From 899c512049cc869f29c4763944101941eef122ec Mon Sep 17 00:00:00 2001 From: Joseph Heenan Date: Sun, 25 Aug 2024 15:35:26 +0100 Subject: [PATCH 1/6] Clarify language around opening Credential Offer Endpoint As per consensus on Oct-10-2022 working group call, the credential offer endpoint must be redirected to in order to allow the wallet to have a user interaction. The languaged used is the same as used in RFC6749. closes #13 --- openid-4-verifiable-credential-issuance-1_0.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index ba912c7c..49a6fc3c 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -333,7 +333,8 @@ This endpoint is used by a Credential Issuer that is already interacting with an ## Credential Offer {#credential-offer} -The Credential Issuer sends Credential Offer using an HTTP GET request or an HTTP redirect to the Wallet's Credential Offer Endpoint defined in (#client-metadata). +The Credential Issuer makes a Credential Offer by directing the resource owner's +user-agent to the Wallet's Credential Offer Endpoint defined in (#client-metadata). The Credential Offer object, which is a JSON-encoded object with the Credential Offer parameters, can be sent by value or by reference. From 02adeb4d789b4cc4df684eb0ae30d925e2cf1576 Mon Sep 17 00:00:00 2001 From: Joseph Heenan Date: Tue, 10 Sep 2024 14:55:43 +0100 Subject: [PATCH 2/6] resource owner -> End-User As per Christian's comment on PR and Brian's suggestion on how to fix it. Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 49a6fc3c..661b743d 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -333,7 +333,7 @@ This endpoint is used by a Credential Issuer that is already interacting with an ## Credential Offer {#credential-offer} -The Credential Issuer makes a Credential Offer by directing the resource owner's +The Credential Issuer makes a Credential Offer by directing the End-User's user-agent to the Wallet's Credential Offer Endpoint defined in (#client-metadata). The Credential Offer object, which is a JSON-encoded object with the Credential Offer parameters, can be sent by value or by reference. From 03fadd4d85662ecd31864fbc2d7fa8d71e684917 Mon Sep 17 00:00:00 2001 From: Joseph Heenan Date: Tue, 10 Sep 2024 14:58:18 +0100 Subject: [PATCH 3/6] Reorder credential offer section slightly As per Paul's suggestion: https://github.com/openid/OpenID4VCI/pull/380#issuecomment-2332151386 --- openid-4-verifiable-credential-issuance-1_0.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 661b743d..15961610 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -334,7 +334,7 @@ This endpoint is used by a Credential Issuer that is already interacting with an ## Credential Offer {#credential-offer} The Credential Issuer makes a Credential Offer by directing the End-User's -user-agent to the Wallet's Credential Offer Endpoint defined in (#client-metadata). +user-agent to the Wallet's Credential Offer Endpoint defined in (#client-metadata). The Credential Issuer MAY render a QR code containing the Credential Offer that can be scanned by the End-User using a Wallet, or a link that the End-User can click. The Credential Offer object, which is a JSON-encoded object with the Credential Offer parameters, can be sent by value or by reference. @@ -343,8 +343,6 @@ The Credential Offer contains a single URI query parameter, either `credential_o * `credential_offer`: Object with the Credential Offer parameters. This MUST NOT be present when the `credential_offer_uri` parameter is present. * `credential_offer_uri`: String that is a URL using the `https` scheme referencing a resource containing a JSON object with the Credential Offer parameters. This MUST NOT be present when the `credential_offer` parameter is present. -The Credential Issuer MAY render a QR code containing the Credential Offer that can be scanned by the End-User using a Wallet, or a link that the End-User can click. - For security considerations, see (#credential-offer-security). ### Credential Offer Parameters {#credential-offer-parameters} From 30c0bcaf82f360d5e55bab54249f1a23adaa2e69 Mon Sep 17 00:00:00 2001 From: Joseph Heenan Date: Tue, 10 Sep 2024 17:18:38 +0100 Subject: [PATCH 4/6] Modified based on feedback on the PR --- openid-4-verifiable-credential-issuance-1_0.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 15961610..f7313bdc 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -333,8 +333,7 @@ This endpoint is used by a Credential Issuer that is already interacting with an ## Credential Offer {#credential-offer} -The Credential Issuer makes a Credential Offer by directing the End-User's -user-agent to the Wallet's Credential Offer Endpoint defined in (#client-metadata). The Credential Issuer MAY render a QR code containing the Credential Offer that can be scanned by the End-User using a Wallet, or a link that the End-User can click. +The Credential Issuer makes a Credential Offer by allowing the End-User to invoke the Wallet using the Wallet's Credential Offer Endpoint defined in (#client-metadata) (for example by clicking a link) and/or rendering a QR code containing the Credential Offer that the End-User can scan in a wallet or an arbitrary camera application. The Credential Offer object, which is a JSON-encoded object with the Credential Offer parameters, can be sent by value or by reference. From 44d673c1024524e3e8b144e4edfac1272af64c65 Mon Sep 17 00:00:00 2001 From: Joseph Heenan Date: Fri, 4 Oct 2024 14:17:57 +0100 Subject: [PATCH 5/6] Add that direct communication of offers to wallet backend is possible As per: https://github.com/openid/OpenID4VCI/pull/380#discussion_r1787564485 --- openid-4-verifiable-credential-issuance-1_0.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index f7313bdc..40f797de 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -335,6 +335,8 @@ This endpoint is used by a Credential Issuer that is already interacting with an The Credential Issuer makes a Credential Offer by allowing the End-User to invoke the Wallet using the Wallet's Credential Offer Endpoint defined in (#client-metadata) (for example by clicking a link) and/or rendering a QR code containing the Credential Offer that the End-User can scan in a wallet or an arbitrary camera application. +Credential Issuers MAY also communicate Credential Offers directly to a Wallet's backend but any mechanism for doing so is currently outside the scope of this specification. + The Credential Offer object, which is a JSON-encoded object with the Credential Offer parameters, can be sent by value or by reference. The Credential Offer contains a single URI query parameter, either `credential_offer` or `credential_offer_uri`: From 2b1fdf453b8befc7244752cb8a94e2c8d196c62e Mon Sep 17 00:00:00 2001 From: Joseph Heenan Date: Wed, 9 Oct 2024 13:39:04 +0100 Subject: [PATCH 6/6] Apply Kristina's suggestion Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-credential-issuance-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-credential-issuance-1_0.md b/openid-4-verifiable-credential-issuance-1_0.md index 40f797de..5d29eb1d 100644 --- a/openid-4-verifiable-credential-issuance-1_0.md +++ b/openid-4-verifiable-credential-issuance-1_0.md @@ -333,7 +333,7 @@ This endpoint is used by a Credential Issuer that is already interacting with an ## Credential Offer {#credential-offer} -The Credential Issuer makes a Credential Offer by allowing the End-User to invoke the Wallet using the Wallet's Credential Offer Endpoint defined in (#client-metadata) (for example by clicking a link) and/or rendering a QR code containing the Credential Offer that the End-User can scan in a wallet or an arbitrary camera application. +The Credential Issuer makes a Credential Offer by allowing the End-User to invoke the Wallet using the Wallet's Credential Offer Endpoint defined in (#client-metadata). For example, by clicking a link and/or rendering a QR code containing the Credential Offer that the End-User can scan in a wallet or an arbitrary camera application. Credential Issuers MAY also communicate Credential Offers directly to a Wallet's backend but any mechanism for doing so is currently outside the scope of this specification.