Skip to content
Francis Pouatcha edited this page Aug 18, 2020 · 3 revisions

Self sovereign identity (SSI)

SSI opens many new possibilities, as an alternative or complement to OIDC.

Concepts of interest

DID, DIDKey, DPKI, Well known DIDs, DIDComm, Verified Credentials, Wallets

AS on mobile device

The use case of having the AS on the mobile device (alongside the SSI wallet) should be investigated.

Liaison

A liaison with other orgs (e.g. DIF, W3C, Hyperledger/sovrin) may be of interest on this subject. Notice that DIF and OIDC are discussing about integrating SIOP.

Examples SSI Use Case

Alice purchasing a concert ticket without disclosing her identity

Peliminaries

  • All Concert Tikets (AC-Tickets) is a web site selling concert tikets
  • Alice is a resident of the city of Bamberg, Germany (B-City)
  • Bamberg offers an B-City-Protect wallet (BCP-Wallet) to residents.
  • BCP-Wallet is an SSI Wallet designed around the protection of residents privacy.
  • Bamberg offers a list of cerifiable credential services, among other:
    • A proof of residency service
    • A proof of age service
    • A proof of identity (permanent DiD)
  • TokenBank is a challenger bank offering a tokenized payment service.
  • Alice owns a bank account at TokenBank
  • Alice's TokenBank account can be accessed using BCP-Wallet as Alice has registered her B-City permanent DiD with the TokenBank.

The Ticket Purchasing Process

Grant Client at AC-Tikets

  • Alice visit the website of AC-Tickets
  • Alice looks up and find "Bamberg Symphony" the concert she wants to visit
  • AC-Tickets displays the following requirements:
    • Proof of Age > 18
    • Proof of residence for Bamberg resident discount
    • Proof of Payment
    • A QR-Code containing
      • an AC-Tickets nonce,
      • a proof of possession public key of AC-Tickets (act-pub)

Alice's BCP-Wallet (as AS -> authorisation service)

  • Alice uses her BCP-Wallet to scan the QR-Code
  • Alice SSI wallet selects an ephemeral age_residency_VC produced by B-City an containing:
    • A proof of Age > 18,
    • A proof of residency (Bamberg)
    • An ephemeral DiD issued by B-City
  • Alice BCP-Wallet produces a credit transfer token request (PaymentRequest) containing
    • the ticket amount,
    • act-pub,
    • age_residency_VC's DiD
    • Alice's proof of identity
    • Proof of possession of the age_residency_VC's DiD's private Key
  • Alice sends the PaymentRequest to TokenBank for signature.

Claim Issuer (AS at TokenBank)

  • TokenBank verifies Alice's request
  • TokenBank validates the PaymentRequest (and reserve the funds)
  • TokenBank binds the PaymentToken to Alices's age_residency_VC's DiD
  • TokenBank return PaymentRequest to BCP-Wallet

Alice's BCP-Wallet

  • Alice's BCP-Wallet produces a ticket purchase verifiable presentation ticket_VP with following data
    • age_residency_VC
    • PaymentToken
    • Proof of possession of the age_residency_VC's DiD's private Key
  • Alice SSI-Walet sends ticket_VP to AC-Tickets

Grant Client at AC-Tikets

  • AC-Tickets verify the presentation
  • AC-Tickets create a presentation of the PaymentToken containing
    • The PaymentToken
    • AC-Tikets bank account
    • The signature proving possession of act-pub
  • AC-Tickets sends request to TokenBank

RS at TokenBank

  • TokenBank verifies signature of the claim
  • TokenBank instant transfers the Money to AC-Tickets's bank account

AC-Tickets Bank

  • AC-Tickets bank notifies AC-Tickets for the presence of funds

Grant Client at AC-Tikets

  • AC-Tickets produces the concert-ticket, bind's it to Alices DiD and returns it to Alice's BCP-Wallet.

On Saturday Night

Alice's BCP-Wallet

  • Alice goes to the concert at Bamberg Symphony
  • At the gate, Alice's BCP-Wallet produces a verifiable presentation of the concert ticket concert_ticket_VP with
    • The concert ticket
    • Alice's proof of identity
    • Proof of possession of the age_residency_VC's DiD's private Key
  • BCP-Wallet display it in the form of a QRCode.

Concert Staff Tool as RS

  • Concert Staff Tool scans concert_ticket_VP
  • Concert Staff Tool verifies PoP of age_residency_VC's DiD's private Key,
  • Concert Staff Tool validate association of DiD with alices identity
  • Concert Staff allows Alice into the concert.
Clone this wiki locally