Upgrade to Pro — share decks privately, control downloads, hide ads and more …

VC API at OWF

John Henderson
April 04, 2023
280

VC API at OWF

An introduction to VC API, presented at the Open Wallet Foundation on 2023-04-24

John Henderson

April 04, 2023
Tweet

Transcript

  1. Agenda • Intro & Motivation • Background • Design ◦

    Use Cases ◦ Design Objectives ◦ Roles ◦ Architecture ◦ Authorization • Endpoints ◦ Issuance ◦ Verification ◦ Presentation ◦ Exchange ▪ Verifiable Presentation Requests • Test Suites • Demo
  2. Intro and Motivation • Intro ◦ Software Architect at Energy

    Web - Focus on SSI Stack ◦ Energy Web, along with Elia Group, is an implementer of VC API • Why this presentation? ◦ Get VC API into the sphere of attention of OWF Community ▪ Energy Web is interested in contributing VC API to OWF ◦ Importance of VC API to OWF ▪ A shared interface for "VC lifecycle" management
  3. Background • VC API is a set of APIs that

    are helpful when you're doing VC lifecycle management • W3C CCG Work Item • Status: Version 0.3 • Timeline for spec development ◦ History: Started in 2020 ◦ Future: Rough target of standards track by 2024
  4. Use Cases • VC API Use Cases • User Needs

    ◦ Range of domains • Focal Use Cases ◦ Example: Multi-Stage Presentation • Traceability Interoperability ◦ VC API in Process
  5. Design Objectives • Verifiable Credentials API v0.3 (Design Goals) •

    Modularity ◦ Only implement what is necessary • Simplicity ◦ APIs and optionality are kept to a minimum • Composability ◦ Complex flows using primitives • Extensibility ◦ Extensions to API endpoints are expected and catered to Icons from flaticon.com
  6. Roles • VC API Use Cases • Roles ◦ Issuer

    ◦ Holder ◦ Verifier • Role Split ◦ Coordinator ◦ Service Icons from flaticon.com Issuer Service Issuer Coordinator Verifier Service Verifier Coordinator Holder Service Holder Coordinator
  7. Architecture • Verifiable Credentials API v0.3 (Architecture) • Coordinators ◦

    Issuer ◦ Verifier ◦ Holder • Services ◦ Issuer ◦ Holder ◦ Verifier ◦ Status • Storage • Admin Between domains Within a domain
  8. Authorization • Verifiable Credentials API v0.3 (Authorization) • Specified per

    endpoint • Authorization mechanisms ◦ OAuth2.0 ◦ Others are allowed • Forbidden Authorization ◦ Username & Password - HTTP Basic
  9. Issuance Endpoints Endpoint Components Expected Callers Notes POST /credentials/issue Issuer

    Service Issuer Coordinator Example of client optionality reduction POST /credentials/status Status Service Issuer Coordinator GET /credentials Issuer Service Issuer Coordinator Icons from flaticon.com
  10. Verification Endpoints Endpoint Components Expected Callers POST /credentials/verify Verification Service

    Verification Coordinator POST /presentations/verify Verification Service Verification Coordinator Icons from flaticon.com
  11. Presentation Endpoints Endpoint Components Expected Callers Notes POST /credentials/derive Holder

    Service Holder Coordinator Example is deriving BBS Credential POST /presentations/prove Holder Service Holder Coordinator GET /presentations Holder Service Verifier Coordinator Holder Coordinator Potentially useful for asynchronous flows Icons from flaticon.com
  12. Exchange Endpoints Endpoint Components Expected Callers Notes POST /exchanges/{exchange-id} Holder

    Coordinator Issuer Coordinator, Verifier Coordinator no authz • Extensible via Verifiable Presentation Request format • Composable into multi-step flows ◦ https://w3c-ccg.github.io/vc-api-use-cases/#execute-multi-stage-presentation-workflow Icons from flaticon.com
  13. Verifiable Presentation Requests • Verifiable Presentation Request v0.2 • Interact

    types ◦ OIDC4VCI ◦ OIDC4VP ◦ DIDCommV2 ◦ Mediated Presentation ◦ Unmediated Presentation Icons from flaticon.com
  14. Test Suites and Implementations • Test Suites ◦ w3c-ccg/vc-api-issuer-test-suite ◦

    w3c-ccg/vc-api-verifier-test-suite ◦ Entries are thus far for Data Integrity proofs but JWT is mentioned ◦ Demonstration of CL-Signatures tomorrow • Implementations ◦ Energy Web ◦ Danube Tech, Digital Bazaar, GS1 US, LearnCard, Mavennet, mesur.io, SecureKey • Interoperability tested at JFF FlugFest 2 ◦ 17 different issuers using VC-API and CHAPI
  15. Demo Scenario: Alumni VC Issuance • Scenario: Submit University Degree

    VC to get Alumni VC • Issuer: University • Holder: Graduate with Degree VC • Pre-exchange steps: 1. University issues VC 2. University creates exchange • Exchange Steps: 1. Graduate initiates exchange 2. University returns VPR 3. Graduate continues exchange a. Composes presentation b. Continues exchange 4. University returns Alumni VC Icons from flaticon.com
  16. Demo: University Issues VC and "Creates" Exchange 1. University issues

    VC a. POST /credentials/issue b. POST /presentations/prove 2. University "creates" Exchange a. Custom endpoint to Energy Web implementation Icons from flaticon.com { "credential":{ "@context":[ "https://www.w3.org/2018/credentials/v1" ], "id":"http://example.edu/credentials/1", "type":[ "VerifiableCredential", "AlumniCredential" ], "credentialSubject":{ "id":"did:key:z6MkioNDYdwWDzjaro7kf8mYxG2ZG4m6YQxU6XtXgo7wHTBL" }, "issuer":"did:key:z6MksoRPRqnMWiivV4weRGGS9SiHXuqfJEYu95EiYtbvBxW6", "issuanceDate":"2023-04-24T12:19:52Z", "expirationDate":"2029-12-03T12:19:52Z" }, "options":{ } }
  17. Demo: Graduate Initiates Exchange 1. POST /exchanges/{exchangeid} a. Given to

    holder b. Returns Verifiable Presentation Request: Icons from flaticon.com { "vpRequest":{ "challenge":"76d3cfb3-d2a1-4a78-85ae-dfbba7f39d5c", "query":[ { "type":"PresentationDefinition", "credentialQuery": … } ], "interact":{ "service":[ { "type":"UnmediatedHttpPresentationService2021", "serviceEndpoint":"http://localhost:3000/v1/vc-api/exchanges/123/e2dff92b-33f1-41c0-a022-05a47f711974" } ] } } }
  18. Demo: Graduate Continues Exchange 1. Graduate composes presentation a. POST

    /presentations/prove b. Using challenge from VPR 2. Graduate continues exchange a. POST /exchanges/{exchangeId}/{transactionId} b. Using serviceEndpoint from VPR Icons from flaticon.com { "presentation":{ "@context":[ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "type":[ "VerifiablePresentation" ], "verifiableCredential":[ { UniversityDegreeCredential } ], "holder":"did:key:z6MkioN…" }, "options":{ "verificationMethod":"did:key:z6MkioN….", "proofPurpose":"authentication", "created":"2023-04-24T14:52:19.514Z", "challenge":"a74c2dee-72a9-4e0e-a64c-1686691d1991" } }