This is a paper presentation on EUDI wallets with OpenID for verifiable credentials (OID4VCI and OID4VP) published at https://igrant.io/papers/EUDI-Wallets-with-OID4VCI_OID4VP_v1.0.pdf.
This paper extensively explores OpenID protocols harnessing the power of Verifiable Credentials, shedding light on the intricacies of these cutting-edge technologies. We delve into the realm of OpenID for Verifiable Credentials, delving into protocols such as Self-Issued OpenID Provider V2 (SIOPv2), Verifiable Credential Issuance (OID4VCI), and OpenID for Verifiable Presentations (OID4VP). These protocols are pivotal in bolstering privacy and strengthening digital identity in the modern age.
Throughout the paper, we showcase the transformative potential of these protocols, emphasising their crucial contributions to the ever-evolving landscape of digital wallets. Real-world scenarios are presented to illustrate the critical values of OID4VCI and OID4VP vividly. These scenarios serve as compelling examples of how these technologies can shape the future of digital identity, enhancing security and privacy while ensuring the seamless flow of information.
In particular, the paper spotlights the innovative European Union Digital Identity (EUDI) Wallets, which stand as a beacon of pioneering digital identity solutions. By bridging the gap between legacy eIDAS systems and SAML, EUDI Wallets pave the way for a secure and user-friendly digital identity ecosystem.
Key aspects covered in this paper include the authentication workflow, security measures like signatures and encryption, and the seamless passage of parameters within the EUDI Wallets ecosystem. By presenting these insights, we aim to highlight the substantial progress in digital identity and the role that OpenID protocols leveraging Verifiable Credentials play in this ongoing revolution.
In summary, this paper serves as a comprehensive guide to understanding the significance of OpenID protocols in Verifiable Credentials. It explores their practical applications and transformative potential in shaping the future of digital identity. The research underscores the critical roles of OID4VCI and OID4VP in enhancing privacy and security while emphasising their vital contributions to the digital wallet landscape, specifically focusing on the innovative EUDI Wallets within the European Union.
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
1. CONFIDENTIAL DO NOT DISTRIBUTE
EUDI wallets with OpenID for Verifiable Credentials
Leveraging identity to securely and privately mobilise personal data with digital wallets
2. CONFIDENTIAL DO NOT DISTRIBUTE
Acknowledgements
Editors: George Padayatti (iGrant.io, Sweden), Lal Chandran (iGrant.io, Sweden), Aron Szabo (E-Group, Hungary)
To all contributors who provided valuable inputs to this paper: Dr. Peter Lee Altmann (DIGG, Sweden), Dr. Godwin Caruana
(University of Malta, Former CTO, Govt. of Malta IT Agency), Fredrik Linden (MyData, Sweden), Dr. Nikos Triantafyllou
(University of the Aegean, Greece), Mikael Linden (Real-time economy project, Gofore Ltd, Finland), Dr. Abdul Ghafoor
(Senior Researcher, RISE, Sweden) and Ms. Lotta Lundin (Co Founder and CEO, iGrant.io, Sweden)
Special thanks to the following entities for supporting this work:
2
Co-funded by the European Union. Views and opinions expressed are, however, those of the author(s) only and do not
necessarily reflect those of the European Union or the granting authority. Neither the European Union nor the granting
authority can be held responsible for them.
3. CONFIDENTIAL DO NOT DISTRIBUTE
Contents
● OpenID Connect and SSI: How does it work?
● OpenID protocols leveraging Verifiable Credentials
○ How does OID4VCI work?
○ How does OID4VP work?
● Key values
○ OID4VCI: The path to verified credentials
○ OID4VP: The vanguard of privacy-enhanced digital wallets
● Demonstration
3
4. CONFIDENTIAL DO NOT DISTRIBUTE
OpenID Connect: How does it work?
4
● An authorisation-based information
sharing based on OAuth 2.0 protocol
● Uses JSON Web Tokens / JWT format for
tokens that are exchanged between the
RP and the ADS.
● These are open standards, high-level of
maturity, active and wide community, and
protocols that are built on proven OIDC
and OAuth industry standards.
Challenges:
● Individual or holder cannot share the data with whom they want
● Needs connection/integration between the two parties (DS/ADS and DUS/RP)
5. CONFIDENTIAL DO NOT DISTRIBUTE
SSI: How does it work?
5
A new approach to digital identity that gives
individuals full control over their (identity) data.
● Individual control and privacy
● Decentralisation: via distributed trust
anchors
● Interoperable by design
● Consent-based and can be linked to
signed digital agreements
● …
6. CONFIDENTIAL DO NOT DISTRIBUTE
OpenID standards leveraging Verifiable Credentials
6
OpenID for Verifiable
Credential Presentation
(OID4VP)
03
● Defines how OpenID Connect can be
used in the presentation of claims in
the form of Verifiable Credentials
OpenID for Verifiable
Credential Issuance
(OID4VCI)
02
● Defines how OIDC can be used to issue
verifiable credentials (VCs) as part of an
OIDC flow
Self-Issued OpenID
Provider v2 (SIOPv2)
01
● Defines how holders can authenticate
in a self sovereign way with any actor
11. CONFIDENTIAL DO NOT DISTRIBUTE
OID4VCI: Reference scenario
11
1) Discover Issuer capabilities
2) Credential offer endpoints
12. CONFIDENTIAL DO NOT DISTRIBUTE
OID4VCI: Reference scenario
12
3) Authenticate and Authorise
(Authorisation Endpoint, Token
Endpoint)
a) Authorisation request
b) Token request and response
4) Issue credential (Credential
Endpoint)
a) In-time issuance
b) Deferred issuance
5) Store credential
14. CONFIDENTIAL DO NOT DISTRIBUTE
Key values: OID4VCI/OID4VP
● Increased trust and security
● User control over their identity and data
● Ease of use
● High interoperability
● Privacy and regulatory compliance adherence
Reference: IEEE Whitepaper
14
17. 17
References
● OpenID Foundation (2022), ‘OpenID for Verifiable Credentials - Overview’, Available at:
https://openid.net/sg/openid4vc/ (Accessed: October 01, 2023)
● OpenID Foundation (2023), 'Self-Issued OpenID Provider v2 (SIOP v2)', Available at:
https://openid.net/specs/openid-connect-self-issued-v2-1_0.html (Accessed: October 01, 2023)
● OpenID Foundation (2023), 'OpenID for Verifiable Credential Issuance (OID4VCI)', Available at:
https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-11.html (Accessed: October 02, 2023).
● OpenID Foundation (2023) 'OpenID for Verifiable Presentation (OIDC4VP)', Available at:
https://openid.net/specs/openid-4-verifiable-presentations-1_0.html (Accessed: 02 October 2023).
● iGrant.io (2023) 'ESSPASS PDA1 reference scenario', Available at: https://igrant.io/ebsi.html (Accessed: 02
October 2023).
● iGrant.io (2023) 'ESSPASS: Transforming social security rights with OID4VC and OID4VP in digital wallets',
YouTube video, Available at: https://youtu.be/b-dTpMbxHPU (Accessed: October 12, 2023).
18. Co-funded by the European Union. Views and opinions expressed are, however, those of the author(s) only and do not
necessarily reflect those of the European Union or the granting authority. Neither the European Union nor the granting
authority can be held responsible for them.
For questions contact: lal@igrant.io