Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add session transcript for browser api #374

Merged
merged 33 commits into from
Jan 15, 2025
Merged

add session transcript for browser api #374

Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
dfa6ef4
feat: add session transcript for browser api
awoie Dec 19, 2024
84a2f63
Merge branch 'main' into awoie/add-session-transcript
awoie Dec 19, 2024
9969140
Applied Tim's suggestion
awoie Dec 19, 2024
29d60e6
Applied Tim's suggestion
awoie Dec 19, 2024
2277445
Applied Tim's suggestion
awoie Dec 19, 2024
072c38a
Applied Tim's suggestion
awoie Dec 19, 2024
1286f8c
fix: added internal anchor
awoie Dec 19, 2024
62fbaa0
Applied Kristina's suggestion with different wording
awoie Dec 19, 2024
26b7dbe
Applied Joseph's suggestion
awoie Dec 20, 2024
4e402c9
Applied Tim's editorial suggestion
awoie Jan 7, 2025
9b2501c
Applied Christian's editorial suggestion
awoie Jan 7, 2025
9625e87
fix: add doc history
awoie Jan 7, 2025
6cc9039
Applied Paul's editorial suggestion
awoie Jan 8, 2025
4d037df
Applied Paul's editorial suggestion
awoie Jan 8, 2025
5b2f9ea
fix: replaced integrity hash with just hash
awoie Jan 8, 2025
16785ee
fix: added 'cryptographic' where 'hash' is used
awoie Jan 8, 2025
cbcc8d9
fix: adjusted language to make it more clear how OID4VPDCAPIHandoverI…
awoie Jan 8, 2025
d8f87ae
fix: removed SRI dependency since crypto agility since SessionTranscr…
awoie Jan 9, 2025
2b0fee5
fix: updated info hash to be a bstr
awoie Jan 9, 2025
f350f5a
fix: modified according to resolution taken by dcp call jan 9th
awoie Jan 9, 2025
bce5c46
fix: referring to annex for origin definition
awoie Jan 9, 2025
04dd76f
fix: added -7 reference to non DC API invocation mechanism
awoie Jan 10, 2025
d426c43
fix: fixed reference notation
awoie Jan 10, 2025
6dcec68
Applied Torsten's suggestion
awoie Jan 10, 2025
1e2e341
Applied Kristina's suggestion
awoie Jan 14, 2025
2cd0c3b
Applied Kristina's suggestion
awoie Jan 14, 2025
25c2588
Applied Kristina's suggestion
awoie Jan 14, 2025
2d4a76d
ed: changed - to * in list
awoie Jan 14, 2025
88e6cd9
ed: inserted empty lines for readability
awoie Jan 14, 2025
2ed5872
fix: changed OID4VP into OpenID4VP
awoie Jan 14, 2025
cdde599
Applied Christian's suggestion
awoie Jan 14, 2025
8e0259b
ed: fixed custom URI scheme for mdocs
awoie Jan 14, 2025
2c9f80e
Merge branch 'main' into awoie/add-session-transcript
Sakurann Jan 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 48 additions & 4 deletions openid-4-verifiable-presentations-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1913,8 +1913,6 @@ In the event that another component is invoked instead of the Wallet, the End-Us
</front>
</reference>



