SlideShare a Scribd company logo

OpenID for Verifiable Credentials

Download as PPTX, PDF
T
Torsten Lodderstedt

OpenID for Verifiable Credentials is a family of protocols supporting implementation of applications with Verifiable Credentials, i.e. verifiable credential issuance, credential presentation, and pseudonyms authentication.

Internet
1 of 38
#identiverse OpenID for Verifiable Credentials
#identiverse Identity Standards Architect Kristina Yasuda Microsoft Dr. Torsten Lodderstedt CTO yes.com
#identiverse Verifiable Credentials: A Paradigm Shift Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ● Verifiable credential is a tamper-evident credential with a cryptographically verifiable authorship that contains claims about a subject. ● This enables ○ decoupling issuance from presentation ○ multi-use of the credentials ○ combination of multiple credentials in one presentation
#identiverse Verifiable Credentials around you Use Case 1: mobile Driving Licence Use Case 2: Vaccination QR Code
#identiverse Verifiable Credentials: Benefits - End-Users gain more control, privacy, and portability over their identity information. - Cheaper, faster, and more secure identity verification, when transforming physical credentials into digital ones using verifiable credentials. - Universal approach to handle identification, authentication, and authorization in digital and physical space - Issuers gain more flexibility : - No need for public service with high availability depending on the process - Diverse presentation channels offered by the wallet
#identiverse ③ OpenID for Credential Issuance (Issuance of verifiable credentials) Components of the “OpenID for Verifiable Credentials” specification family Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ① OpenID Connect for Verifiable Presentations (Presentation of verifiable credentials) ② Self-Issued OP v2 (authentication using identifiers not namespaced to the third-party identity providers)
#identiverse - Self-Issued OP (SIOP) has been in OpenID Connect Core from ratification and provides a good starting point - Leverages simplicity and security of OpenID Connect and OAuth 2.0 - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Existing OpenID Connect RPs can receive verifiable credentials; Existing OpenID Connect OPs can issue verifiable credentials Why use OpenID Connect & OAuth2.0 as a basis?
#identiverse OpenID for Verifiable Presentations (OpenID4VPs)
#identiverse Same Device Presentation
#identiverse Cross Device Presentation
#identiverse ① RP requests Credential(s)* OpenID for Verifiable Presentations Website or App (Verifier) Wallet OP Alice ⓪ User tries to access a resource Stored Verifiable Credentials ② Wallet returns Verifiable Presentation(s) in VP Token - Query language to granularly specify what kind of credential Verifier wants. (utilizes DIF Presentation Exchange 2.0) - Verifiable Presentations* are returned in a newly defined VP Token - Simple overall architecture, e.g. device local communication when same device flow is used *can be any credential/presentation format, not limited to not limited to W3C Verifiable Credentials.
#identiverse OpenID4VPs allows choices across components in the VC Tech Stack. Component Implementer’s choices when using OpenID4VP Credential Format Any format (W3C JWT-VC or LDP-VC, ISO mDL, SD-JWT, …) Method to obtain Public Keys Any DID method, raw keys, or X.509 certs Cryptography Any cryptosuite (EdDSA, ES256K, etc.) Revocation Any mechanism (Status List 2021, Revocation List 2020, Accumulators, etc.) Trust Management Any mechanism for managing trusted Issuers, Wallets and Relying Parties (Trusted Registries, Ledgers, …)
#identiverse It is NOT SIOPv2 that you will use to present verifiable credentials
#identiverse Self-Issued OP v2 (SIOP v2)
#identiverse Self-Issued OP v2 Website (RP) User Agent OP Alice ⓪ User tries to access a resource - ID Tokens are signed with user-controlled key material (pseudonymous authentication with pairwise subject identifiers) - Identifiers are user controlled and do not depend on a third-party identity provider - Can be used in combination with OpenID4VPs, when the use case requires end-user authentication, i.e. the features of OpenID Connect, such as issuance of ID Tokens. ② OP on the user device issues subject- signed ID Token ① RP requests ID Token
#identiverse Why use OpenID4VPs & SIOP v2 - Credential format/crypto suite agnostic - Same device and cross device scenarios - Mutual authentication of RP and wallet - Pseudonymous authentication to RPs through SIOP v2 - Works well with OAuth for authorization of API-based payments and remote signature creation - Offline - work in progress (MOSIP) - Selective disclosure (if supported by credential format) - Note: referenced by ISO/IEC 18013-7 and 23220-4 Mobile Driving Licences related draft standards as a data release method
