Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Four-Party Model #18

Closed
giadas opened this issue Aug 22, 2024 · 4 comments
Closed

Four-Party Model #18

giadas opened this issue Aug 22, 2024 · 4 comments
Assignees
@peppelinux

Comments

@giadas
Copy link

giadas commented Aug 22, 2024

Referring to Section 4 "The Four-Party Model":

  1. the relationship between Holder, Wallet Provider, Wallet Solution, End-User and End-User's Wallet should be clarified. They are all mentioned in the text however it is not clear which ones are part of the Four-Party Model and their relationships. For example, is the Holder an End-User of the Wallet Instance or is mapping with the Wallet Instance itself?
  2. evaluate to remove from Figure 1 (6 entities) the entities that are not part of the Four-Party Model. E.g., the Authentic Source is not discussed in this section.
  3. Intermediates are not part of Figure 1 but they are discussed in the text
@peppelinux
Copy link
Owner

  1. I would not describe the relationships between End-User and End-User's Wallet since we only have to consider the Holder in the proposed model (for simplicity)

1.1 and 2. the representation is a sort of extended description of the entities interactions where only the four parties interacts each other, while authentic sources and wallet provider are held on the edge, interacting exclusively with their direct audience. In the first proposal of this draft they was included in a 6-party model, during the first revision the co-authors agreed to mention only the most peculiar 4 parties for sake of simplicity and also to not consider exclusive interactions between the parties

  1. Intermediates are part of the openid federation specs and represent trusted third parties, therefore the Trust Anchor and its intermediaries are cosidered trusted third parties and therefore represented like a single entity for sake of simplicity

@giadas
Copy link
Author

giadas commented Sep 3, 2024

While I like simplicity, I still suggest being consistent in the document regarding the terminology used.

If the choice is to consider only the Holder, is it possible to avoid the term "End-User" (e.g., in the sentence "Consequently, the End-User obtains and holds the Digital Credentials without disclosing their intended use to the Credential Issuers. At any subsequent time, the End-User can present these Digital Credentials to a Credential Verifier to authenticate themselves.")?

Plus, which is the relationship between the Holder and the term "Wallet Instance" (or "End-User's Wallet") that is defined in this specification?

While I understand the choice to have 4 parties in the model and to consider the Intermediaries as part of the Trust Anchor, I suggest adding the reason behind this choice to help the reader understand why these entities are treated differently.

@peppelinux
Copy link
Owner

without disclosing their intended use to the Credential Issuers

it is the End-User taking the decision, I prefer using End-User to remark its centrality. Regarding the concept of Holder, see:
openid/OpenID4VP#225

@peppelinux
Copy link
Owner

@giadas I have improved the representation of the model in this PR aiming to resolve this issue
#24

@peppelinux peppelinux self-assigned this Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peppelinux peppelinux

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peppelinux @giadas