vp_token definition referencing OpenID4VCI

[martijnharing]

The vp_token definition requires that the OpenID4VCI specification is followed for some of the details of the verifiable presentation content. This has a few issues. :

• It is strange that an issuance specification defines the details for how to do presentation, instead of specifying the presentation details in the presentation specification.
• For some document formats, both the VCI spec as well Appendix B of OpenID4VP have requirements for the credential response. The current text explicitly says that OpenID4VCI must be followed if it specifies something for the credential response, this seems to be a contradiction to also having credential response requirements in OpenID4VP.
• For MSO_mdoc the Credential Response requirements in the OpenID4VCI spec do not make sense in the context of OpenID4VP, we should make it clear what exactly is meant with “If Appendix A of [OpenID.VCI] defines a rule for encoding the respective Credential format in the Credential Response, this rules MUST also be followed when encoding Credentials of this format in the vp_token response parameter.”

Can we remove the reference / mandate of using the OpenID4VCI specification for credential response encoding requirements?

[jogu]

I agree this isn't the best.

I think removing the reference to VCI here and adding definitions for the contents of vp_token in Appendix B would be good, as Martijn notes this has already been done in the mdl section in Appendix B.

[Sakurann]

super weird that it still points to VCI. it should point to VP Annex B and I thought we have done a PR fixing it, but apparently not. If you could do a small PR fixing this to annex B in VP, happy to approve and merge

[c2bo]

A bit off-topic, but somewhat related thing that I noticed when reading the Annex specifying the format specific parts: We have a Section in VCI VC signed as a JWT, Using JSON-LD which seems to not have a counterpart in VP?

On-topic: Yep that looks like something that should be fixed