add transaction_data #197
add transaction_data #197
Conversation
Sakurann
requested review from
ve7jtb,
danielfett,
jogu,
tlodderstedt,
c2bo,
tplooker,
paulbastian,
awoie and
bc-pi
Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com>
Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com>
Co-authored-by: Daniel Fett <mail@danielfett.de>
There was a problem hiding this comment.
I still believe that putting transaction data into a
a) a dedicated response_type and/or
b) using a dedicated Credential format would be a better separation.
vp_token and existing Credential Formats assume a three party model, while transaction authorization is a 2 party model, it seems this may create problems in the future that we can't foresee, I would appreciate a better logical separation.
I don't have explicit counter-proposals, just a bad feeling. If there is no support for this direction, you may override my disapproval.
|
|
In LSP POTENTIAL there are two designs for QES with Transaction data:
Are these flows applicable for both? |
| This enables the Wallet to assess the Verifier's capabilities, allowing it to transmit only the relevant capabilities through the `wallet_metadata` parameter in the Request URI POST request. If the Verifier uses the `client_id_scheme` parameter in the Request Object, it MUST also add the same `client_id_scheme` value in the Authorization Request. | ||
| This enables the Wallet to assess the Verifier's capabilities, allowing it to transmit only the relevant capabilities through the `wallet_metadata` parameter in the Request URI POST request. If the Verifier uses the `client_id_scheme` parameter in the Request Object, it MUST also add the same `client_id_scheme` value in the Authorization Request. | ||
|
|
||
| `transaction_data`: |
There was a problem hiding this comment.
Hi,
questions:
a) Is transaction data different from a consent?
b) Transaction data needs to be displayed to the end user, except if it's a M2M exchange. Keeping it generic, can lead to implementation issues. Should at least "display" or similar parameter be defined?
c) Should the RAR or PE (presentation definition?) syntax be reused? (https://datatracker.ietf.org/doc/html/rfc9396#name-authorization-request)
d) Explicit yes/no: default mode is that the user must authorise all actions, or the transaction fails?
e) If user declines 1 action, should it be recorded?
f) Is there a need for more elaborate transactions, such as conditional statements (e.g., you must answer all, you must answer to some of the questions), supporting multiple options (e.g., do you want to tip 5, 10 or 20%)? Or for QES: select a signature profile (e.g., advanced, qualified).
We introduced something similar about 2 years ago for our B2B/M2M VP exchange (https://hub.ebsi.eu/conformance/learn/verifiable-presentation-exchange#service-to-service-token-flow). We defined a simple key:value approach where, where key is a scope, and value is a VP definition. I believe this matches your definition of transaction_data. In our model, for a given action all conditions must be fulfilled, no conditional statements, no multiple options (like tipping).
Thank you!
There was a problem hiding this comment.
Hi Alen,
a) transaction data is about authorization. the end user agrees to authorize a certain transaction (payments, QES, etc.)
b), c), f) specific details of transaction data are left to the experts of each use-case. so they will not be defined in openid4vp
d) yes, there is not partial succcess. we agreed to make that clearer. I just have not reflected in the PR text yet..
e) recorded where? in the wallet? according to eidas regulation, i think so?
I will look at the pointer! thank you!
There was a problem hiding this comment.
Hi. Thank you for the answers.
e) recorded by the "verifier"
@paulbastian I would say so, because in both flows, presenting a credential from the wallet is used as a way to authenticate the user, right? do you have a hypothesis why this would not work for the wallet-centric model? |
Sakurann
requested review from
jogu,
alenhorvat,
bc-pi,
danielfett and
paulbastian
I would say the workings of the QTSP centric model does not align with the general model of OpenID4VP and what most readers here would assume. For example, it wouldn't allow the real relying party to request a credential and QES in the same request, as the actual request is from QTSP embedded into relying party website. |
| This enables the Wallet to assess the Verifier's capabilities, allowing it to transmit only the relevant capabilities through the `wallet_metadata` parameter in the Request URI POST request. If the Verifier uses the `client_id_scheme` parameter in the Request Object, it MUST also add the same `client_id_scheme` value in the Authorization Request. | ||
|
|
||
| `transaction_data`: | ||
| : OPTIONAL. Array of strings, where each string is a base64url encoded JSON object that contains a typed parameter set with details about the transaction that the Verifier is requesting the End-User to authorize. See (#transaction_data) for details. The Wallet MUST return an error if a request contains even one unrecognized transaction data type or transaction data not conforming to the respective type definition. Each object consists of the following parameters: |
There was a problem hiding this comment.
I have a feeling there's an unintended consequence here between this PR (if merged after 1.0) and the extensibility PR.
I think this language says "a wallet MUST fail a request that includes a transaction_data if it doesn't support transaction data". But the other PR says "wallets supporting 1.0 of this spec must accept requests that contain unknown elements, including transaction_data.
I think we need the first behaviour - i.e. particularly when using the browser api, a wallet that doesn't support transaction_data must never say it can satisfy a request that contains transaction_data.
If we agree on that, then I can see two solutions:
- We add
transaction_datato 1.0 with language like "wallets MUST reject claims that contain this element". - We add something like 'crit', but for the body, define that in 1.0, and when 1.1 comes along with transaction_data support then verifiers that want to use it are required to include
"crit": [ "transaction_data" ]in the request payload.
| : OPTIONAL. Array of strings, where each string is a base64url encoded JSON object that contains a typed parameter set with details about the transaction that the Verifier is requesting the End-User to authorize. See (#transaction_data) for details. The Wallet MUST return an error if a request contains even one unrecognized transaction data type or transaction data not conforming to the respective type definition. Each object consists of the following parameters: | ||
|
|
||
| * `type`: REQUIRED. String that is the Identifier of the transaction data type and determines the allowable contents of the object that contains it. The specific values are out of scope of this specification. It is RECOMMENDED to use collision-resistant names for `type` values. | ||
| * `credential_ids`: REQUIRED. Array of strings each pointing to an identifier that identifies a set of information describing a Credential that the Verifier is requesting transaction data in a particular object to be bound to (Input Descriptor in Presentation Exchange). |
There was a problem hiding this comment.
adding one little generalization to the generalization you did (thanks for that generalization btw)
| * `credential_ids`: REQUIRED. Array of strings each pointing to an identifier that identifies a set of information describing a Credential that the Verifier is requesting transaction data in a particular object to be bound to (Input Descriptor in Presentation Exchange). | |
| * `credential_ids`: REQUIRED. Array of strings each pointing to an identifier that identifies a set of information describing a Credential that the Verifier is requesting transaction data in a particular object to be bound to (e.g., Input Descriptor in Presentation Exchange). |
|
@Sakurann I would like to better understand the QTSP centric model for QES. |
|
This PR adds a significant feature that should be described in a use case appendix, similar to what OpenID4VCI does in my opinion. |
|
I am looking at this from the perspective using this within eIDAS QES use case. Illustrating with this picture, there are two possible flows:
The QTSP centric flow and how transaction data is used is very clear to me. The Wallet centric flow is less clear to me. As I imagine this, the communication between Wallet and QTSP look quite similar with the Wallet having a fixed relation with a particular QTSP. The question arises how a Verifier would send a request for a QES (either including the hash or the document itself) to the Wallet, marked with "?" in the diagrams. Questions:
|
resolves #174
resolves #173
resolves #172