Update wallet invocation section to mention Digital Credentials API #359
Conversation
|
|
||
| For a cross device flow, either of the URL options MAY be presented as a QR code for the End-User to scan using a wallet or an arbitrary camera application on a user-device. | ||
|
|
||
| The Wallet can also be invoked from the web or a native app using the Digital Credentials API as described in (#dc_api). |
There was a problem hiding this comment.
I'd put this one first and if possible word it so it sounds like the preferred option :)
There was a problem hiding this comment.
I think we might get some pushback against essentially recommending it so I'd rather consider that separately. Opened #361 for that.
I think we can be clearer about the advantages though - @leecam @timcappalli could you check the new text please? Suggestions to improve it are welcome!
There was a problem hiding this comment.
we have a whole paragraph on the benefits that Tim helped re-write here: https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#appendix-A-4
There was a problem hiding this comment.
I've committed Kristina's suggestion to just refer to the existing text now.
Co-authored-by: Oliver Terbu <[email protected]>
Co-authored-by: Kristina <[email protected]>
Co-authored-by: Christian Bormann <[email protected]>
|
|
||
| For a cross device flow, either of the above options MAY be presented as a QR code for the End-User to scan using a wallet or an arbitrary camera application on a user-device. | ||
|
|
||
| The Wallet can also be invoked from the web or a native app using the Digital Credentials API as described in (#dc_api). As described in detail in (#dc_api), DC API provides privacy, security (see (#session_fixation)), and user experience benefits (particularly in the cases where a user has multiple Wallets). |
There was a problem hiding this comment.
I'd prefer putting DC API into the enumeration but that's just nitpicking
There was a problem hiding this comment.
let's do that when DC API is ready for production and we are changing this text to recommend it.
Also remove the 'no specific authorization endpoint' method that was never clearly specified and no one seems to be using.
closes #87
closes #262