OpenID4VCI icon indicating copy to clipboard operation
OpenID4VCI copied to clipboard

Published 20 hours ago verified publisher icon openid

clarify batch endpoint encryption

Open c2bo opened this issue 1 year ago • 3 comments

closes the batch endpoint part of #286

c2bo avatar May 13 '24 09:05 c2bo

Changes are clear, IMO.

Would it make sense to include in the non-normative example of the batch request the top-level credential_response_encryption attribute?

For instance, something like:

POST /batch_credential HTTP/1.1
Host: server.example.com
Content-Type: application/json
Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW
{
   "credential_requests":[
      {
         "format":"jwt_vc_json",
         "credential_definition": {
           "type":[
             "VerifiableCredential",
             "UniversityDegreeCredential"
           ]
         },
         "proof":{
            "proof_type":"jwt",
            "jwt":"eyJ0eXAiOiJvcGVuaWQ0dmNpL...Lb9zioZoipdP-jvh1WlA"
         }
      },
      {
         "format":"mso_mdoc",
         "doctype":"org.iso.18013.5.1.mDL",
         "proof":{
            "proof_type":"jwt",
            "jwt":"eyJraWQiOiJkaWQ6ZXhhbXBsZ...KPxgihac0aW9EkL1nOzM"
         }
      }
   ],
   "credential_response_encryption": {
    "jwk": {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "5981f333-23e0-4b4a-9bd6-853ca70344f6",
      "iat": 1715685980,
      "n": "tbXb9U8Q_4cpsPcLp7fDPoTQlGOERZBwPUkQBlimrubl6cTsg4hF2Hrwi_K_Qe8RPGGTPTg_l1stBxGcE3JHSx0W2bkhbhNsAYBwHx2V07scrbjecHN_w2hrS8UMGwAuoZlBDvAbYRd16ifHKfby0hfuIKRXni_pUGte-ZkpbAcIAqug75MvYxRVw_xWPHQSCWpMXhPgV6YMZ4L3K_z1PT_zMclwvVd6dzJjALOG3z-JJpYCNwgL8LOWkaHB9mQwexLIfovpprYWRYe5dqXnOApH71C7-3AsFgZxRExjsIM5Qnbyimqyhhq84cUZ_wB0fgi3iQF-c3rHqzT2kXE8ww"
    },
    "alg": "RSA-OAEP-256",
    "enc": "A128CBC-HS256"
  }
}

babisRoutis avatar May 14 '24 11:05 babisRoutis

We do not have any example for a request with encryption in the spec yet -> I like the idea of expanding this example. Any objections?

c2bo avatar May 15 '24 10:05 c2bo

I would rather suggest to have another example (pair) for request for encrypted response and encrypted response.

tlodderstedt avatar May 21 '24 17:05 tlodderstedt

I would rather suggest to have another example (pair) for request for encrypted response and encrypted response.

Should we then leave this PR as is and create another PR with examples for encrypted request / response? There is some discussion in #324 as well, so I think that makes things easier.

c2bo avatar May 24 '24 12:05 c2bo

I would rather suggest to have another example (pair) for request for encrypted response and encrypted response.

Should we then leave this PR as is and create another PR with examples for encrypted request / response? There is some discussion in https://github.com/openid/OpenID4VCI/issues/324 as well, so I think that makes things easier.

sounds like a plan.

Sakurann avatar May 28 '24 13:05 Sakurann