Conversation
awoie
requested review from
Sakurann,
c2bo,
danielfett,
jogu,
paulbastian,
tlodderstedt and
tplooker
tplooker
left a comment
tplooker
left a comment
There was a problem hiding this comment.
Minor editorial review, generally very supportive of this proposal I think its a critical feature. Few other thoughts
- We should consider making this feature required as leaving it optional will make communicating credential updates/refreshes difficult.
- I believe the specification would benefit from a seperate additional endpoint that enables a wallet to ask if there are any updates for a specific credential. Otherwise without this a wallet is forced to ask for a new credential in order to determine whether anything has changed.
|
Only other thing that came to mind on this topic that perhaps we need to discuss is how we support different datasets versus different versions of the same dataset as I suspect in the event an issuer is issuing two different datasets for the same credential (e.g two credentials about different people), to the same wallet this identifier would become ambiguous. |
|
temporarily close to prevent confusion - will reopen once 1.0 goes out |
|
reopening now that 1.0 has been published. Please push the changes to 1.1.md, and not 1.0.md |
awoie
force-pushed
the
awoie/add-credential-versioning
branch
from
1af74c9 to
5846457
Compare
@tplooker If the same credential configuration is used for two different initial data sets, then you would need some additional mechanism. Wouldn't this be rather two distinct credential configurations, e.g., child, parent configuration? We could also introduce another layer between credential configuration and credential dataset identifier (version)? Is there a third option and do you have a proposal, e.g., through some new endpoint? |
Sakurann
left a comment
Sakurann
left a comment
There was a problem hiding this comment.
I think it would be good to add a bit more description of the feature this parameter enables outside the definition of a term?
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
Thanks for reviewing. Just added the use case and applied your suggestion. Please review again @Sakurann |
| Credential Dataset: | ||
| : A set of one or more claims about a subject, provided by a Credential Issuer. | ||
|
|
||
| Credential Dataset Identifier | ||
| : A unique identifier that refers to a specific version of a Credential Dataset. This identifier remains stable across multiple instances of a Credential that share the same set of claim values, even if they differ in cryptographic proofs. When the claim values in the dataset change, a new Credential Dataset Identifier is assigned. This identifier enables Wallets to detect changes to the underlying data and to distinguish between Credentials issued with different versions of a Credential Dataset under the same Credential Configuration. | ||
|
|
There was a problem hiding this comment.
Not fully in scope of this PR I guess, but I think we should clarify this: Is a Credential Dataset format-specific? If a credential is offered in different formats (but containing the same information), would they share the same Credential Dataset Identifier or have different ones ?
There was a problem hiding this comment.
For simplicity reasons (spec and implementations), I would be in favor to keep it format-specific unless there are good reasons no to.
There was a problem hiding this comment.
Then let's make that clear in the text imho. Something like this?
| Credential Dataset: | |
| : A set of one or more claims about a subject, provided by a Credential Issuer. | |
| Credential Dataset Identifier | |
| : A unique identifier that refers to a specific version of a Credential Dataset. This identifier remains stable across multiple instances of a Credential that share the same set of claim values, even if they differ in cryptographic proofs. When the claim values in the dataset change, a new Credential Dataset Identifier is assigned. This identifier enables Wallets to detect changes to the underlying data and to distinguish between Credentials issued with different versions of a Credential Dataset under the same Credential Configuration. | |
| Credential Dataset: | |
| : A set of one or more claims about a subject, provided by a Credential Issuer. | |
| Credential Dataset Identifier | |
| : A unique identifier that refers to a specific version of a Credential Dataset. This identifier remains stable across multiple instances of a Credential that share the same set of claim values, even if they differ in cryptographic proofs. When the claim values in the dataset change, a new Credential Dataset Identifier is assigned. This identifier enables Wallets to detect changes to the underlying data and to distinguish between Credentials issued with different versions of a Credential Dataset under the same Credential Configuration. Note that A Credential Dataset Identifier is bound to a specific Credential Format. | |
Co-authored-by: Ralf Engbers <raleng@users.noreply.github.com>
| * `transaction_id`: OPTIONAL. String identifying a Deferred Issuance transaction. This parameter is contained in the response if the Credential Issuer cannot immediately issue the Credential. The value is subsequently used to obtain the respective Credential with the Deferred Credential Endpoint (see (#deferred-credential-issuance)). It MUST not be used if the `credentials` parameter is present. It MUST be invalidated after the Credential for which it was meant has been obtained by the Wallet. | ||
| * `interval`: REQUIRED if `transaction_id` is present. Contains a positive number that represents the minimum amount of time in seconds that the Wallet SHOULD wait after receiving the response before sending a new request to the Deferred Credential Endpoint. It MUST NOT be used if the `credentials` parameter is present. | ||
| * `notification_id`: OPTIONAL. String identifying one or more Credentials issued in one Credential Response. It MUST be included in the Notification Request as defined in (#notification). It MUST not be used if the `credentials` parameter is not present. | ||
| * `credential_dataset_id`: REQUIRED for the Issuer to return. An opaque string containing the Credential Dataset Identifier associated with the returned Credential(s). This allows Wallets to detect changes to the underlying Credential Dataset across different Credential Responses. This is useful in situations where claim values change over time, such as an updated address, correction of previously issued personal data, or a change in legal or entitlement status (e.g., reaching the age of majority), enabling the Wallet to distinguish between a cryptographic re-issuance of unchanged data and the issuance of a credential containing modified claim values. The Wallet MUST NOT expect the `credential_dataset_id` to be always present in the Credential Response. |
There was a problem hiding this comment.
Same as above.
| * `credential_dataset_id`: REQUIRED for the Issuer to return. An opaque string containing the Credential Dataset Identifier associated with the returned Credential(s). This allows Wallets to detect changes to the underlying Credential Dataset across different Credential Responses. This is useful in situations where claim values change over time, such as an updated address, correction of previously issued personal data, or a change in legal or entitlement status (e.g., reaching the age of majority), enabling the Wallet to distinguish between a cryptographic re-issuance of unchanged data and the issuance of a credential containing modified claim values. The Wallet MUST NOT expect the `credential_dataset_id` to be always present in the Credential Response. | |
| * `credential_dataset_id`: REQUIRED for the Issuer to return. An opaque string containing the Credential Dataset Identifier associated with the returned Credential(s). This allows Wallets to detect changes to the underlying Credential Dataset across different Credential Responses. This is useful in situations where claim values change over time, such as an updated address, correction of previously issued personal data, or a change in legal or entitlement status (e.g., reaching the age of majority), enabling the Wallet to distinguish between a cryptographic re-issuance of unchanged data and the issuance of a credential containing modified claim values. Note that this information is only valid for the scope of a concrete credential format - if a Credential is offered in different formats, they would have different values for `credential_dataset_id`. The Wallet MUST NOT expect the `credential_dataset_id` to be always present in the Credential Response. |
5 participants
Fixes #278