OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard

Published 20 hours ago verified publisher icon openid

Clarification on the Definition of "Holder"

Open peppelinux opened this issue 6 months ago • 3 comments

The current definition of "Holder" in the OpenID4VP specifications states:

Holder: An entity that receives Verifiable Credentials and has control over them to present them to the Verifiers as Verifiable Presentations.

This definition, while succinct, lacks clarity on the technical aspects of who or what constitutes a "Holder" in practical scenarios, especially when considering the interaction between the user and their digital wallet.

Points for Clarification:

User vs. User+Wallet as Holder

  • The definition suggests that the "Holder" is an entity with control over Verifiable Credentials. However, in practical terms, a user by themselves cannot act as a Holder without the aid of a digital wallet. It is the combination of the user and their wallet that enables the control and presentation of Verifiable Credentials.
  • Analogously, just as a person becomes a driver only when they are in control of a car, a user becomes a Holder when they utilize a wallet to manage their Verifiable Credentials.

Role of the Wallet

  • The wallet plays a crucial technical role in holding and managing digital credentials. While the user administratively owns the credentials, the wallet is the tool through which these credentials are technically managed and presented.
  • This distinction needs to be clearly reflected in the definition to avoid confusion about the capabilities and limitations of the user and the wallet in the role of a Holder.

Combined Entity as Holder

  • To accurately reflect the operational dynamics of Verifiable Credentials, the definition of Holder should encompass both the user and the wallet as a combined entity. This combined entity is what effectively interacts with Verifiers to present Verifiable Credentials.

Suggested Revision

To address these points, I propose revising the definition of "Holder" to better articulate the relationship and roles of the user and the wallet. The revised definition could read:

Holder: A combined entity, typically consisting of a user and their digital wallet, that receives Verifiable Credentials and has control over them. This entity is responsible for managing and presenting the credentials to Verifiers as Verifiable Presentations. While the user is the administrative owner of the credentials, the wallet provides the necessary technical support to store, manage, and present the credentials effectively.

All this issue description can be summarized with the question <<Really, who is the Holder?>>

peppelinux avatar Aug 08 '24 13:08 peppelinux