diff --git a/.cspell/misc.txt b/.cspell/misc.txt index c955bf3b..63ebc73c 100644 --- a/.cspell/misc.txt +++ b/.cspell/misc.txt @@ -8,4 +8,6 @@ linkable linkability fingerprinters birthdates -reidentify \ No newline at end of file +reidentify +multisigned +licence \ No newline at end of file diff --git a/index.html b/index.html index c362885d..a5f4afa4 100644 --- a/index.html +++ b/index.html @@ -83,7 +83,7 @@ authors: ["Simone Onofri"], date: "2025-02-25", publisher: "W3C" - }, + } }, xref: { profile: "web-platform", @@ -113,12 +113,8 @@

and issuance of a [=digital credential=].

- The API design is agnostic to both credential [=digital - credential/presentation requests|presentation=] [=digital - credential/exchange protocols=], credential [=digital credential/issuance - request|issuance=] [=digital credential/issuance protocols|protocols=] - and credential formats. However, to promote interoperability this - document includes a [[[#protocol-registry]]]. + The API design is agnostic to credential formats and includes support for + multiple [=digital credential/exchange protocols=]. See [[[#supported-protocols]]].

The API is designed to support the following goals: @@ -524,8 +520,7 @@

A standardized protocol used for exchanging a [=digital credential=] between a [=holder=] and a [=verifier=]. A protocol is identified by a - [=digital credential/protocol identifier=]. See section also - [[[#protocol-registry]]]. + [=digital credential/protocol identifier=]. See [[[#supported-protocols]]].
Protocol identifier @@ -544,7 +539,7 @@

A standardized protocol used for communication between an [=issuer=] and a [=holder=] during the issuance of a [=digital credential=]. The issuance protocol is identified by a [=digital credential/protocol - identifier=]. See also section [[[#protocol-registry]]]. + identifier=]. See [[[#supported-protocols]]].
Request coordinator @@ -552,7 +547,97 @@

See [=credential request coordinator=].
- +

+ Supported protocols +

+

+ The following [=digital credential/exchange protocols=] are supported + by this specification. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Table of supported [=digital credential/exchange protocols=] +
+ Name + + Type + + [=digital credential/Protocol identifier=] + + Reference +
+ OpenID for Verifiable Presentations 1.0 - Unsigned Requests + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-unsigned` + + [[OPENID4VP]] Appendix A +
+ OpenID for Verifiable Presentations 1.0 - Signed Requests + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-signed` + + [[OPENID4VP]] Appendix A +
+ OpenID for Verifiable Presentations 1.0 - Multi-signed Requests + + [=digital credential/Exchange Protocol=] + + `openid4vp-v1-multisigned` + + [[OPENID4VP]] Appendix A +
+ ISO/IEC 18013-7:2025 - Annex C + + [=digital credential/Exchange Protocol=] + + `org-iso-mdoc` + + [[ISO18013-7]] Annex C +
+

@@ -767,9 +852,8 @@

denotes the [=digital credential/exchange protocol=].

- The {{DigitalCredentialCreateRequest/protocol}} member's value can be one - of the well-defined protocol identifiers defined in - [[[#protocol-registry]]] or a custom protocol identifier. + The {{DigitalCredentialCreateRequest/protocol}} member's value MUST be one + of the protocol identifiers defined in [[[#supported-protocols]]].

The `data` member @@ -841,9 +925,8 @@

member denotes the [=digital credential/issuance protocol=].

- The {{DigitalCredentialCreateRequest/protocol}} member's value is be one - of the well-defined keys defined in [[[#protocol-registry]]] or any other - custom one. + The {{DigitalCredentialCreateRequest/protocol}} member's value MUST be one + of the protocol identifiers defined in [[[#supported-protocols]]].

The `data` member @@ -1125,185 +1208,6 @@

-

- Registry of protocols -

-

- Initiating the registration a protocol is done by filing an - issue in our GitHub repository. -

-

- The following is the registry of [=digital credential/exchange - protocols=] and [=digital credential/issuance protocols=] that are - supported by this specification. -

-

- It is expected that this registry will be become a [=W3C registry=] in - the future. -

-

- General inclusion criteria -

- -

- To be included in the registry, the [=digital credential/exchange - protocol=]: -

-
    -
  1. MUST be standardized at a consortium the W3C liaises with -
    2. -
  2. MUST be defined in a specification which is freely and publicly - available at the stable URL listed in the registry. -
    3. -
  3. MUST define a representation, as either a [[WebIDL]] [=dictionary=] - or a JSON object, of the [=digital credential/exchange protocol=] request - structure (i.e., the [=dictionary=] which defines the semantics and - validation of the {{DigitalCredentialGetRequest}}'s - {{DigitalCredentialGetRequest/data}} member) and the [=digital - credential/issuance protocol=] request structure (i.e., the - [=dictionary=] which defines the semantics and validation of the - {{DigitalCredentialCreateRequest}}'s - {{DigitalCredentialCreateRequest/data}} member). -
    4. -
  4. MUST define a representation, as either a [[WebIDL]] [=dictionary=] - or a JSON object, of the [=digital credential/exchange protocol=] - response structure (i.e., the [=dictionary=] which defines the semantics - and validation of the {{DigitalCredential}}'s {{DigitalCredential/data}} - member. -
    5. -
  5. MUST define validation rules for members of the request and response - structures. -
    6. -
  6. MUST have undergone privacy review by the W3C's Privacy Working Group and - Federated Identity Working - Group. - -
    7. -
  7. MUST have undergone security review by the Security Interest Group. -
    8. -
  8. MUST have implementation commitment from at least one browser engine, - one credential provider/wallet, and one issuer or verifier (depending on - the protocol type). Each component MUST be from independent - organizations. -
    9. -
  9. MUST have formally recorded consensus by the Federated Identity - Working Group to be included in the registry. -
    10. -
-

- Presentation-specific inclusion criteria -

-

- To be included as a presentation protocol in the registry (used with - `navigator.credentials.get`), the [=digital credential/exchange - protocol=]: -

-
    -
  1. MUST support response encryption. -
    2. -
  2. MUST encrypt any response containing personally identifiable - information (PII). -
    3. -
-

- Change process -

-

- To add a new [=digital credential/exchange protocol=] to the registry, or - to update an existing one: -

-
-
- Define a [=digital credential/protocol identifier=]. -
-
- The [=digital credential/protocol identifier=] MUST be a unique string - that is not already in use in the registry. The [=digital - credential/protocol identifier=] MUST uniquely define the set of - required parameters and/or behavior that a digital credential provider - implementation needs to support to successfully handle the request. If - the set of required parameters or behaviors is updated in a way which - would require a digital credential provider to also require an update - to remain functional, a new protocol identifier MUST be assigned and be - added to the registry. -
-
- Specify a protocol - type. -
-
- The protocol type is either "Presentation" for presentation protocols - used with `navigator.credentials.get` or "Issuance" for issuance - protocols used with `navigator.credentials.create`. -
-
- Describe the - protocol. -
-
- The description MUST be a brief summary of the protocol's purpose and - use case. -
-
- Provide a link to the - specification. -
-
- The specification MUST be a stable URL that points to the authoritative - source for the protocol, including validation rules. -
-
-

- [=User agents=] MUST support the following [=digital credential/exchange - protocols=]: -

- - - - - - - - - - - - - - - -
- Table of officially registered [=digital credential/exchange - protocols=]. -
- [=digital credential/Protocol identifier=] - - [=registry/Type=] - - [=registry/Description=] - - [=registry/link|Specification=] -
- Coming soon... -