OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard

Published 20 hours ago verified publisher icon openid

Remove W3C DC API examples

Open marcoscaceres opened this issue 1 year ago • 6 comments

As the W3C spec is changing a lot, it's best to not include any examples yet. That way, this spec can progress without locking in changes on the W3C side.

marcoscaceres avatar Sep 10 '24 00:09 marcoscaceres

Are we expecting breaking changes to the Browser API, I thought it was fairly settled for now?

I'm not sure that removing the examples helps. The examples are non-normative and don't really show anything that's not already described in the normative text.

(We can actually update the examples relatively easily, both during any public review period for the 1.0 spec revision, and even after 1.0 is published by making an errata update, but if the normative text is likely to require changes as well that's a much bigger problem.)

jogu avatar Sep 10 '24 10:09 jogu

Ah, I guess https://github.com/WICG/digital-credentials/pull/165 may be the driver?

Although the 'providers' -> 'requests' change itself looks like it shouldn't break normative text in VP, It is slightly concerning that there are suggestions on that PR that would affect the normative text, like changing 'request' to 'query'.

jogu avatar Sep 10 '24 11:09 jogu

I'm concerned about this here: https://github.com/WICG/digital-credentials/pull/164

samuelgoto avatar Sep 10 '24 16:09 samuelgoto

Maybe leaving a link for where to see current examples would be better than just removing them? Eg. maybe they belong in this GitHub repo but in their own non-normative file for easier updating?

RByers avatar Sep 10 '24 19:09 RByers

I don't think we should lock in this spec with the other at all. We might want to move things around and we haven't yet added the examples to the Digital Credentials Spec. Rest assured that we will add examples, but it might not happen in the accelerated timeframe OpenID4VP is currently on. We can add examples to a future version of OpenID4VP once the W3C Spec is a) in a working group, and b) we are confident on the design (e.g. the spec reaches CR on the W3C side). We don't have enough implementation experience yet to be confident we won't change more things - specially as the W3C spec hasn't been road tested with more request formats, which may change the underlying request model/structure.

marcoscaceres avatar Sep 12 '24 09:09 marcoscaceres

Text in this PR does not sufficiently decouple openid4vp text and still makes it susceptible to any future breaking changes in the credentials API.

"Put openid4vp request parameters in an appropriate place as defined in digital credentials API; the openid4vp parameter is X for signed requests and Y for unsigned requests" is what I would expect.

Also very unsure about removing all of the examples. Will digital credentials API provide examples how to include openid4vp request there once it is stable? If not, we should keep some examples as of today in the spec.

If the text is generic enough, changing the examples later as digital credentials API evolves is possible.

Sakurann avatar Sep 18 '24 00:09 Sakurann

Hopefully better now... did this in a hurry at the ARF event last week.

marcoscaceres avatar Oct 14 '24 22:10 marcoscaceres