Skip to content

Clarify credential request client definition to support external implementations #334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Clarify credential request client definition to support external implementations #334

wants to merge 1 commit into from

Conversation

Copy link

Copilot AI commented Aug 8, 2025
edited
Loading

This PR addresses concerns raised by Tim about the restrictive language in the "credential request client" definition that could be interpreted as requiring the client to always be a user agent-owned component.

Problem

The original definition used "user-agent-defined component" language, which could exclude real-world deployments where:

  • The credential selector/client is implemented by external wallet applications
  • Platform components (like Android's credential management) handle the logic
  • Other trusted entities outside the UA manage credential flows

As noted in the PR #306 discussion, this is particularly relevant for Chrome where the logic lives in Android rather than the browser itself.

Solution

Updated the definition from:

A credential request client is a user-agent-defined component responsible for...

To:

A credential request client is a component responsible for managing the credential 
presentation or issuance flow, as defined or delegated by the user agent. The client 
may be implemented by the user agent itself, by an installed wallet, by platform-provided 
software, or by another trusted component.

Added clarifying note:

Note: The user agent may delegate some or all credential request client responsibilities 
to external wallet applications, platform components, or other trusted entities, according 
to user or platform policy.

Impact

This change ensures the specification supports both:

  • UA-owned implementations (e.g., WebKit's direct wallet integration)
  • Externally delegated implementations (e.g., Chrome delegating to Android platform, standalone wallet apps)

The user agent maintains its role in defining or delegating responsibilities while explicitly supporting diverse implementation patterns across different platforms and ecosystems.

Fixes the concern raised in PR #306 discussion threads.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

  • esm.ubuntu.com
    • Triggering command: /usr/lib/apt/methods/https (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@marcoscaceres
Copy link
Collaborator

marcoscaceres commented Aug 8, 2025

Will integrate directly into other PR

Copilot AI changed the title [WIP] Clarify Credential Request Client Definition to Allow UA and Platform/Wallet Implementations Clarify credential request client definition to support external implementations Aug 8, 2025
Copilot AI requested a review from marcoscaceres August 8, 2025 05:18
Copilot finished work on behalf of marcoscaceres August 8, 2025 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcoscaceres marcoscaceres Awaiting requested review from marcoscaceres

Assignees

@marcoscaceres marcoscaceres

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcoscaceres