Upgrade to Pro — share decks privately, control downloads, hide ads and more …

VC API at OWF

John Henderson
April 04, 2023
230

VC API at OWF

An introduction to VC API, presented at the Open Wallet Foundation on 2023-04-24

John Henderson

April 04, 2023
Tweet

Transcript

  1. VC API Overview for OWF
    V1 - April 24th 2023

    View full-size slide

  2. Agenda
    ● Intro & Motivation
    ● Background
    ● Design
    ○ Use Cases
    ○ Design Objectives
    ○ Roles
    ○ Architecture
    ○ Authorization
    ● Endpoints
    ○ Issuance
    ○ Verification
    ○ Presentation
    ○ Exchange
    ■ Verifiable Presentation Requests
    ● Test Suites
    ● Demo

    View full-size slide

  3. Intro and Motivation
    ● Intro
    ○ Software Architect at Energy Web - Focus on SSI Stack
    ○ Energy Web, along with Elia Group, is an implementer of VC API
    ● Why this presentation?
    ○ Get VC API into the sphere of attention of OWF Community
    ■ Energy Web is interested in contributing VC API to OWF
    ○ Importance of VC API to OWF
    ■ A shared interface for "VC lifecycle" management

    View full-size slide

  4. Background
    ● VC API is a set of APIs that are helpful when you're doing VC lifecycle
    management
    ● W3C CCG Work Item
    ● Status: Version 0.3
    ● Timeline for spec development
    ○ History: Started in 2020
    ○ Future: Rough target of standards track by 2024

    View full-size slide

  5. Use Cases
    ● VC API Use Cases
    ● User Needs
    ○ Range of domains
    ● Focal Use Cases
    ○ Example:
    Multi-Stage
    Presentation
    ● Traceability
    Interoperability
    ○ VC API in Process

    View full-size slide

  6. Design Objectives
    ● Verifiable Credentials API v0.3 (Design Goals)
    ● Modularity
    ○ Only implement what is necessary
    ● Simplicity
    ○ APIs and optionality are kept to a minimum
    ● Composability
    ○ Complex flows using primitives
    ● Extensibility
    ○ Extensions to API endpoints are expected and catered to
    Icons from flaticon.com

    View full-size slide

  7. Roles
    ● VC API Use Cases
    ● Roles
    ○ Issuer
    ○ Holder
    ○ Verifier
    ● Role Split
    ○ Coordinator
    ○ Service
    Icons from flaticon.com
    Issuer
    Service
    Issuer
    Coordinator
    Verifier
    Service
    Verifier
    Coordinator
    Holder
    Service
    Holder
    Coordinator

    View full-size slide

  8. Architecture
    ● Verifiable Credentials API
    v0.3 (Architecture)
    ● Coordinators
    ○ Issuer
    ○ Verifier
    ○ Holder
    ● Services
    ○ Issuer
    ○ Holder
    ○ Verifier
    ○ Status
    ● Storage
    ● Admin
    Between
    domains
    Within a
    domain

    View full-size slide

  9. Relationship to OWF Architecture
    From TAC Meeting 2023-04-05

    View full-size slide

  10. Authorization
    ● Verifiable Credentials API v0.3 (Authorization)
    ● Specified per endpoint
    ● Authorization mechanisms
    ○ OAuth2.0
    ○ Others are allowed
    ● Forbidden Authorization
    ○ Username & Password - HTTP Basic

    View full-size slide

  11. Issuance Endpoints
    Endpoint Components Expected Callers Notes
    POST /credentials/issue Issuer Service Issuer Coordinator Example of client
    optionality reduction
    POST /credentials/status Status Service Issuer Coordinator
    GET /credentials Issuer Service Issuer Coordinator
    Icons from flaticon.com

    View full-size slide

  12. Verification Endpoints
    Endpoint Components Expected Callers
    POST /credentials/verify Verification Service Verification Coordinator
    POST /presentations/verify Verification Service Verification Coordinator
    Icons from flaticon.com

    View full-size slide

  13. Presentation Endpoints
    Endpoint Components Expected Callers Notes
    POST
    /credentials/derive
    Holder Service Holder Coordinator Example is deriving
    BBS Credential
    POST
    /presentations/prove
    Holder Service Holder Coordinator
    GET /presentations Holder Service
    Verifier Coordinator
    Holder Coordinator Potentially useful for
    asynchronous flows
    Icons from flaticon.com

