Re: Introducing Wallet And Credential Interactions for Presentation Exchange at DIF

Thank you, Orie, for mentioning SIOP Chooser work in OpenID Foundation!

There are three workstreams when it comes to wallet interoperability and verifiable presentation exchange work happening in OpenID Foundation (as part of the liaison with DIF):

1. Requesting and presenting verifiable presentations from the wallet using OIDC
Several implementations are happening to choose between sending back a VP separately alongside ID token or embedding VP inside an ID token. Using connect flows and ID Token allows to communicate authentication information and security posture.
Here is the draft that was written following several Connect WG discussions and is planned to be contributed to the WG next week: https://github.com/awoie/vp-token-spec

2. Self-Issued OpenID Provider V2
Turning each user's wallet into an OpenID Provider that can present VCs without relying on the Third party Identity Provider.
SIOP Chooser that Orie pasted is part of this workstream, because verifier needs to know which wallet to invoke when asking for the VCs.
SIOP Chooser is a combination of 1/ a list of wallets (maintained by the trust framework); 2/universal links to open wallet from the browser; and 3/share sheet to choose between several wallets under the user's control. It feels like a hack, but seems to be a current best solution that will work with different kind of wallets - native apps, PWAs, browser wallets.
Another quite stable decidion made is to allow DIDs to be used as holder identifier to prove control over the Self-Issued OP by checking if response (ID Token) is signed by the keys in the DIDDoc controlled by the user.
WG adopted draft: https://bitbucket.org/openid/connect/src/master/openid-connect-self-issued-v2-1_0.md
It will refer to draft in workstream 1 once that one is adopted.

3. Issuing verifiable presentations into the wallet using OIDC
Goal is to allow binding returned VCs to the holder of the wallet, and getting VCs into the wallet from several Claims issuers
Two drafts to be merged: https://github.com/mattrglobal/oidc-client-bound-assertions-spec to be contributed to the WG and already WG adopted Claims Aggregation Draft https://bitbucket.org/openid/connect/src/master/openid-connect-claims-aggregation/openid-connect-claims-aggregation-1_0.md

Looking forward to learning more about this new DIF Working Item and exploring the interoperable ways for verifiable presentation exchange.

Best,
Kristina

________________________________
差出人: Orie Steele <orie@transmute.industries>
送信日時: 2021年4月28日 2:22
宛先: W3C Credentials CG (Public List) <public-credentials@w3.org>
件名: Introducing Wallet And Credential Interactions for Presentation Exchange at DIF

Hey All,

I mentioned on the CCG Call today, there is a new DIF Work Item regarding wallet interoperability testing of verifiable presentation exchange:

https://github.com/decentralized-identity/waci-presentation-exchange<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdecentralized-identity%2Fwaci-presentation-exchange&data=04%7C01%7Ckristina.yasuda%40microsoft.com%7C23f0a86185ba478db3fc08d909a14f2e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637551410723806849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=h1ui%2FjVvh71OEuvEEPS2LVvIHa%2Fmdq4FR1gOMr%2FMFmM%3D&reserved=0>

This work came from multiple successful IIW sessions focused on a community vision for achieving wallet interoperability for verifiable presentations.

Special thanks to Kaliya for leading the sessions and to Sam and Drummond for their help on supporting an integration path for BBS+ with Good Health Pass and the VC HTTP API Vaccination test suite and vocabulary.

And most importantly, thanks to the folks at Bloom for writing the original WACI spec:

https://specs.bloom.co/wallet-and-credential-interactions/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspecs.bloom.co%2Fwallet-and-credential-interactions%2F&data=04%7C01%7Ckristina.yasuda%40microsoft.com%7C23f0a86185ba478db3fc08d909a14f2e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637551410723806849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RFIGd1tbICRtQr4OkY7ecO1QCJY0dOCtoBjiUIh0xvk%3D&reserved=0>

It's awesome to see the community aligning around support for a shared data model (W3C VC Data Model), now all we need is at least one way to exchange VPs over HTTP.

It's also worth mentioning that the OIDC is working on their own version of these APIs as well:

https://bitbucket.org/openid/connect/issues/1212/siop-chooser<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%2F1212%2Fsiop-chooser&data=04%7C01%7Ckristina.yasuda%40microsoft.com%7C23f0a86185ba478db3fc08d909a14f2e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637551410723816804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Fo9Zg8Ql3oYJHweIfK7RH488GGpm8v0H5m5PU08ECwo%3D&reserved=0>

Major motivation for separating the "Traceability Ecosystem Guide" or "Traceability API" was to allow for a more inclusive approach to these other communities, including direct support for OIDC and addressing concerns regarding authorization.

As a member of both DIF and CCG I am committed to keeping them as aligned as possible and look forward to working with folks like Tom and Kristina or aligning with OIDF as it evolves its support for presentation exchange and wallets.

* takes deep breath *

* keeps running at the speed of the broader community *

OS


--
ORIE STEELE
Chief Technical Officer
www.transmute.industries

[https://drive.google.com/a/transmute.industries/uc?id=1hbftCJoB5KdeV_kzj4eeyS28V3zS9d9c&export=download]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.transmute.industries%2F&data=04%7C01%7Ckristina.yasuda%40microsoft.com%7C23f0a86185ba478db3fc08d909a14f2e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637551410723816804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Oa9JjduFChrfYItQSNj7UHOk6XRUkml4i2c7p3Z4N4w%3D&reserved=0>