-
Notifications
You must be signed in to change notification settings - Fork 0
SSI integration
Francis Pouatcha edited this page Aug 18, 2020
·
3 revisions
SSI opens many new possibilities, as an alternative or complement to OIDC.
DID, DIDKey, DPKI, Well known DIDs, DIDComm, Verified Credentials, Wallets
The use case of having the AS on the mobile device (alongside the SSI wallet) should be investigated.
A liaison with other orgs (e.g. DIF, W3C, Hyperledger/sovrin) may be of interest on this subject. Notice that DIF and OIDC are discussing about integrating SIOP.
- All Concert Tikets (AC-Tickets) is a web site selling concert tikets
- Alice is a resident of the city of Bamberg, Germany (B-City)
- Bamberg offers an B-City-Protect wallet (BCP-Wallet) to residents.
- BCP-Wallet is an SSI Wallet designed around the protection of residents privacy.
- Bamberg offers a list of cerifiable credential services, among other:
- A proof of residency service
- A proof of age service
- A proof of identity (permanent DiD)
- TokenBank is a challenger bank offering a tokenized payment service.
- Alice owns a bank account at TokenBank
- Alice's TokenBank account can be accessed using BCP-Wallet as Alice has registered her B-City permanent DiD with the TokenBank.
- Alice visit the website of AC-Tickets
- Alice looks up and find "Bamberg Symphony" the concert she wants to visit
- AC-Tickets displays the following requirements:
- Proof of Age > 18
- Proof of residence for Bamberg resident discount
- Proof of Payment
- A QR-Code containing
- an AC-Tickets nonce,
- a proof of possession public key of AC-Tickets (act-pub)
- Alice uses her BCP-Wallet to scan the QR-Code
- Alice SSI wallet selects an ephemeral age_residency_VC produced by B-City an containing:
- A proof of Age > 18,
- A proof of residency (Bamberg)
- An ephemeral DiD issued by B-City
- Alice BCP-Wallet produces a credit transfer token request (PaymentRequest) containing
- the ticket amount,
- act-pub,
- age_residency_VC's DiD
- Alice's proof of identity
- Proof of possession of the age_residency_VC's DiD's private Key
- Alice sends the PaymentRequest to TokenBank for signature.
- TokenBank verifies Alice's request
- TokenBank validates the PaymentRequest (and reserve the funds)
- TokenBank binds the PaymentToken to Alices's age_residency_VC's DiD
- TokenBank return PaymentRequest to BCP-Wallet
- Alice's BCP-Wallet produces a ticket purchase verifiable presentation ticket_VP with following data
- age_residency_VC
- PaymentToken
- Proof of possession of the age_residency_VC's DiD's private Key
- Alice SSI-Walet sends ticket_VP to AC-Tickets
- AC-Tickets verify the presentation
- AC-Tickets create a presentation of the PaymentToken containing
- The PaymentToken
- AC-Tikets bank account
- The signature proving possession of act-pub
- AC-Tickets sends request to TokenBank
- TokenBank verifies signature of the claim
- TokenBank instant transfers the Money to AC-Tickets's bank account
- AC-Tickets bank notifies AC-Tickets for the presence of funds
- AC-Tickets produces the concert-ticket, bind's it to Alices DiD and returns it to Alice's BCP-Wallet.
- Alice goes to the concert at Bamberg Symphony
- At the gate, Alice's BCP-Wallet produces a verifiable presentation of the concert ticket concert_ticket_VP with
- The concert ticket
- Alice's proof of identity
- Proof of possession of the age_residency_VC's DiD's private Key
- BCP-Wallet display it in the form of a QRCode.
- Concert Staff Tool scans concert_ticket_VP
- Concert Staff Tool verifies PoP of age_residency_VC's DiD's private Key,
- Concert Staff Tool validate association of DiD with alices identity
- Concert Staff allows Alice into the concert.