#identiverse - First Implementer’s Drafts approved (both SIOP v2 and OpenID4VPs) - Can be implemented with IPR protection - Targeting Second Implementer’s Draft by the end of 2022 - Existing & ongoing Implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Workday - Ping Identity - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly Status: Credential Presentation
#identiverse OpenID for Verifiable Credential Issuance (OpenID4VCI)
#identiverse Issuer Initiates Process (same device)
#identiverse Issuer Initiates Process (cross device)
#identiverse Wallet Initiates Process (e.g. issuance during presentation)
#identiverse OpenID 4 Verifiable Credentials Issuance Credentia l Issuer Website or App (RP) Wallet OP Alice ⓪ User tries to log in RP Stored Verifiable Credentials ② Wallet issues Verifiable Presentation(s) ① RP requests Credential(s) ⓪ Wallet requests & User authorizes credential issuance ③ Credential is issued ① access token(, refresh token) ② Wallet requests credential issuance Credential issuance via simple OAuth-authorized API
#identiverse - Defined a new OAuth-protected Credential Endpoint - in addition to Authorization/Token Endpoints - Two authorization flows: - Code flow (others OAuth 2.0 grant types possible): authorization for one or more credentials at the Authorization Endpoint once the wallet is invoked - Pre-authorized code flow (new grant type): authorization for one or more credentials prior to the Wallet being invoked. - Supports different methods for the Wallet to prove possession of key material used to bind credential Design Principles
#identiverse Why use OpenID4VCI? - Credential format/crypto suite agnostic - Hardware-backed key material for cryptographic binding of attribute attestations (leveraging HSMs, SEs, TEEs) - Same device and cross device scenarios - Mutual authentication of wallet and issuer - Can extend existing OAuth/OpenID deployments, simple way for existing AS/IDPs to become PID/(Q)EAA issuers - Note: will be added to ISO 23220-3 electronic ID standards
#identiverse - Targeting First Implementer’s draft by the end of 2022. - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Mattr - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Status of the Issuance specification
#identiverse Whitepaper “OpenID for Verifiable Credentials” - Aims to assist decision-makers, architects and implementers in the decision-making process when building verifiable credentials ecosystem. - Some popular sections… - Demystifying myths about verifiable credentials - Various scopes of “decentralization” - Shift in the trust model brought by verifiable credentials - Business drivers - Use-Cases
#identiverse - Security and simplicity guaranteed – OAuth/OpenID Connect deployment experience (3B+ users, millions applications), and OpenID Foundation Certification program - Fast, scalable adoption - easy integration/deployment on existing infrastructure given the familiarity of the developers and administrators with OAuth/OpenID - Adoption underway - Projects in the EU (EBSI/ESSIF, Secure Digital Identities Showcase) - Incorporated into major participant’s products (e.g. Microsoft, Ping Identity, walt.id) - Global Assured Identity Network PoC - Could meet high security requirements with FAPI Security Profile - Interoperability on the protocol layer that is both credential format agnostic, and allows for interoperability between markets Why use OpenID for Verifiable Credentials?
#identiverse Call to Action 1. Implement the specifications to unlock your use cases and provide us feedback 2. Read the whitepaper and stay up to date with the recent developments
#identiverse Thank you! #identiverse
Example: Authorization Request HTTP/1.1 302 Found Location: https://server.example.com/authorize? response_type=code //any other grant type &client_id=s6BhdRkqt3 &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &code_challenge_method=S256 &scope=openid_credential:https://example.org/idcard &redirect_uri=https://client.example.org/cb
Example: Credential Issuance HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "format": "ldp_vc", "credential" : "eyJjcmVkZW50a...d0MifQ==" } POST /credential HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW type=https://example.org/idcard format=ldp_vc did=did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8 proof=%7B%22type%22:%22jwt%22…0aW9EkL1nOzM%22%7D Request Response
Example: Issued Credential { ... "issuer": "did:key:z6MkgF2pvVNEFXCksupWKrdPhL6ubecis3AWbWVsr9bNAbwC", "type": [ "VerifiableCredential" ], "credentialSchema": { "id": "https://example.org/idcard", }, "credentialSubject": { "placeOfBirth": { "country": "DE", "locality": "Berlin" }, "familyName": "Family001",
#identiverse Request Example (W3C VCs) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"1", "constraints": { "fields": [ { "path": [ "$.credentialSchema.id" ], "filter": { "type": "string", "pattern": "https://example.org/idcard" } } ] } } } } }
