From 08ca9006b1676fffa88508b9c4c87726e602ade9 Mon Sep 17 00:00:00 2001 From: Tim Cappalli Date: Mon, 1 Dec 2025 08:34:31 -0500 Subject: [PATCH 1/6] initial changes for supported protocols --- index.html | 256 ++++++++++++++++++----------------------------------- 1 file changed, 88 insertions(+), 168 deletions(-) diff --git a/index.html b/index.html index 8101b347..26ae3b09 100644 --- a/index.html +++ b/index.html @@ -84,6 +84,26 @@ date: "2025-02-25", publisher: "W3C" }, + "openid4vp-1_0": { + title: "OpenID for Verifiable Presentations 1.0", + href: "https://openid.net/specs/openid-4-verifiable-presentations-1_0.html", + authors: ["Oliver Terbu", "Torsten Lodderstedt", "Kristina Yasuda", "Daniel Fett", "Joseph Heenan"], + date: "2025-07-09", + publisher: "OpenID Foundation" + }, + "openid4vci-1_0": { + title: "OpenID for Verifiable Credential Issuance 1.0", + href: "https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html", + authors: ["Torsten Lodderstedt", "Kristina Yasuda", "Tobias Looker", "Paul Bastian"], + date: "2025-09-16", + publisher: "OpenID Foundation" + }, + "iso-18013-7-2025": { + title: "ISO/IEC TS 18013-7:2025 Personal identification — ISO-compliant driving licence Part 7: Mobile driving licence (mDL) add-on functions", + href: "https://www.iso.org/standard/91154.html", + date: "2025-05-01", + publisher: "International Organization for Standardization" + }, }, xref: { profile: "web-platform", @@ -113,12 +133,8 @@

and issuance of a [=digital credential=].

- The API design is agnostic to both credential [=digital - credential/presentation requests|presentation=] [=digital - credential/exchange protocols=], credential [=digital credential/issuance - request|issuance=] [=digital credential/issuance protocols|protocols=] - and credential formats. However, to promote interoperability this - document includes a [[[#protocol-registry]]]. + The API design is agnostic to credential formats and includes support for + multiple [=digital credential/exchange protocols=]. See [[[#supported-protocols]]].

The API is designed to support the following goals: @@ -524,8 +540,7 @@

A standardized protocol used for exchanging a [=digital credential=] between a [=holder=] and a [=verifier=]. A protocol is identified by a - [=digital credential/protocol identifier=]. See section also - [[[#protocol-registry]]]. + [=digital credential/protocol identifier=]. See [[[#supported-protocols]]].
Protocol identifier @@ -544,7 +559,7 @@

A standardized protocol used for communication between an [=issuer=] and a [=holder=] during the issuance of a [=digital credential=]. The issuance protocol is identified by a [=digital credential/protocol - identifier=]. See also section [[[#protocol-registry]]]. + identifier=]. See [[[#supported-protocols]]].
Request coordinator @@ -768,8 +783,7 @@

The {{DigitalCredentialCreateRequest/protocol}} member's value can be one - of the well-defined protocol identifiers defined in - [[[#protocol-registry]]] or a custom protocol identifier. + of the well-defined protocol identifiers defined in [[[#supported-protocols]]].

The `data` member @@ -842,8 +856,7 @@

The {{DigitalCredentialCreateRequest/protocol}} member's value is be one - of the well-defined keys defined in [[[#protocol-registry]]] or any other - custom one. + of the well-defined keys defined in [[[#supported-protocols]]].

The `data` member @@ -1125,181 +1138,88 @@

-

- Registry of protocols +

+ Supported protocols

- Initiating the registration a protocol is done by filing an - issue in our GitHub repository. -

-

- The following is the registry of [=digital credential/exchange - protocols=] and [=digital credential/issuance protocols=] that are - supported by this specification. -

-

- It is expected that this registry will be become a [=W3C registry=] in - the future. -

-

- General inclusion criteria -

- -

- To be included in the registry, the [=digital credential/exchange - protocol=]: -

-
    -
  1. MUST be standardized at a consortium the W3C liaises with -
    2. -
  2. MUST be defined in a specification which is freely and publicly - available at the stable URL listed in the registry. -
    3. -
  3. MUST define a representation, as either a [[WebIDL]] [=dictionary=] - or a JSON object, of the [=digital credential/exchange protocol=] request - structure (i.e., the [=dictionary=] which defines the semantics and - validation of the {{DigitalCredentialGetRequest}}'s - {{DigitalCredentialGetRequest/data}} member) and the [=digital - credential/issuance protocol=] request structure (i.e., the - [=dictionary=] which defines the semantics and validation of the - {{DigitalCredentialCreateRequest}}'s - {{DigitalCredentialCreateRequest/data}} member). -
    4. -
  4. MUST define a representation, as either a [[WebIDL]] [=dictionary=] - or a JSON object, of the [=digital credential/exchange protocol=] - response structure (i.e., the [=dictionary=] which defines the semantics - and validation of the {{DigitalCredential}}'s {{DigitalCredential/data}} - member. -
    5. -
  5. MUST define validation rules for members of the request and response - structures. -
    6. -
  6. MUST have undergone privacy review by the W3C's Privacy Working Group and - Federated Identity Working - Group. - -
    7. -
  7. MUST have undergone security review by the Security Interest Group. -
    8. -
  8. MUST have implementation commitment from at least one browser engine, - one credential provider/wallet, and one issuer or verifier (depending on - the protocol type). Each component MUST be from independent - organizations. -
    9. -
  9. MUST have formally recorded consensus by the Federated Identity - Working Group to be included in the registry. -
    10. -
-

