| [dataspace-dcp-dev] Alignment wit latest specifications from OpenID |
| Dear all, I am becoming familiar with the Eclipse DCP and I think it is a positive step towards solving the real needs of Dataspaces in terms of identities and credentials, that can be slightly different than the needs of SSI wallets. However It seems the OpenID specs have been ignored, and that is a real concern. Questions: * Why is the spec defining a new format for Self-issued tokens instead of reusing / extending the spec from SIOPv2 tokens: https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-self-issued-id-token * Why is it suggested a flow for obtaining self-signed tokens and not directly an adaption / customisation of the SIOPv2 flows? While someone could argue that the SIOPv2 spec is just a draft, then new questions comes that concern specs that are in their v1.0 and stable, namely OpenID4VP and OpenID4VCI: * Why for obtaining Verifiable Presentations it has been used a custom protocol instead of adapting OpenID4VP flows? * Why is being used a Presentation Definition Language that has been declared as obsolete by the OpenID4VP Community and now reengineered as DCQL? https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-digital-credentials-query-l What are the implications from an implementation perspective? * Why for Credential Issuance the work is not based on a profile / customised flow from OpenID4VCI instead of defining its own mechanisms? I think these questions are a concern specially on the presentation definition language side of things and may hamper the adoption / implementation of the DCP, as they pose a risk of deviating from standards that have been there for a while with multiple iterations and planned to be massively used in Wallets, etc. Thanks for your insights and your work All the best |