#identiverse Response Example (W3C VCs) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context":[ "https://www.w3.org/2018/credentials/v1" ], "holder":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569", "proof":{ "domain":"https://example.com/callback", "jws":"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a", "proofPurpose":"authentication", "type":"Ed25519Signature2018", "verificationMethod":"did:key:z6MkqUDiu3..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential":[ { … "type":[ "VerifiableCredential" ], "credentialSubject":{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "familyName":"Family001", "givenName":"Given001", "birthDate":"1950-01-01", "placeOfBirth":{ "country":"DE", "locality":"Berlin" } }, ID Token VP Token
#identiverse Request Example (ISO mDL) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims": { "vp_token": { "presentation_definition": { "id": "mDL-sample-req", "input_descriptors": [ { "id": "mDL", "format": { "mdl_iso_cbor": { "alg": ["EdDSA", "ES256"] }, "constraints": { "limit_disclosure": "required", "fields": [ { "path": ["$.mdoc.doctype"], "filter": { "type": "string", "const": "org.iso.18013.5.1.mDL" } }, { "path": ["$.mdoc.namespace"], "filter": { "type": "string",
Response Example (ISO mDL) { "aud": "https://client.example.org/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "iss": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "sub_jwk": { "x": "cQ5fu5VmG...dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA...rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "mDL", "path": "$", "format": "mdl_iso" } ], "definition_id": "mDL-sample-req", "id": "mDL-sample-res" } } } { "status": 0, "version": "1.0", "documents": [ { "docType": "org.iso.18013.5.1.mDL", "deviceSigned": { "deviceAuth": { "deviceMac": [ << {1: 5} >>, {}, null, h'A574C64F18902BFE18B742F17C581218F88EA279AA96D0F5888123843461A3B6' ] }, "nameSpaces": 24(h'A0') }, "issuerSigned": { "issuerAuth": [ << {1: -7} >>, { 33: h'30820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C2300A06082A8648CE3D040302305B310B 3009060355040613025A45312E302C060355040A0C25465053204D6F62696C69747920616E64205472616E73706F7274206F66205A6 5746F706961311C301A06035504030C1349414341205A65746573436F6E666964656E73301E170D3231303932393033333034355A170 D3232313130333033333034345A3050311A301806035504030C114453205A65746573436F6E666964656E7331253023060355040A0C1 C5A65746F70696120436974792044657074206F662054726166666963310B3009060355040613025A453059301306072A8648CE3D020 106082A8648CE3D030107034200047C5545E9A0B15F4FF3CE5015121E8AD3257C28D541C1CD0D604FC9D1E352CCC38ADEF5F790 2D44B7A6FC1F99F06EEDF7B0018FD9DA716AEC2F1FFAC173356C7DA3693067301F0603551D23041830168014BBA2A53201700D3 C97542EF42889556D15B7AC4630150603551D250101FF040B3009060728818C5D050102301D0603551D0E04160414CE5FD758A8E8 8563E625CF056BFE9F692F4296FD300E0603551D0F0101FF040403020780300A06082A8648CE3D0403020347003044022012B06A38 13FFEC5679F3B8CDDB51EAA4B95B0CBB1786B09405E2000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F3 0FE7AB815371942328317C' }, << 24(<< { "docType": "org.iso.18013.5.1.mDL", "version": "1.0", "validityInfo": { "signed": 0("2022-04-15T06:23:56Z"), "validFrom": 0("2022-04-15T06:23:56Z"), "validUntil": 0("2027-01-02T00:00:00Z") }, "valueDigests": { ID Token VP Token
#identiverse Request Example (AnonCreds) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"NextcloudLogin", "input_descriptors":[ { "id":"ref2", "name":"NextcloudCredential", "format": { "ac_vc": { "proof_type": ["CLSignature2019"] } }, "constraints":{ "limit_disclosure":"required", "fields":[{ "path": [ "$.schema_id" ], "filter": { "type": "string", "pattern": "did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" } }, {"path":["$.values.email"]}, {"path":["$.values.first_name"]}, {"path":["$.values.last_name"]}]
#identiverse Response Example (AnonCreds) { "aud": "https://example.com/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "auth_time": 1638483344, "iss": "https://self-issued.me/v2", "sub_jwk": { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "ref2", "path": "$", "format": "ac_vp", "path_nested": { "path": "$.requested_proof.revealed_attr_groups.ref2", "format": "ac_vc" } } ], "definition_id": "NextcloudLogin", "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs": {}, "revealed_attr_groups": { "ref2": { "sub_proof_index": 0, "values": { "email": { "raw": "alice@example.com", "encoded": "115589951…83915671017846" }, "last_name": { "raw": "Wonderland", "encoded": "167908493…94017654562035" }, "first_name": { "raw": "Alice", "encoded": "270346400…99344178781507" } } } }, … }, "identifiers": [ { "schema_id": "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1", "cred_def_id": "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred", "rev_reg_id": null, "timestamp": null } ] ID Token VP Token