<reference anchor="IANA.OAuth.Parameters" target="https://www.iana.org/assignments/oauth-parameters">
<front>
<title>OAuth Parameters</title>
Expand Down Expand Up @@ -2228,8 +2226,8 @@ ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4] Ann
* Rules for the `presentation_definition` Authorization Request parameter.
* Rules for the `presentation_submission` Authorization Response parameter.
* Wallet invocation using the `mdoc-openid4vp://` custom URI scheme.
* Defines the OpenID4VP-specific `Handover` CBOR structure and how OpenID4VP Authorization Request and Request Object parameters apply to the `SessionTranscript` CBOR structure and `DeviceResponse` CBOR structure as specified in ISO/IEC 18013-5 [@ISO.18013-5] and ISO/IEC 23220-4 [@ISO.23220-4].
* Required Wallet and Verifier Metadata parameters and their values.
* Required Wallet and Verifier Metadata parameters and their values when OpenID4VP is used with the `mdoc-openid4vp://` custom URI scheme.
The `SessionTranscript` and `Handover` CBOR structure when the invocation does not use the DC API. Also see (#non-dc-api-invocation).
* Additional restrictions on Authorization Request and Authorization Response parameters to ensure compliance with ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. For instance, to comply with ISO/IEC TS 18013-7 [@ISO.18013-7], only the same-device flow is supported, the `request_uri` Authorization Request parameter is required, and the Authorization Response has to be encrypted.

### DCQL Query and Response
Expand Down Expand Up @@ -2265,6 +2263,50 @@ The VP Token contains the base64url-encoded `DeviceResponse` CBOR structure as d

See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_submission` parameter and how to generate the Authorizaton Response for presenting Credentials in the mdoc format.

### `Handover` and `SessionTranscript` Definitions

#### Invocation via the Digital Credentials API

If the presentation request is invoked using the Digital Credentials API, the `SessionTranscript` CBOR structure as defined in Section 9.1.5.1 in [@ISO.18013-5] MUST be used with the following changes:

* `DeviceEngagementBytes` MUST be `null`.
* `EReaderKeyBytes` MUST be `null`.
* `Handover` MUST be the `OpenID4VPDCAPIHandover` CBOR structure as defined below.

```cddl
OpenID4VPDCAPIHandover = [
"OpenID4VPDCAPIHandover", ; A fixed identifier for this handover type
OpenID4VPDCAPIHandoverInfoHash ; A cryptographic hash of OpenID4VPDCAPIHandoverInfo
]

OpenID4VPDCAPIHandoverInfoHash = bstr ; sha-256 hash of OpenID4VPDCAPIHandoverInfo

OpenID4VPDCAPIHandoverInfo = [
origin,
client_id,
nonce
] ; Array containing handover parameters

client_id = tstr ; UTF-8 encoded string

origin = tstr ; UTF-8 encoded string

nonce = tstr ; UTF-8 encoded string
```

The `OpenID4VPDCAPIHandover` structure has the following elements:

* The first element MUST be the fixed UTF-8 encoded string `OpenID4VPDCAPIHandover`. This serves as a unique identifier for the handover structure to prevent misinterpretation or confusion.
* The second element MUST be the `OpenID4VPDCAPIHandoverInfoHash`, represented as a CBOR byte string which encodes the sha-256 hash of the `OpenID4VPDCAPIHandoverInfo` CBOR array.
* The `OpenID4VPDCAPIHandoverInfo` has the following elements:
* The first element MUST be the UTF-8 encoded string representing the origin of the request as described in (#dc_api_request).
* The second element MUST be the UTF-8 encoded string value of the effective Client Identifier as defined in (#dc_api_request).
* The third element MUST be the UTF-8 encoded string value of the `nonce` request parameter.

#### Invocation via other methods {#non-dc-api-invocation}

If the presentation request is invoked via other methods, the rules for generating the `SessionTranscript` and `Handover` CBOR structure are specified in ISO/IEC 18013-7 [@ISO.18013-7], ISO/IEC 18013-5 [@ISO.18013-5] and ISO/IEC 23220-4 [@ISO.23220-4].

## IETF SD-JWT VC

This section defines how Credentials complying with [@!I-D.ietf-oauth-sd-jwt-vc] can be presented to the Verifier using this specification.
Expand Down Expand Up @@ -2724,6 +2766,8 @@ The technology described in this specification was made available from contribut
[[ To be removed from the final specification ]]

-24

* add `SessionTranscript` requirements
* use claims path pointer for mdoc based credentials

-23
Expand Down
Loading