- Presentation-specific inclusion criteria -

-

- To be included as a presentation protocol in the registry (used with - `navigator.credentials.get`), the [=digital credential/exchange - protocol=]: -

-
    -
  1. MUST support response encryption. -
    2. -
  2. MUST encrypt any response containing personally identifiable - information (PII). -
    3. -
-

- Change process -

-

- To add a new [=digital credential/exchange protocol=] to the registry, or - to update an existing one: -

-
-
- Define a [=digital credential/protocol identifier=]. -
-
- The [=digital credential/protocol identifier=] MUST be a unique string - that is not already in use in the registry. The [=digital - credential/protocol identifier=] MUST uniquely define the set of - required parameters and/or behavior that a digital credential provider - implementation needs to support to successfully handle the request. If - the set of required parameters or behaviors is updated in a way which - would require a digital credential provider to also require an update - to remain functional, a new protocol identifier MUST be assigned and be - added to the registry. -
-
- Specify a protocol - type. -
-
- The protocol type is either "Presentation" for presentation protocols - used with `navigator.credentials.get` or "Issuance" for issuance - protocols used with `navigator.credentials.create`. -
-
- Describe the - protocol. -
-
- The description MUST be a brief summary of the protocol's purpose and - use case. -
-
- Provide a link to the - specification. -
-
- The specification MUST be a stable URL that points to the authoritative - source for the protocol, including validation rules. -
-
-

- [=User agents=] MUST support the following [=digital credential/exchange - protocols=]: + The following [=digital credential/exchange protocols=] are supported + by this specification.

- + + + + + + + + + + + + + + + + + + + + + From b962211db11d4fe0288495ede51ba9c643b711ca Mon Sep 17 00:00:00 2001 From: Tim Cappalli Date: Mon, 1 Dec 2025 18:52:38 -0500 Subject: [PATCH 2/6] add to dictionary --- .cspell/misc.txt | 4 +++- .cspell/names.txt | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.cspell/misc.txt b/.cspell/misc.txt index c955bf3b..63ebc73c 100644 --- a/.cspell/misc.txt +++ b/.cspell/misc.txt @@ -8,4 +8,6 @@ linkable linkability fingerprinters birthdates -reidentify \ No newline at end of file +reidentify +multisigned +licence \ No newline at end of file diff --git a/.cspell/names.txt b/.cspell/names.txt index 3c2ab1fe..1a8d4879 100644 --- a/.cspell/names.txt +++ b/.cspell/names.txt @@ -17,4 +17,9 @@ Orie Massieux Thibodeau Yosef -Jevon \ No newline at end of file +Jevon +Terbu +Torsten +Heenan +Fett +Lodderstedt \ No newline at end of file From 3ffca6e6e4cb50879c8ab2727822a7b5bee99d58 Mon Sep 17 00:00:00 2001 From: Tim Cappalli Date: Mon, 1 Dec 2025 18:55:23 -0500 Subject: [PATCH 3/6] move section up --- index.html | 178 +++++++++++++++++++++++++++-------------------------- 1 file changed, 91 insertions(+), 87 deletions(-) diff --git a/index.html b/index.html index fe896cdf..9b431aa8 100644 --- a/index.html +++ b/index.html @@ -567,7 +567,97 @@

See [=credential request coordinator=].
- +

+ Supported protocols +

+

+ The following [=digital credential/exchange protocols=] are supported + by this specification. +

+
- Table of officially registered [=digital credential/exchange - protocols=]. + Table of supported [=digital credential/exchange protocols=]
- [=digital credential/Protocol identifier=] + Name - [=registry/Type=] + Type - [=registry/Description=] + [=digital credential/Protocol identifier=] - [=registry/link|Specification=] + Spec Details
- Coming soon... + + [[[openid4vp-1_0]]] (Unsigned Requests) + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-unsigned` + + Appendix A +
+ [[[openid4vp-1_0]]] (Signed Requests) + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-signed` + + Appendix A +
+ [[[openid4vp-1_0]]] (Multi-signed Requests) + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-multisigned` + + Appendix A +
+ [[[iso-18013-7-2025]]] (Annex C) + + [=digital credential/Exchange Protocol=] + + `org-iso-mdoc` + + Annex C
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Table of supported [=digital credential/exchange protocols=] +
+ Name + + Type + + [=digital credential/Protocol identifier=] + + Spec Details +
+ [[[openid4vp-1_0]]] (Unsigned Requests) + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-unsigned` + + Appendix A +
+ [[[openid4vp-1_0]]] (Signed Requests) + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-signed` + + Appendix A +
+ [[[openid4vp-1_0]]] (Multi-signed Requests) + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-multisigned` + + Appendix A +
+ [[[iso-18013-7-2025]]] (Annex C) + + [=digital credential/Exchange Protocol=] + + `org-iso-mdoc` + + Annex C +
+

@@ -1138,92 +1228,6 @@

-

- Supported protocols -

-

- The following [=digital credential/exchange protocols=] are supported - by this specification. -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Table of supported [=digital credential/exchange protocols=] -
- Name - - Type - - [=digital credential/Protocol identifier=] - - Spec Details -
- [[[openid4vp-1_0]]] (Unsigned Requests) - - [=digital credential/Exchange Protocol=] - - `openid4vp-v1-unsigned` - - Appendix A -
- [[[openid4vp-1_0]]] (Signed Requests) - - [=digital credential/Exchange Protocol=] - - `openid4vp-v1-signed` - - Appendix A -
- [[[openid4vp-1_0]]] (Multi-signed Requests) - - [=digital credential/Exchange Protocol=] - - `openid4vp-v1-multisigned` - - Appendix A -
- [[[iso-18013-7-2025]]] (Annex C) - - [=digital credential/Exchange Protocol=] - - `org-iso-mdoc` - - Annex C -