Recommended

OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 

Recommended

OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明FIDO Alliance
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 

More Related Content

What's hot

OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?GlobalLogic Ukraine
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明FIDO Alliance
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 

What's hot (20)

OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?“How to Secure Your Applications With a Keycloak?
“How to Secure Your Applications With a Keycloak?
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web Summit
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 

Similar to OpenID for Verifiable Credentials

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATUREProfesia Srl, Lynx Group
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentitySSIMeetup
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0Krishna-Kumar
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE
 
Cloud Identity Webinar
Cloud Identity WebinarCloud Identity Webinar
Cloud Identity WebinarWSO2
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0WSO2
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service Nya
 

Similar to OpenID for Verifiable Credentials (20)

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
 
Bye bye Identity Server
Bye bye Identity ServerBye bye Identity Server
Bye bye Identity Server
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign Identity
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & Community
 
Cloud Identity Webinar
Cloud Identity WebinarCloud Identity Webinar
Cloud Identity Webinar
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service
 

More from Torsten Lodderstedt

The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes DecentralizedTorsten Lodderstedt
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32Torsten Lodderstedt
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityTorsten Lodderstedt
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectTorsten Lodderstedt
 

More from Torsten Lodderstedt (15)

The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes Decentralized
 
GAIN Presentation.pptx
GAIN Presentation.pptxGAIN Presentation.pptx
GAIN Presentation.pptx
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID Connect
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization Requests
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization Requests
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity Assurance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical Interoperability
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID Connect
 

Recently uploaded

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 

Recently uploaded (20)

