`purpose` should be mandatory

[npdoty]

It's never appropriate to request a credential without explaining for what purpose it will be used. This property of a Presentation Definition should, as a result, be mandatory.

Per-field purpose strings might make more sense as optional (if the requester can't be more specific in explaining each field's specific purpose rather than just the top-level purpose).

If the expectation is that purpose (and other important contextual information, like retention, deletion, secondary use, registration and auditing of the use, etc.) will be presented elsewhere, then the spec should instead be defining pointers to that external or out-of-band explanation, so that the wallet/holder can present confirmation of it to the user at the time that a decision is made.

[rado0x54]

The intend of the spec was to provide a simple method to transport a text-only purpose with the presentation definition. It does not expect to be exclusive (e.g. the purpose could be transported out-of-band of PE, or that all credentials meet the threshold of requiring a purpose). Therefore we would not want to require is as part of the spec.

We like the idea of binding an out-of-band purpose to a presentation definition and then remove the simple "purpose" field from the spec. This can be addressed in a version 3.0.

[rado0x54]

@npdoty We will close this ticket and recreate an out-of-band purpose binding ticket.

[npdoty]

Just tag me or drop a link when you have an out-of-band binding issue. I do think that's a more promising long-term approach.

I'm concerned in the meantime though that optional or ill-defined purpose specification mechanisms will lead to what has often been the status quo: users being asked (harassed) without context, hoping that they'll just give in and accept in order to get on with what they're doing.