Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can a single presentation definition result in a single presentation submission with multiple VPs? #462

Closed
TimoGlastra opened this issue Nov 28, 2023 · 2 comments
Closed

Can a single presentation definition result in a single presentation submission with multiple VPs? #462

TimoGlastra opened this issue Nov 28, 2023 · 2 comments

Comments

@TimoGlastra
Copy link

Opening this issue based on some discussions I've had with @nklomp, as well as some things we've run into when integrating PEX / OpenID4VP and SD-JWT / JWT vcs.

In OpenID4Vp a Presentation Definition is shared, and based on that a submission is created. With W3C JSON-LD credentials the behvaiour has often been you create a W3C VP, that contains one or more W3C VCs. You sign the W3C VP with one or more signatrues, depending on whether you use different credentialSubject.ids across the VCs in the VP.

With W3C JWT VPs this same behaviour won't work, as you can only put a single signature on a W3C JWT VP. So while you can include multiple VCs in an W3C JWT VP, if you want to put multiple signatures that won't work.

For the recent JFF Plugfest we wanted to submit an Authorization Response in OpenID4VP, where the Presentation Definitions had multiple inputs_descriptors. The PD could be satisfied by submitting multiple W3C JWT credentials, but each had a different credentialSubject.id. So we ended up grouping all W3C JWT VCs with the same credentialSubject.id into a W3C JWT VP, and then submitting multiple W3C JWT VPs in the vp_token from the OpenID4VP authorization response.

This has resulted in a question on my side whether it is allowed to create a single presentation submission, consisting of multiple VPs based on a single presentation definition?

@nklomp mentioned this is not allowed by the PEX specification (see discussion here: Sphereon-Opensource/SIOP-OID4VP#62), but after reading through the spec, I wasn't confident that this is not allowed.

The same problem has now arisen for support SD-JWT VCs. As an SD-JWT presentation is just the SD-JWT VC (with optionally a KB-JWT and some disclosures omitted), to be able to handle a Presentation Definition with multiple input descriptors, you would have to create multiple VPs (multiple SD-JWT VCs).
@TimoGlastra TimoGlastra mentioned this issue Nov 28, 2023
Closed
@rado0x54
Copy link
Contributor

The spec allows to have multiple separate JWT VP within on presentation submission. Also compare section Processing of Submission Entries For example:

{
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input",
        "format": "jwt_vp",
        "path": "$.vps[0]",
        "path_nested": {
          "id": "banking_input",
          "format": "jwt_vc",
          "path": "$.vc"
        }
      },
      {
        "id": "citizenship_input",
        "format": "jwt_vp",
        "path": "$.vps[1]",
        "path_nested": {
          "id": "citizenship_input",
          "format": "jwt_vc",
          "path": "$.vc"
        }
      }
    ]
  }
}

(this example was quickly constructed and is only intended to convey the principle).

Please let us know if that resolves this issue?

@TimoGlastra
Copy link
Author

Yes that solves my issue, thanks!

@TimoGlastra TimoGlastra mentioned this issue Jan 8, 2024
Open
@cre8 cre8 mentioned this issue Apr 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rado0x54 @TimoGlastra