Potential improvements for the big picture of issuance flows

[paulbastian]

I've tried to summarize all issuance options regarding the use of:

• authorization_details / scope
• credential_identifiers

It seems that there are many possible combinations to do issuance with OpenID4VCI, in my opinion it may be too many and we should consider consolidation.

My observations:

• scope is an easy/uncomplicated way to do most use cases :+1:
  • no support for different Credential Datasets but thats ok
  • it is weird that Credential Request uses format +format specific parameters instead of scope :thinking:
• authorization_details enables the Wallet to choose between different Credential Datasets :+1:
  • authorization_details has two options: credential_configuration_id vs format + format specific parameter :thinking:
  • when authorization_details is used credential_identifiers is still optional :thinking:
  • this means that Credential Request depends on the Token Response :-1:
• in preAuth Code Flow, we have a third option, providing credential_configuration_ids, but probably fine
  • its unclear which Credential the Wallet is requesting if multiple IDs are provided
  • credential_identifiers cannot be used, because it is not authorization_details flow :-1:
  • Credential Datasets cannot be requested :-1:

Proposals: 1: make credential_identifiers mandatory 2: enable credential_identifiers for Pre-Auth Code Flow 3: enable authorization_details with credential_configuration_id in Token Request for Pre-Auth Code Flow 4: consider using scope in Credential Request