Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Selective disclosure and requested fields query #38

Open
PatStLouis opened this issue Jan 2, 2025 · 1 comment
Open

Selective disclosure and requested fields query #38

PatStLouis opened this issue Jan 2, 2025 · 1 comment
Assignees
@PatStLouis
Labels
ready for pr

Comments

@PatStLouis
Copy link

It seems like it would be useful for a verifier to request specific fields from a credential which might be secured with a SD enabled cryptosuite. What are some options for this? Would it be suitable to leverage the query by example and add a mandatoryFields property?
@msporny
Copy link
Contributor

msporny commented Jan 7, 2025

This was discussed on the 2025-01-07 telecon:

@PatStLouis noted that in the UNTP, they are investigating what technologies to use for decentralized access control -- a way for unknown verifiers to request some information that the data custodian holds. Among technologies being looked at OID4VP, DID-based authentication (via VP Request spec). There is a way to do QueryByExample in VP Request -- give example of VC you want to receive, but nothing specific for selected fields to be selectively disclosed -- what is the best way to do that? @dlongley noted that the way this is working today is "any field that is expressed /are/ the fields that are treated as mandatory" -- the design, if you use a selective disclosure mechanism, you will only get fields requested plus mandatory disclosure fields. For example, if cryptosuite expects type/id info, otherwise, only fields in query by example are provided. No reason to ask for something you don't need -- no concept of optional fields. @PatStLouis wondered about first name of driver's license -- how would that be asked for? You indicate values, right? @dlongley noted that if values are left blank, then that's an indication that you're requesting anything -- that's how a lot of the queries are done in VC Playground, just a list of properties that are desired -- if one of the choices is selective disclosure, then wallets today will attempt to just disclose only the properties in query by example. @PatStLouis asked if "blank" meant "empty string" or null value -- today it's an empty string and spec could be clarified here. @dlongley noted that there is a "Country Only" Permanent resident card example in the VC Playground that shows how this works.

A PR should be raised that adds a NOTE in a section about selective disclosure and how you construct a query that does selective disclosure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@PatStLouis PatStLouis

Labels
ready for pr
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msporny @PatStLouis