-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Facilitating Submission of Referenced Claims with Integrity Support using multipart/form-data #75
Comments
I think the challenge you are describing is sending large size data in the response? even if the media type defined for authorization response is application/x-www-form-urlencoded, it is an HTTP POST request so you should be able to send if the actual problem statement is the ability to send "attachments" alongside credentials, we can define a new parameter |
Thanks @Sakurann for your reply.
Agree, it can be effective in many cases. However, I also perceive a potential for optimization if we enable the transmission of large binary claims encoded as items in Do you anticipate any confusion arising from enabling this form of content negotiation?
I think this would open interesting use cases and enable an extensibility point, but that was not the scope of this specific issue. |
@jruizaranguren I notice this is your first submission and I'm not clear what your real name or company association is. Please can you confirm if you've signed the OIDF contribution agreement, https://openid.net/intellectual-property/contribution-license-agreement/ ? Would it be correct to summarise this whole issue as: It would be nice not to have to base64url encode binary data like images (and hence the suggestion to use I think this would be a significant extra complication. It would be interesting to know if any other implementors see the need for this feature. |
@jogu, I confirm. I use to assist to DCP meetings on thursdays. |
Problem Statement
Certain scenarios necessitate the inclusion of sizable file-based claims within credentials, to be presented during verification. Examples of such claims include scanned documents, subject portraits conforming to ISO 18013-5, and various biometric records.
Verifiers may demand such claims to support situations where legacy processes intersect with digital credential procedures. This is especially relevant for Biometrics-based Holder Binding, as outlined in the OIDC4VP terminology section.
The current definition of OIDC4VP allows for the presentation of these claims within the VP token, either through a redirect call or encoded as
application/x-www-form-urlencoded
when Response Mode is set todirect_post
. However, these options pose challenges when handling large-sized claims, a concern addressed in multiple discussions (see references below).Proposal
To address the challenge of managing large claims, I propose enabling the content type
multipart/form-data
for the submission of Authorization Response in thedirect_post
Response Mode.By doing so, various mechanisms can be employed to efficiently reference and submit files from verifiable credentials. Different parts of the multipart content can be utilized for the
presentation_submission
,vp_token
, and additional evidence, ensuring referential integrity extracted from credentials in thevp_token
usinghashlinks
,SRI
, or other means. The filenames of each part can be linked to identifiers in the credentials.This would enable a convenient and efficient to manage claims consisting in large sized files both in issuance and presentation, facilitating different means to retrieve and store such files.
References
The text was updated successfully, but these errors were encountered: