Re: Diagrams for VC HTTP API work [was Re: [AGENDA] VC HTTP API Work Item - August 17th 2021] from Juan Caballero on 2021-08-17 (public-credentials@w3.org from August 2021)

From: Juan Caballero <juan.caballero@spherity.com>
Date: Tue, 17 Aug 2021 09:47:19 +0200
To: David Chadwick <d.w.chadwick@verifiablecredentials.info>, public-credentials@w3.org
Message-ID: <a95197fa-6cca-be8e-f581-0c74de9a8d60@spherity.com>
On 8/17/2021 12:14 AM, David Chadwick wrote:
> On 16/08/2021 22:16, Joe Andrieu wrote:
>> Based on conversations with the use case team, I've put together the 
>> attached diagrams, illustrating a minimum conceptual model based on 
>> the USCIS Green Card use case, as implemented using CHAPI.
>>
>> I'm sure this model is lacking some elements for folks who have a 
>> slightly different configuration. I chose this use case because it is 
>> the one I'm most familiar with, making it easiest to be complete. I'd 
>> like to speak to folks with different scenarios and see if we can't 
>> come up with a variation that covers your requirements.
>> ...
>> 6. The message names are chosen for logical consistency in "normal 
>> English"; they should likely be turned into camel case or something 
>> and we can have a bikeshed festival.
>> ...
>
> Hi Joe
>
> Thanks for these. Overall they are in the right direction. Here is my 
> feedback.
>
> 1. On the issuer
>
> This is too specific (i.e. not generic enough) as it requires the 
> holder to present a VP in order to get a VC. But what if the holder 
> does not have any VC to turn into a VP? Can you generalise it by 
> having a challenge and a signed challenge (or authentication response) 
> and verification of the response without mandating this to be a VP?
>
Can't a VP be signed without any VCs inside?  What is the specification 
status of an empty VP?  As far as I can tell, a VP with no VCs in it is 
a fairly common mechanism for signing a challenge to authenticate 
control of a DID, although to be honest I'm not really clear on whether 
there is an equivalent for "linked-secret"/indirected-identifier subject 
credentials (i.e. Indy or Azure) or for non-DID VCs.

David, could I ask you to describe a little what the challenge/AuthN 
flow is like in your system and where the sticking points would be in 
rearranging it a bit to conform to an "empty VP" style flow? Would it be 
generalising enough to rename the VC-request to a "provide challenge" 
(with optional VC request in tow) and to rename the VC selection "Prompt 
for consent (and optional VC selection)", or did you have a further 
generalisation in mind?

> 2. On the verifier
>
> There is some confusion in the numbering from 14 onwards. 15 should 
> come before 14 and 17 and 18 are not needed. Otherwise this seems OK.
>
> Kind regards
>
> David
>
>>
>> -j
>>
>>
>> On Sun, Aug 15, 2021, at 4:41 PM, Manu Sporny wrote:
>>> VC HTTP API Work Item - August 17th 2021
>>> Time: Tue 4pm ET, 1pm PT, 10pm CET, 8am NZDT (Wed)
>>>
>>> Text Chat:
>>> http://irc.w3.org/?channels=ccg <http://irc.w3.org/?channels=ccg>
>>> irc://irc.w3.org:6665/#ccg
>>>
>>> Jitsi Teleconf:
>>> https://meet.w3c-ccg.org/vchttpapi <https://meet.w3c-ccg.org/vchttpapi>
>>>
>>> Duration: 60 minutes
>>>
>>> MEETING MODERATOR: Manu Sporny
>>>
>>> AGENDA:
>>>
>>> 1. Agenda Review, Introductions (5 minutes)
>>>
>>> 2. VC HTTP API Renaming Poll Reminder (5 minutes)
>>> https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0124.html 
>>> <https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0124.html>
>>>
>>> 3. Simple Majority Objection w/ GNAP-KBAT (30 minutes)
>>> https://github.com/w3c-ccg/vc-http-api/pull/224/files#r682106281 
>>> <https://github.com/w3c-ccg/vc-http-api/pull/224/files#r682106281>
>>> https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0110.html 
>>> <https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0110.html>
>>>
>>> 4. Feature Scoping (15 minutes)
>>> https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0122.html 
>>> <https://lists.w3.org/Archives/Public/public-credentials/2021Aug/0122.html>
>>>
>>> 5. Pull Requests (5 minutes)
>>> https://github.com/w3c-ccg/vc-http-api/pull/224 
>>> <https://github.com/w3c-ccg/vc-http-api/pull/224>
>>>
>>> -- manu
>>>
>>> -- 
>>> Manu Sporny - https://www.linkedin.com/in/manusporny/ 
>>> <https://www.linkedin.com/in/manusporny/>
>>> Founder/CEO - Digital Bazaar, Inc.
>>> News: Digital Bazaar Announces New Case Studies (2021)
>>> https://www.digitalbazaar.com/ <https://www.digitalbazaar.com/>
>>>
>>>
>>
>> --
>> Joe Andrieu, PMP joe@legreq.com <mailto:joe@legreq.com>
>> LEGENDARY REQUIREMENTS                          +1(805)705-8651
>> Do what matters. http://legreq.com <http://www.legendaryrequirements.com>
>>
>>
>
-- 
-----------------
Juan Caballero
Research Advisor,
Spherity <https://www.spherity.com> GmbH, Emil-Figge-Straße 80, 44227 
Dortmund
Co-chair, DIF Healthcare Use-cases Discussion Group 
<https://www.eventbrite.com/o/dif-healthcare-special-interest-group-31363301995> 
and DIF Interoperability Working Group 
<https://github.com/decentralized-identity/interoperability/blob/master/agenda.md> 


Berlin-based: +49 1573 5994525
Received on Tuesday, 17 August 2021 07:47:34 UTC