Versions Compared

Old Version 13

changes.mady.by.user Rounak Nayak

Saved on

compared with

New Version 14

changes.mady.by.user Rounak Nayak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
stylenone

1. Credential LifeCycle

...

in Wallet

Credential holders should be able to retrieve, securely store and manage various types of digital credentials, including educational, professional, and other verifiable credentials in the Wallet.

1.1. Importing Credentials into Wallet

The wallet must seamlessly integrate with a variety of credential issuers, ensuring a streamlined process for credential issuance and updates into the wallet.

A user-friendly and customizable customisable mechanism should be in place to facilitate integration with credential issuers. This ensures a simplified and efficient addition of new credentials to the wallet.

Tip

Use Case

Robert is applying for a health insurance at XYZ Insurance. The administrators at XYZ Insurance, after verifying the details shared by Robert and issue a policy over email. In the email, the issuer, XYZ Insurance, shares a QR code. Robert scans the QR code using his mobile phone, which opens up the wallet (if the wallet is available on the phone) and asks Robert to enter the policy ID and date of birth for security reasons. Robert after entering the details receives the Policy Credential on the wallet.

1.2. Secure Storage of Credentials in Wallet

The wallet must provide a secure environment for storing sensitive credential information, implementing encryption techniques to protect stored credentials and ensuring that only authorized authorised users can access and decrypt the information.

1.3. Organise and Manage Credentials in Wallet

The wallet must provide mechanisms to organise the credentials and should support features such as,

  1. Ordering of credentials in the wallet

  2. Ability to categorise the credentials based on type

  3. Ability to give a name to the credential

1.4. Remove a Credential from Wallet

The wallet must allow the holder the ability to remove credentials from the wallet.

1.5. Transfer of Credentials from One Device to Another

The credentials can be transfered from one device to another (when credentials are locally stored in a device) by the holder. The transfer can happen subject to the binding of credentials to the new device has to happen once again.

Tip

Use Case

Amanda is upgrading her phone. She wants to transfer all her data from the old phone to the new phone. She also wanted to transfer all her credentials documents to her new phone (assuming there is no cloud wallet which could do this automatically). She sees an options in settings screen of the wallet stating “Transfer to new device” and “Transfer from another device”.

She installs the wallet in her new phone and clicks on the on the option “Transfer from another device”, a QR code opens which has the connection details. The she clicks on the option “Transfer to new device”, a QR code scanner opens and she uses it to scan the QR code on her new phone. A connection is established between both the phones and in her old phone, Amanda, sees her list of credentials pre-selected and has a button called “Authenticate & Share” and/or “Share“ (based on the security level added by the issuer). She clicks on the button and authenticates her self and all her credentials are transfered to the new phone.

2. Presentation and Sharing of Credentials

The wallet must empower credential holders with control over their digital credentials, allowing them to decide when and how to share specific information.

2.1. Presenting Credentials in

...

Standardised Formats

The holder should be able to digitally present the credentials to relying parties or verifiers through a secure and standardized standardised format, making it interoperable and convenient for various verification scenarios.

...

The wallet should provide a mechanism for the holder to share the credentials in a secure and standardized standardised manner using standard protocols.

...

  • QR Code Sharing

    • Method: Generate a QR code representation of the verifiable credentials.

    • Usage: Users can display the QR code on their device, and verifiers can scan it to receive the credential information. This method is efficient and can be used in offline scenarios.

  • Secure URL or Links

    • Method: Create a secure URL link to the verifiable credentials.

    • Usage: Users can share the link with verifiers, who can then access the credential information through a secure online connection. This method is convenient for remote verification.

  • Bluetooth Sharing

    • Method: Leverage Bluetooth technology for secure data transmission.

    • Usage: Users can share their credentials with Bluetooth-enabled devices, providing a wireless and secure means of transferring information.

  • NFC (Near Field Communication) Sharing

    • Method: Transmit credential information between devices using NFC.

    • Usage: Users tap their device against an NFC-enabled verifier's device to securely share the credential.2. User Control and Consent.

  • Deep Linking

    • Method: Generate a deep link pointing to the specific credential within the Digital Credential Wallet.

    • Usage: Users share the deep link, and recipients can click or open it to access the credential directly within the app.

  • Credential Sharing via DLT (Distributed Ledger Technology):

    • Method: Leverage blockchain or other DLT for secure and tamper-evident credential sharing.

    • Usage: Credentials are stored on a decentralized decentralised ledger, and users can share proof of credentials without revealing the actual data.

  • Email or Messaging Integration:

    • Method: Send encrypted credential information via email or messaging.

    • Usage: Users send verifiable credentials directly to verifiers through secure communication channels.

2.4. Biometric

...

Authorisation during Sharing

The digital wallet should offer a provision for credential holders to authenticate themselves, preferably utilizing utilising biometrics, before sharing credentials, thereby adding a layer of security. This process also ensures that the credential holder was physically present during the credential sharing, and implicit consent was captured.

...

Verifiers must be able to independently verify the authenticity of the credentials shared by the credential holders.

3.1.

...

Standardised Verification Process

The verifiers should have a standardized standardised and reliable process to identify the type of credentials and independently verify the authenticity of presented credentials to ensure that the credential has not been tampered with and is issued by a trusted issuer.

3.2.

...

Decentralised Verification

The verification process should not rely solely on a centralized centralised authority; verification can happen in a decentralized decentralised manner. Hence, we are recommending the use of Verifiable Credentials for the digital credential wallet.

...

The wallet must automatically identify credential based on the expirations and marking expired credentials as invalid.

5. Administation

5.1. Governance

The importance of this

5.1.1. Creation of a Wallet Registry

5.1.2. Creation of a Sectorial Issuer Registry

5.1.3. Workflow Management for Registration

5.2. Issuer Side Administrator

5.1.1. Issuance of Credentials into Registry

  1. Should be able to register a credentials

  2. Should be able to

5.1.2. Revocation of Issued Credential

  1. Should be able to revoke a credential

  2. Should be able to reverse a revocation

5.1.3. Ledger Management

  1. Should be able to trace the changes made on a credential

5.1.4. Controls by Issuers

  1. The format of the credential to be Issued

  2. The type of the credential to be issued

  3. The authentication methods for issuing a credential

  4. The authentication methods to share a credential from a wallet

5. Using Wallet as an Authenticator

...