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 

OpenID for Verifiable Credentials

  • 3. #identiverse Verifiable Credentials: A Paradigm Shift Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ● Verifiable credential is a tamper-evident credential with a cryptographically verifiable authorship that contains claims about a subject. ● This enables ○ decoupling issuance from presentation ○ multi-use of the credentials ○ combination of multiple credentials in one presentation
  • 4. #identiverse Verifiable Credentials around you Use Case 1: mobile Driving Licence Use Case 2: Vaccination QR Code
  • 5. #identiverse Verifiable Credentials: Benefits - End-Users gain more control, privacy, and portability over their identity information. - Cheaper, faster, and more secure identity verification, when transforming physical credentials into digital ones using verifiable credentials. - Universal approach to handle identification, authentication, and authorization in digital and physical space - Issuers gain more flexibility : - No need for public service with high availability depending on the process - Diverse presentation channels offered by the wallet
  • 6. #identiverse ③ OpenID for Credential Issuance (Issuance of verifiable credentials) Components of the “OpenID for Verifiable Credentials” specification family Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ① OpenID Connect for Verifiable Presentations (Presentation of verifiable credentials) ② Self-Issued OP v2 (authentication using identifiers not namespaced to the third-party identity providers)
  • 7. #identiverse - Self-Issued OP (SIOP) has been in OpenID Connect Core from ratification and provides a good starting point - Leverages simplicity and security of OpenID Connect and OAuth 2.0 - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Existing OpenID Connect RPs can receive verifiable credentials; Existing OpenID Connect OPs can issue verifiable credentials Why use OpenID Connect & OAuth2.0 as a basis?
  • 8. #identiverse OpenID for Verifiable Presentations (OpenID4VPs)
  • 11. #identiverse ① RP requests Credential(s)* OpenID for Verifiable Presentations Website or App (Verifier) Wallet OP Alice ⓪ User tries to access a resource Stored Verifiable Credentials ② Wallet returns Verifiable Presentation(s) in VP Token - Query language to granularly specify what kind of credential Verifier wants. (utilizes DIF Presentation Exchange 2.0) - Verifiable Presentations* are returned in a newly defined VP Token - Simple overall architecture, e.g. device local communication when same device flow is used *can be any credential/presentation format, not limited to not limited to W3C Verifiable Credentials.
  • 12. #identiverse OpenID4VPs allows choices across components in the VC Tech Stack. Component Implementer’s choices when using OpenID4VP Credential Format Any format (W3C JWT-VC or LDP-VC, ISO mDL, SD-JWT, …) Method to obtain Public Keys Any DID method, raw keys, or X.509 certs Cryptography Any cryptosuite (EdDSA, ES256K, etc.) Revocation Any mechanism (Status List 2021, Revocation List 2020, Accumulators, etc.) Trust Management Any mechanism for managing trusted Issuers, Wallets and Relying Parties (Trusted Registries, Ledgers, …)
  • 13. #identiverse It is NOT SIOPv2 that you will use to present verifiable credentials
  • 15. #identiverse Self-Issued OP v2 Website (RP) User Agent OP Alice ⓪ User tries to access a resource - ID Tokens are signed with user-controlled key material (pseudonymous authentication with pairwise subject identifiers) - Identifiers are user controlled and do not depend on a third-party identity provider - Can be used in combination with OpenID4VPs, when the use case requires end-user authentication, i.e. the features of OpenID Connect, such as issuance of ID Tokens. ② OP on the user device issues subject- signed ID Token ① RP requests ID Token
  • 16. #identiverse Why use OpenID4VPs & SIOP v2 - Credential format/crypto suite agnostic - Same device and cross device scenarios - Mutual authentication of RP and wallet - Pseudonymous authentication to RPs through SIOP v2 - Works well with OAuth for authorization of API-based payments and remote signature creation - Offline - work in progress (MOSIP) - Selective disclosure (if supported by credential format) - Note: referenced by ISO/IEC 18013-7 and 23220-4 Mobile Driving Licences related draft standards as a data release method
  • 17. #identiverse - First Implementer’s Drafts approved (both SIOP v2 and OpenID4VPs) - Can be implemented with IPR protection - Targeting Second Implementer’s Draft by the end of 2022 - Existing & ongoing Implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Workday - Ping Identity - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly Status: Credential Presentation
