VC API Overview for OWF V1 - April 24th 2023 

Agenda ● Intro & Motivation ● Background ● Design ○ Use Cases ○ Design Objectives ○ Roles ○ Architecture ○ Authorization ● Endpoints ○ Issuance ○ Verification ○ Presentation ○ Exchange ■ Verifiable Presentation Requests ● Test Suites ● Demo 

Intro and Motivation ● Intro ○ Software Architect at Energy Web - Focus on SSI Stack ○ Energy Web, along with Elia Group, is an implementer of VC API ● Why this presentation? ○ Get VC API into the sphere of attention of OWF Community ■ Energy Web is interested in contributing VC API to OWF ○ Importance of VC API to OWF ■ A shared interface for "VC lifecycle" management 

Background ● VC API is a set of APIs that are helpful when you're doing VC lifecycle management ● W3C CCG Work Item ● Status: Version 0.3 ● Timeline for spec development ○ History: Started in 2020 ○ Future: Rough target of standards track by 2024 

Use Cases ● VC API Use Cases ● User Needs ○ Range of domains ● Focal Use Cases ○ Example: Multi-Stage Presentation ● Traceability Interoperability ○ VC API in Process 

Design Objectives ● Verifiable Credentials API v0.3 (Design Goals) ● Modularity ○ Only implement what is necessary ● Simplicity ○ APIs and optionality are kept to a minimum ● Composability ○ Complex flows using primitives ● Extensibility ○ Extensions to API endpoints are expected and catered to Icons from flaticon.com 

Roles ● VC API Use Cases ● Roles ○ Issuer ○ Holder ○ Verifier ● Role Split ○ Coordinator ○ Service Icons from flaticon.com Issuer Service Issuer Coordinator Verifier Service Verifier Coordinator Holder Service Holder Coordinator 

Architecture ● Verifiable Credentials API v0.3 (Architecture) ● Coordinators ○ Issuer ○ Verifier ○ Holder ● Services ○ Issuer ○ Holder ○ Verifier ○ Status ● Storage ● Admin Between domains Within a domain 

Relationship to OWF Architecture From TAC Meeting 2023-04-05 

Authorization ● Verifiable Credentials API v0.3 (Authorization) ● Specified per endpoint ● Authorization mechanisms ○ OAuth2.0 ○ Others are allowed ● Forbidden Authorization ○ Username & Password - HTTP Basic 

Issuance Endpoints Endpoint Components Expected Callers Notes POST /credentials/issue Issuer Service Issuer Coordinator Example of client optionality reduction POST /credentials/status Status Service Issuer Coordinator GET /credentials Issuer Service Issuer Coordinator Icons from flaticon.com 

Verification Endpoints Endpoint Components Expected Callers POST /credentials/verify Verification Service Verification Coordinator POST /presentations/verify Verification Service Verification Coordinator Icons from flaticon.com 

Presentation Endpoints Endpoint Components Expected Callers Notes POST /credentials/derive Holder Service Holder Coordinator Example is deriving BBS Credential POST /presentations/prove Holder Service Holder Coordinator GET /presentations Holder Service Verifier Coordinator Holder Coordinator Potentially useful for asynchronous flows Icons from flaticon.com 

Exchange Endpoints Endpoint Components Expected Callers Notes POST /exchanges/{exchange-id} Holder Coordinator Issuer Coordinator, Verifier Coordinator no authz ● Extensible via Verifiable Presentation Request format ● Composable into multi-step flows ○ https://w3c-ccg.github.io/vc-api-use-cases/#execute-multi-stage-presentation-workflow Icons from flaticon.com 

Verifiable Presentation Requests ● Verifiable Presentation Request v0.2 ● Interact types ○ OIDC4VCI ○ OIDC4VP ○ DIDCommV2 ○ Mediated Presentation ○ Unmediated Presentation Icons from flaticon.com 

Test Suites and Implementations ● Test Suites ○ w3c-ccg/vc-api-issuer-test-suite ○ w3c-ccg/vc-api-verifier-test-suite ○ Entries are thus far for Data Integrity proofs but JWT is mentioned ○ Demonstration of CL-Signatures tomorrow ● Implementations ○ Energy Web ○ Danube Tech, Digital Bazaar, GS1 US, LearnCard, Mavennet, mesur.io, SecureKey ● Interoperability tested at JFF FlugFest 2 ○ 17 different issuers using VC-API and CHAPI 

Example Exchange Flow 

Demo Scenario: Alumni VC Issuance ● Scenario: Submit University Degree VC to get Alumni VC ● Issuer: University ● Holder: Graduate with Degree VC ● Pre-exchange steps: 1. University issues VC 2. University creates exchange ● Exchange Steps: 1. Graduate initiates exchange 2. University returns VPR 3. Graduate continues exchange a. Composes presentation b. Continues exchange 4. University returns Alumni VC Icons from flaticon.com 

Demo: University Issues VC and "Creates" Exchange 1. University issues VC a. POST /credentials/issue b. POST /presentations/prove 2. University "creates" Exchange a. Custom endpoint to Energy Web implementation Icons from flaticon.com { "credential":{ "@context":[ "https://www.w3.org/2018/credentials/v1" ], "id":"http://example.edu/credentials/1", "type":[ "VerifiableCredential", "AlumniCredential" ], "credentialSubject":{ "id":"did:key:z6MkioNDYdwWDzjaro7kf8mYxG2ZG4m6YQxU6XtXgo7wHTBL" }, "issuer":"did:key:z6MksoRPRqnMWiivV4weRGGS9SiHXuqfJEYu95EiYtbvBxW6", "issuanceDate":"2023-04-24T12:19:52Z", "expirationDate":"2029-12-03T12:19:52Z" }, "options":{ } } 

Demo: Graduate Initiates Exchange 1. POST /exchanges/{exchangeid} a. Given to holder b. Returns Verifiable Presentation Request: Icons from flaticon.com { "vpRequest":{ "challenge":"76d3cfb3-d2a1-4a78-85ae-dfbba7f39d5c", "query":[ { "type":"PresentationDefinition", "credentialQuery": … } ], "interact":{ "service":[ { "type":"UnmediatedHttpPresentationService2021", "serviceEndpoint":"http://localhost:3000/v1/vc-api/exchanges/123/e2dff92b-33f1-41c0-a022-05a47f711974" } ] } } } 

Demo: Graduate Continues Exchange 1. Graduate composes presentation a. POST /presentations/prove b. Using challenge from VPR 2. Graduate continues exchange a. POST /exchanges/{exchangeId}/{transactionId} b. Using serviceEndpoint from VPR Icons from flaticon.com { "presentation":{ "@context":[ "https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1" ], "type":[ "VerifiablePresentation" ], "verifiableCredential":[ { UniversityDegreeCredential } ], "holder":"did:key:z6MkioN…" }, "options":{ "verificationMethod":"did:key:z6MkioN….", "proofPurpose":"authentication", "created":"2023-04-24T14:52:19.514Z", "challenge":"a74c2dee-72a9-4e0e-a64c-1686691d1991" } }