolved Hide resolved
@Sakurann Sakurann requested a review from jogu November 21, 2024 11:07
awoie
awoie reviewed Nov 28, 2024
View reviewed changes
openid-4-verifiable-presentations-1_0.md Outdated
@@ -136,6 +136,11 @@ Implementations can also be built on top of OpenID Connect Core, which is also b

Any of the OAuth 2.0 related specifications, such as [@RFC9126] and [@RFC9101], and Best Current Practice (BCP) documents, such as [@RFC8252] and [@I-D.ietf-oauth-security-topics], can be implemented on top of this specification.

In summary, OpenID for Verifiable Presentations is a framework that requires profiling
to achieve interoperability. Out of the
Copy link
Contributor

@awoie awoie Nov 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This text is quite generic and I'm not sure if I would agree with the phrasing. The issue I have with the phrasing is that a profile can also have optional parameters, not only mandatory ones.

IMO, a profile does the following for a specific use case or ecosystem:

  • define choices of values for mandatory and optional features, e.g., allowed credential format identifiers.
  • define what optional features do not apply or mandate optional features, e.g., mandating encryption.
  • optionally extend OID4VP if new features are required

This description is still vague but I could probably live with this better.

However, I think it would be better to define concretely what exactly has to be further defined by a profile.

awoie
awoie approved these changes Nov 28, 2024
View reviewed changes
Copy link
Contributor

@awoie awoie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved after new phrasing

@Sakurann Sakurann merged commit 40702d1 into main Nov 28, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@awoie awoie awoie approved these changes

@jogu jogu jogu approved these changes

@danielfett danielfett danielfett approved these changes

@c2bo c2bo Awaiting requested review from c2bo

@tplooker tplooker Awaiting requested review from tplooker

@paulbastian paulbastian Awaiting requested review from paulbastian

@bc-pi bc-pi Awaiting requested review from bc-pi

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Sakurann @danielfett @jogu @tlodderstedt @awoie