Add guidance on how to handle multiple presentation request entries #249
Conversation
|
Discussed 11 June minutes |
|
I think we should indicate to the verifier that the multiple requests (and similarly for the request language) should be semantically compatible/equivalent, or the user/user agent/wallet are easily going to be confused, or might be seen as abuse. Browsers can try to catch really extreme cases that violate that, but it probably wouldn't be easy to test. |
|
From WG meeting:
|
|
Discussed 9 July. |
|
Might I suggest that this be reworked/rewritten a bit, to more closely mimic the HTTP content negotiation A single artificially complicated request (with syntactically invisible line break, here just to make comprehension easier) might then look something like — I would multiply the internal credential priority, This could be made less visibly complicated by having two multi-valued parameters instead of one, such that the protocol priorities are in one parameter and the credential priorities are in another, or by having one slightly-more complex multi-valued parameter for which each value includes both protocol and credential (basically containing the permutations of the above), maybe something like — Note that the ordering of these is not important. It's the |
| <p> | ||
| Verifiers may wish to define a single credential request | ||
| using multiple [=digital credential/exchange protocols=], | ||
| for example to achieve maximum compatibility across [=user agent | user agents=] | ||
| or when migrating to a newer version of a protocol. When doing so, | ||
| verifiers SHOULD ensure that all requests are semantically equivalent to avoid confusing | ||
| the user, the user agent, and the wallet during processing of the request. | ||
| </p> |
There was a problem hiding this comment.
@npdoty I added this text under a different section to try and cover your suggestion that multiple requests should be semantically similar. What do you think?
| When multiple [=digital credential/presentation request | presentation requests=] | ||
| are present in |requests|, | ||
| a [=user agent=] MUST NOT return more than one | ||
| [=digital credential/presentation response=]. | ||
| However, multiple credentials MAY be included in this single response | ||
| depending on the capabilities | ||
| of the corresponding [=digital credential/exchange protocol=]. |
There was a problem hiding this comment.
| When multiple [=digital credential/presentation request | presentation requests=] | |
| are present in |requests|, | |
| a [=user agent=] MUST NOT return more than one | |
| [=digital credential/presentation response=]. | |
| However, multiple credentials MAY be included in this single response | |
| depending on the capabilities | |
| of the corresponding [=digital credential/exchange protocol=]. | |
| A [=user agent=] MUST NOT return more than one | |
| [=digital credential/presentation response=] to |requests|, | |
| even when |requests| contains multiple | |
| [=digital credential/presentation request | presentation requests=]. | |
| However, multiple credentials MAY be included in this single response | |
| depending on the capabilities | |
| of the corresponding [=digital credential/exchange protocol=]. |
There was a problem hiding this comment.
Incorporating all the comments by @marcoscaceres. Too many lines changed in too many ways, so GitHub can't properly highlight the changes. I hope you have a better diff tool at hand.
| When multiple [=digital credential/presentation request | presentation requests=] | |
| are present in |requests|, | |
| a [=user agent=] MUST NOT return more than one | |
| [=digital credential/presentation response=]. | |
| However, multiple credentials MAY be included in this single response | |
| depending on the capabilities | |
| of the corresponding [=digital credential/exchange protocol=]. | |
| A [=user agent=] cannot return more than one | |
| [=digital credential/presentation response=] to |requests|, | |
| even when |requests| contains multiple | |
| [=digital credential/presentation request | presentation requests=], | |
| because the WebIDL for a digital credential requires an object | |
| (i.e., it can't be a sequence). | |
| However, a [=user agent=] MAY include multiple credentials in this | |
| single response if the [=digital credential/exchange protocol=] | |
| in use supports doing so. |
|
Discussed 3 September minutes. |
| </aside> | ||
| When multiple [=digital credential/presentation request | presentation requests=] | ||
| are present in |requests|, | ||
| a [=user agent=] MUST NOT return more than one |
There was a problem hiding this comment.
A user agent can't do this regardless, because the WebIDL for a digital credential requires an object (i.e., it can't be a sequence).
There was a problem hiding this comment.
Excellent! That should let us simplify the phrasing here substantially. I'll do so lower, as a revision of a previous suggestion for this block.
| are present in |requests|, | ||
| a [=user agent=] MUST NOT return more than one | ||
| [=digital credential/presentation response=]. | ||
| However, multiple credentials MAY be included in this single response |
There was a problem hiding this comment.
This doesn't make sense as a normative requirement, as we can't put normative requirements on formats (only on user agents). This might be useful as a non-normative note though.
There was a problem hiding this comment.
I don't read this as putting requirements on any format (which aren't mentioned here anyway) nor protocol (which are), but rather putting requirements on user agents subject to the limitations of the format protocol in use, i.e., the user agent MAY include multiple credentials in a single response if the format protocol in use supports doing so.
| <p> | ||
| Verifiers may wish to define a single credential request | ||
| using multiple [=digital credential/exchange protocols=], | ||
| for example to achieve maximum compatibility across [=user agent | user agents=] |
There was a problem hiding this comment.
| for example to achieve maximum compatibility across [=user agent | user agents=] | |
| for example to achieve maximum compatibility across [=user agents=] |
| using multiple [=digital credential/exchange protocols=], | ||
| for example to achieve maximum compatibility across [=user agent | user agents=] | ||
| or when migrating to a newer version of a protocol. When doing so, | ||
| verifiers SHOULD ensure that all requests are semantically equivalent to avoid confusing |
There was a problem hiding this comment.
As above... we can't put conformance requirements on verifiers, but we can suggest best practices in non-normative ways.
There was a problem hiding this comment.
How about —
| verifiers SHOULD ensure that all requests are semantically equivalent to avoid confusing | |
| verifiers are expected to ensure that all requests are semantically equivalent to avoid confusing |
This PR adds initial text on A) how user agents MUST handle the presence of multiple presentation requests in
options.digital.requests, and B) how verifiers SHOULD populateoptions.digital.requeststo handle getting back a corresponding presentation response.Closes #220.
The following tasks have been completed:
Implementation commitment:
Documentation and checks
Preview | Diff