  • 18. #identiverse OpenID for Verifiable Credential Issuance (OpenID4VCI)
  • 21. #identiverse Wallet Initiates Process (e.g. issuance during presentation)
  • 22. #identiverse OpenID 4 Verifiable Credentials Issuance Credentia l Issuer Website or App (RP) Wallet OP Alice ⓪ User tries to log in RP Stored Verifiable Credentials ② Wallet issues Verifiable Presentation(s) ① RP requests Credential(s) ⓪ Wallet requests & User authorizes credential issuance ③ Credential is issued ① access token(, refresh token) ② Wallet requests credential issuance Credential issuance via simple OAuth-authorized API
  • 23. #identiverse - Defined a new OAuth-protected Credential Endpoint - in addition to Authorization/Token Endpoints - Two authorization flows: - Code flow (others OAuth 2.0 grant types possible): authorization for one or more credentials at the Authorization Endpoint once the wallet is invoked - Pre-authorized code flow (new grant type): authorization for one or more credentials prior to the Wallet being invoked. - Supports different methods for the Wallet to prove possession of key material used to bind credential Design Principles
  • 24. #identiverse Why use OpenID4VCI? - Credential format/crypto suite agnostic - Hardware-backed key material for cryptographic binding of attribute attestations (leveraging HSMs, SEs, TEEs) - Same device and cross device scenarios - Mutual authentication of wallet and issuer - Can extend existing OAuth/OpenID deployments, simple way for existing AS/IDPs to become PID/(Q)EAA issuers - Note: will be added to ISO 23220-3 electronic ID standards
  • 25. #identiverse - Targeting First Implementer’s draft by the end of 2022. - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Mattr - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Status of the Issuance specification
  • 26. #identiverse Whitepaper “OpenID for Verifiable Credentials” - Aims to assist decision-makers, architects and implementers in the decision-making process when building verifiable credentials ecosystem. - Some popular sections… - Demystifying myths about verifiable credentials - Various scopes of “decentralization” - Shift in the trust model brought by verifiable credentials - Business drivers - Use-Cases
  • 27. #identiverse - Security and simplicity guaranteed – OAuth/OpenID Connect deployment experience (3B+ users, millions applications), and OpenID Foundation Certification program - Fast, scalable adoption - easy integration/deployment on existing infrastructure given the familiarity of the developers and administrators with OAuth/OpenID - Adoption underway - Projects in the EU (EBSI/ESSIF, Secure Digital Identities Showcase) - Incorporated into major participant’s products (e.g. Microsoft, Ping Identity, walt.id) - Global Assured Identity Network PoC - Could meet high security requirements with FAPI Security Profile - Interoperability on the protocol layer that is both credential format agnostic, and allows for interoperability between markets Why use OpenID for Verifiable Credentials?
  • 28. #identiverse Call to Action 1. Implement the specifications to unlock your use cases and provide us feedback 2. Read the whitepaper and stay up to date with the recent developments
  • 30. Example: Authorization Request HTTP/1.1 302 Found Location: https://server.example.com/authorize? response_type=code //any other grant type &client_id=s6BhdRkqt3 &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &code_challenge_method=S256 &scope=openid_credential:https://example.org/idcard &redirect_uri=https://client.example.org/cb
  • 31. Example: Credential Issuance HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "format": "ldp_vc", "credential" : "eyJjcmVkZW50a...d0MifQ==" } POST /credential HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW type=https://example.org/idcard format=ldp_vc did=did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8 proof=%7B%22type%22:%22jwt%22…0aW9EkL1nOzM%22%7D Request Response
  • 32. Example: Issued Credential { ... "issuer": "did:key:z6MkgF2pvVNEFXCksupWKrdPhL6ubecis3AWbWVsr9bNAbwC", "type": [ "VerifiableCredential" ], "credentialSchema": { "id": "https://example.org/idcard", }, "credentialSubject": { "placeOfBirth": { "country": "DE", "locality": "Berlin" }, "familyName": "Family001",
  • 33. #identiverse Request Example (W3C VCs) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"1", "constraints": { "fields": [ { "path": [ "$.credentialSchema.id" ], "filter": { "type": "string", "pattern": "https://example.org/idcard" } } ] } } } } }
