Versions Compared

Old Version 2

changes.mady.by.user Amineh Akhavan Saraf

Saved on

compared with

New Version 3

changes.mady.by.user Nicolas Liampotis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Figure 1. Relative protection requirements for personal data



This can be summarised as below:

  • Secure Storage: Wallets act as secure enclaves for storing DID information, including private keys, credentials, and verifiable presentations. Cryptographic primitives like zero-knowledge proofs ensure secure access and control over data. Standards like W3C DID Document [https://www.w3.org/TR/did-core/] specify the data structure for DID information within wallets.
  • Credential Management: Wallets provide mechanisms for receiving, managing, and revoking credentials issued by various entities. This involves functionalities like parsing credential formats like Verifiable Credentials (VCs) based on JSON Web Signature (JWS) [https://datatracker.ietf.org/doc/html/rfc7515] or JSON Web Encryption (JWE) [https://datatracker.ietf.org/doc/html/rfc7516] for secure data representation and cryptographic signatures. Wallets should also support Selective Disclosure [https://www.w3.org/TR/vc-data-model/] to reveal only necessary information within credentials.
  • Interoperability: Wallets should support different DID methods and communication protocols to interact seamlessly with various issuers and verifiers. Standards like Decentralised Identifiers (DIDs) Document https://www.w3.org/TR/did-core/ and JSON Web Signatures (JWS) [https://datatracker.ietf.org/doc/html/rfc7515] facilitate interoperability.

The Roles of Agents

Identity agents are software services that manage all the stuff in the wallet. Agents store, update, retrieve, and delete all the artifacts that a wallet holds. Beyond managing the wallet, agents perform many other important tasks:7

...

There’s a saying in security: “Don’t roll your own crypto.” I think we need a corollary in identity: “Don’t roll your own interface.” By supporting the exchange of data based on VCs, identity wallets and agents provide a single means of accomplishing many tasks. One of the important UX features of identity wallets and agents is that people do not manipulate cryptographic keys and DIDs; rather, they manage relationships and credentials. These are familiar artifacts that people understand. [3]


Other roles in the wallet ecosystem:

Issuers

  • Credential Issuance: Issuers are entities authorised to issue verifiable credentials that attest to specific attributes or qualifications. They implement cryptographic signing algorithms like those specified in JSON Web Signature (JWS) [https://datatracker.ietf.org/doc/html/rfc7515] to bind issued credentials to the issuer's DID.
  • Credential Revocation: Issuers maintain the ability to revoke credentials in case of disputes or changes in the attested information. This often involves issuing revocation statements verifiable by holders and verifiers, following standards like W3C Verifiable Credential Revocation List (VCRL) [TODO].
  • Privacy-Preserving Issuance: Issuers can leverage techniques like Selective Disclosure https://www.w3.org/TR/vc-data-model/ and zero-knowledge proofs based on standards like Zero-Knowledge Succinct Non-interactive Argument of Knowledge (zk-SNARKs) to reveal only the necessary information within credentials while preserving user privacy.

Verifiers

  • Credential Verification: Verifiers are responsible for validating the authenticity and validity of presented credentials. This involves verifying cryptographic signatures using standards like JSON Web Signature (JWS) [https://datatracker.ietf.org/doc/html/rfc7515], checking revocation lists based on W3C Verifiable Credential Revocation List (VCRL) [TODO], and potentially contacting issuers for additional information using secure communication protocols.
  • Policy Enforcement: Verifiers can define access control policies based on specific credential attributes. This allows granular control over access based on user claims as specified in the W3C Verifiable Credential Data Model https://www.w3.org/TR/vc-data-model/.
  • Standardised Verification: Verifiers should adhere to established standards for DID communication protocols like DIDComm [https://identity.foundation/didcomm-messaging/spec/v2.1/] to ensure interoperability with various wallets and issuers.


References

[1] Windley, Phillip J.. Learning Digital Identity (pp. 511-514). O'Reilly Media. Kindle Edition.

...