vc-api icon indicating copy to clipboard operation
vc-api copied to clipboard
verified publisher icon w3c-ccg

Automating Verifiable Credential transfers

Open msporny opened this issue 2 years ago • 1 comments

The Traceability work item has the concept of /presentations/available on a Verifier Coordinator, the group should explore if we the same concept should be adopted/generalized in the VC API. These use cases have come up during the 2023-08-29 telecon:

  1. Enabling a Holder Coordinator to push credentials to a Holder Service to store them.
  2. Enabling the use of exchanges to push credentials or get presentations from Holders.

Concerns to discuss:

  • Should Holders tell Issuers something (start this exchange with me)?
  • Should control flow from Issuer to Holder (inbox at the Holder)?
  • How does the Holder deny the acceptance of the credential?

msporny avatar Aug 29 '23 19:08 msporny

The group discussed this on the 2024-02-27 telecon:

@jandrieu noted he was confused by the first question (as was the rest of the group). @jandrieu noted that Traceability wanted to ping a Holder Coordinator to let them know that there is a credential available to receive. He noted that is an interesting endpoint, but was strongly ambivalent (because it becomes a spam endpoint, but also feels valuable); noted it's worth having a discussion about that. @dlongley said that a better way to engineer it is that a holder can "sign up to get updates" from an issuer, if it's automated, you could configure holder coordinator to automatically follow a notification, engaged in an exchange that an issuer has notified you about, pick up a VC in an automated fashion. Don't think there is much that needs to be added to the API for this to work -- Holder Coordinator could be configured to automatically respond. @jandrieu it's not clear "who" is making these calls.

msporny avatar Feb 27 '24 20:02 msporny

The group discussed this on 2024-05-28:

@PatStLouis noted that they might be getting rid of this feature in the Traceability specification, not clear how it is used. @dlongley noted that if its being removed, we close the issue, could re-use other primitives to implement it (callbacks with exchanges, etc.), share concern w/ Joe about it being a spam endpoint (can't send significant amount of information that needs to be stored), instead notifying to act on something seems to be a better approach. Need to understand use case better, maybe after other primitives are done, construct solution to use cases. @jandrieu syncs up with work done elsewhere (single use to do rendevous), really between verifier and holder. There is some "incoming API" use case for the holder, pattern of single use where you can give another single use in response maybe gets around spam problem but lets people hand out URLs to be used for one time interaction. @jandrieu suggested that if Traceability is not pushing for this, nice to have features, but not on current roadmap.

The group proposed closing the issue and there were no objections to closing it (and re-raising it in the future if there was a stronger desire to have this sort of feature).

msporny avatar May 28 '24 19:05 msporny