Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a recommendation section and a security section for payload sizes #445

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add a recommendation section and a security section for payload sizes #445

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0f90256
Add a recommendation section and a security section for payload sizes
PatStLouis Jan 27, 2025
02d3137
Fix spelling in payload size section.
msporny Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -719,6 +719,12 @@ <h3>Handling Unknown Options and Data</h3>
Implementations MUST throw an error if an endpoint receives data, options, or option values that it
does not understand or know how to process.
</p>
<h4>Payload Sizes</h4>
<p>Implementations are encouraged to pay attention to the payload sizes of the Verifiable Credentials they issue.</p>
<p>Presentations can bundle a large volume of credentials, resulting in a higher request size than anticipated. This heightens the risk of interoperability issues.</p>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a higher request size?

Is this not a higher { result | return | presentation | something-else } size

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The group discussed this on the 2025-02-18: @dlongley noted that we are talking about the request size... client posting VP with lots of credentials in it and that's what's being checked.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<p>Presentations can bundle a large volume of credentials, resulting in a higher request size than anticipated. This heightens the risk of interoperability issues.</p>
<p>Presentations can bundle a large volume of credentials, which can result in a higher request size than anticipated by implementers and/or deployers. This raises the risk of interoperability issues.</p>

<p>A default maximum size of 10MB per Verifiable Credential is recommended as an interoperability baseline, with the possibility of configuring a larger size if required. The configuration should be detailed at an instance level.
This also accounts for the 16MB size limit of most document-based storage database solutions.</p>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This also accounts for the 16MB size limit of most document-based storage database solutions.</p>
This also accommodates the 16MB size limit of most document-based database storage solutions.</p>

<p>By default, large binary values should be linked to and a hash included (unless there is a privacy reason for not doing so).</p>
</section>
<section>
<h3>API Component Overview</h3>
Expand Down Expand Up @@ -1452,6 +1458,11 @@ <h3>Deletion</h3>
</p>
</section>

<section>
<h3>Payload Sizes</h3>
<p>Larger transactions can trigger DoS incidents. It's recommended to configure the payload size accepted by endpoints at an instance level.</p>
</section>

</section>

<section class="appendix">
Expand Down