digital-credentials icon indicating copy to clipboard operation
digital-credentials copied to clipboard
verified publisher icon WICG

Add guidance on how to handle multiple presentation request entries

Open MasterKale opened this issue 6 months ago • 6 comments

This PR adds initial text on A) how user agents MUST handle the presence of multiple presentation requests in options.digital.requests, and B) how verifiers SHOULD populate options.digital.requests to handle getting back a corresponding presentation response.

Closes #220.

The following tasks have been completed:

  • [ ] Modified Web platform tests (link)

Implementation commitment:

  • [ ] WebKit (link to issue)
  • [ ] Chromium (link to issue)
  • [ ] Gecko (link to issue)

Documentation and checks

  • [ ] Affects privacy
  • [ ] Affects security
  • [ ] Pinged MDN
  • [ ] Updated Explainer
  • [ ] Updated digitalcredentials.dev

Preview | Diff

MasterKale avatar May 28 '25 21:05 MasterKale

Discussed 11 June minutes

wseltzer avatar Jun 12 '25 00:06 wseltzer

I think we should indicate to the verifier that the multiple requests (and similarly for the request language) should be semantically compatible/equivalent, or the user/user agent/wallet are easily going to be confused, or might be seen as abuse. Browsers can try to catch really extreme cases that violate that, but it probably wouldn't be easy to test.

npdoty avatar Jul 09 '25 22:07 npdoty

From WG meeting:

  • Add a note to Verifiers that request options within requests should be semantically similar
  • Review text to see how it might clarify that we're talking about multiple requests within a single invocation of DC API

MasterKale avatar Jul 09 '25 22:07 MasterKale

Discussed 9 July.

wseltzer avatar Jul 10 '25 17:07 wseltzer

Might I suggest that this be reworked/rewritten a bit, to more closely mimic the HTTP content negotiation accept: header, such that each entry pairs a protocol (with associated priority) with one or more credentials (each with their own associated priority)?

A single artificially complicated request (with syntactically invisible line break, here just to make comprehension easier) might then look something like — foo-proto-v1(ex-cred-1;cp=1.0, ex-cred-2;cp=0.5);pp=1.0, foo-proto-v2(ex-cred-1;cp=0.7, ex-cred-2;cp=0.3);pp=0.5

I would multiply the internal credential priority, cp, values by the wrapping protocol priority, pp, to make a net priority, p.

This could be made less visibly complicated by having two multi-valued parameters instead of one, such that the protocol priorities are in one parameter and the credential priorities are in another, or by having one slightly-more complex multi-valued parameter for which each value includes both protocol and credential (basically containing the permutations of the above), maybe something like — (foo-proto-v1;ex-cred-1;p=1.0), (foo-proto-v2;ex-cred-1;p=0.35), (foo-proto-v1;ex-cred-2;p=0.5), (foo-proto-v2;ex-cred-2;p=0.15)

Note that the ordering of these is not important. It's the p value that dictates preference/priority of receiving that combination.

TallTed avatar Jul 10 '25 20:07 TallTed

Discussed 3 September minutes.

wseltzer avatar Sep 03 '25 22:09 wseltzer

Just an update, this PR is effectively blocked by https://github.com/w3c-fedid/digital-credentials/pull/372 which defines the presentation algorithm for the user agent. Once that lands I can then update this PR to slot in this PR's guidance to wherever is appropriate.

MasterKale avatar Dec 01 '25 17:12 MasterKale

Discussed as part of AOB: https://github.com/w3c-fedid/meetings/blob/main/2025/2025-12-02-DCAPI-A-notes.md#aob

hlflanagan avatar Dec 01 '25 19:12 hlflanagan