    View full-size slide

  14. Exchange Endpoints
    Endpoint Components Expected Callers Notes
    POST /exchanges/{exchange-id} Holder Coordinator Issuer Coordinator,
    Verifier
    Coordinator
    no authz
    ● Extensible via Verifiable Presentation Request format
    ● Composable into multi-step flows
    ○ https://w3c-ccg.github.io/vc-api-use-cases/#execute-multi-stage-presentation-workflow
    Icons from flaticon.com

    View full-size slide

  15. Verifiable Presentation Requests
    ● Verifiable Presentation
    Request v0.2
    ● Interact types
    ○ OIDC4VCI
    ○ OIDC4VP
    ○ DIDCommV2
    ○ Mediated Presentation
    ○ Unmediated Presentation
    Icons from flaticon.com

    View full-size slide

  16. Test Suites and Implementations
    ● Test Suites
    ○ w3c-ccg/vc-api-issuer-test-suite
    ○ w3c-ccg/vc-api-verifier-test-suite
    ○ Entries are thus far for Data Integrity proofs but JWT is mentioned
    ○ Demonstration of CL-Signatures tomorrow
    ● Implementations
    ○ Energy Web
    ○ Danube Tech, Digital Bazaar, GS1 US, LearnCard, Mavennet, mesur.io,
    SecureKey
    ● Interoperability tested at JFF FlugFest 2
    ○ 17 different issuers using VC-API and CHAPI

    View full-size slide

  17. Example Exchange Flow

    View full-size slide

  18. Demo Scenario: Alumni VC Issuance
    ● Scenario: Submit University Degree
    VC to get Alumni VC
    ● Issuer: University
    ● Holder: Graduate with Degree VC
    ● Pre-exchange steps:
    1. University issues VC
    2. University creates exchange
    ● Exchange Steps:
    1. Graduate initiates exchange
    2. University returns VPR
    3. Graduate continues exchange
    a. Composes presentation
    b. Continues exchange
    4. University returns Alumni VC
    Icons from flaticon.com

    View full-size slide

  19. Demo: University Issues VC and "Creates" Exchange
    1. University issues VC
    a. POST /credentials/issue
    b. POST /presentations/prove
    2. University "creates" Exchange
    a. Custom endpoint to Energy Web
    implementation
    Icons from flaticon.com
    {
    "credential":{
    "@context":[
    "https://www.w3.org/2018/credentials/v1"
    ],
    "id":"http://example.edu/credentials/1",
    "type":[
    "VerifiableCredential",
    "AlumniCredential"
    ],
    "credentialSubject":{
    "id":"did:key:z6MkioNDYdwWDzjaro7kf8mYxG2ZG4m6YQxU6XtXgo7wHTBL"
    },
    "issuer":"did:key:z6MksoRPRqnMWiivV4weRGGS9SiHXuqfJEYu95EiYtbvBxW6",
    "issuanceDate":"2023-04-24T12:19:52Z",
    "expirationDate":"2029-12-03T12:19:52Z"
    },
    "options":{
    }
    }

    View full-size slide

  20. Demo: Graduate Initiates Exchange
    1. POST /exchanges/{exchangeid}
    a. Given to holder
    b. Returns Verifiable Presentation Request:
    Icons from flaticon.com
    {
    "vpRequest":{
    "challenge":"76d3cfb3-d2a1-4a78-85ae-dfbba7f39d5c",
    "query":[
    {
    "type":"PresentationDefinition",
    "credentialQuery": …
    }
    ],
    "interact":{
    "service":[
    {
    "type":"UnmediatedHttpPresentationService2021",
    "serviceEndpoint":"http://localhost:3000/v1/vc-api/exchanges/123/e2dff92b-33f1-41c0-a022-05a47f711974"
    }
    ]
    }
    }
    }

    View full-size slide

  21. Demo: Graduate Continues Exchange
    1. Graduate composes presentation
    a. POST /presentations/prove
    b. Using challenge from VPR
    2. Graduate continues exchange
    a. POST /exchanges/{exchangeId}/{transactionId}
    b. Using serviceEndpoint from VPR
    Icons from flaticon.com
    {
    "presentation":{
    "@context":[
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
    ],
    "type":[
    "VerifiablePresentation"
    ],
    "verifiableCredential":[
    { UniversityDegreeCredential }
    ],
    "holder":"did:key:z6MkioN…"
    },
    "options":{
    "verificationMethod":"did:key:z6MkioN….",
    "proofPurpose":"authentication",
    "created":"2023-04-24T14:52:19.514Z",
    "challenge":"a74c2dee-72a9-4e0e-a64c-1686691d1991"
    }
    }

    View full-size slide