  • 34. #identiverse Response Example (W3C VCs) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context":[ "https://www.w3.org/2018/credentials/v1" ], "holder":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569", "proof":{ "domain":"https://example.com/callback", "jws":"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a", "proofPurpose":"authentication", "type":"Ed25519Signature2018", "verificationMethod":"did:key:z6MkqUDiu3..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential":[ { … "type":[ "VerifiableCredential" ], "credentialSubject":{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "familyName":"Family001", "givenName":"Given001", "birthDate":"1950-01-01", "placeOfBirth":{ "country":"DE", "locality":"Berlin" } }, ID Token VP Token
  • 35. #identiverse Request Example (ISO mDL) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims": { "vp_token": { "presentation_definition": { "id": "mDL-sample-req", "input_descriptors": [ { "id": "mDL", "format": { "mdl_iso_cbor": { "alg": ["EdDSA", "ES256"] }, "constraints": { "limit_disclosure": "required", "fields": [ { "path": ["$.mdoc.doctype"], "filter": { "type": "string", "const": "org.iso.18013.5.1.mDL" } }, { "path": ["$.mdoc.namespace"], "filter": { "type": "string",
  • 36. Response Example (ISO mDL) { "aud": "https://client.example.org/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "iss": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "sub_jwk": { "x": "cQ5fu5VmG...dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA...rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "mDL", "path": "$", "format": "mdl_iso" } ], "definition_id": "mDL-sample-req", "id": "mDL-sample-res" } } } { "status": 0, "version": "1.0", "documents": [ { "docType": "org.iso.18013.5.1.mDL", "deviceSigned": { "deviceAuth": { "deviceMac": [ << {1: 5} >>, {}, null, h'A574C64F18902BFE18B742F17C581218F88EA279AA96D0F5888123843461A3B6' ] }, "nameSpaces": 24(h'A0') }, "issuerSigned": { "issuerAuth": [ << {1: -7} >>, { 33: h'30820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C2300A06082A8648CE3D040302305B310B 3009060355040613025A45312E302C060355040A0C25465053204D6F62696C69747920616E64205472616E73706F7274206F66205A6 5746F706961311C301A06035504030C1349414341205A65746573436F6E666964656E73301E170D3231303932393033333034355A170 D3232313130333033333034345A3050311A301806035504030C114453205A65746573436F6E666964656E7331253023060355040A0C1 C5A65746F70696120436974792044657074206F662054726166666963310B3009060355040613025A453059301306072A8648CE3D020 106082A8648CE3D030107034200047C5545E9A0B15F4FF3CE5015121E8AD3257C28D541C1CD0D604FC9D1E352CCC38ADEF5F790 2D44B7A6FC1F99F06EEDF7B0018FD9DA716AEC2F1FFAC173356C7DA3693067301F0603551D23041830168014BBA2A53201700D3 C97542EF42889556D15B7AC4630150603551D250101FF040B3009060728818C5D050102301D0603551D0E04160414CE5FD758A8E8 8563E625CF056BFE9F692F4296FD300E0603551D0F0101FF040403020780300A06082A8648CE3D0403020347003044022012B06A38 13FFEC5679F3B8CDDB51EAA4B95B0CBB1786B09405E2000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F3 0FE7AB815371942328317C' }, << 24(<< { "docType": "org.iso.18013.5.1.mDL", "version": "1.0", "validityInfo": { "signed": 0("2022-04-15T06:23:56Z"), "validFrom": 0("2022-04-15T06:23:56Z"), "validUntil": 0("2027-01-02T00:00:00Z") }, "valueDigests": { ID Token VP Token
  • 37. #identiverse Request Example (AnonCreds) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"NextcloudLogin", "input_descriptors":[ { "id":"ref2", "name":"NextcloudCredential", "format": { "ac_vc": { "proof_type": ["CLSignature2019"] } }, "constraints":{ "limit_disclosure":"required", "fields":[{ "path": [ "$.schema_id" ], "filter": { "type": "string", "pattern": "did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" } }, {"path":["$.values.email"]}, {"path":["$.values.first_name"]}, {"path":["$.values.last_name"]}]
  • 38. #identiverse Response Example (AnonCreds) { "aud": "https://example.com/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "auth_time": 1638483344, "iss": "https://self-issued.me/v2", "sub_jwk": { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "ref2", "path": "$", "format": "ac_vp", "path_nested": { "path": "$.requested_proof.revealed_attr_groups.ref2", "format": "ac_vc" } } ], "definition_id": "NextcloudLogin", "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs": {}, "revealed_attr_groups": { "ref2": { "sub_proof_index": 0, "values": { "email": { "raw": "alice@example.com", "encoded": "115589951…83915671017846" }, "last_name": { "raw": "Wonderland", "encoded": "167908493…94017654562035" }, "first_name": { "raw": "Alice", "encoded": "270346400…99344178781507" } } } }, … }, "identifiers": [ { "schema_id": "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1", "cred_def_id": "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred", "rev_reg_id": null, "timestamp": null } ] ID Token VP Token