SlideShare a Scribd company logo

OpenID for Verifiable Credentials

Download as PPTX, PDF
T
Torsten Lodderstedt

OpenID for Verifiable Credentials is a family of protocols supporting implementation of applications with Verifiable Credentials, i.e. verifiable credential issuance, credential presentation, and pseudonyms authentication.

Internet
1 of 38
#identiverse OpenID for Verifiable Credentials
#identiverse Identity Standards Architect Kristina Yasuda Microsoft Dr. Torsten Lodderstedt CTO yes.com
#identiverse Verifiable Credentials: A Paradigm Shift Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ● Verifiable credential is a tamper-evident credential with a cryptographically verifiable authorship that contains claims about a subject. ● This enables ○ decoupling issuance from presentation ○ multi-use of the credentials ○ combination of multiple credentials in one presentation
#identiverse Verifiable Credentials around you Use Case 1: mobile Driving Licence Use Case 2: Vaccination QR Code
#identiverse Verifiable Credentials: Benefits - End-Users gain more control, privacy, and portability over their identity information. - Cheaper, faster, and more secure identity verification, when transforming physical credentials into digital ones using verifiable credentials. - Universal approach to handle identification, authentication, and authorization in digital and physical space - Issuers gain more flexibility : - No need for public service with high availability depending on the process - Diverse presentation channels offered by the wallet
#identiverse ③ OpenID for Credential Issuance (Issuance of verifiable credentials) Components of the “OpenID for Verifiable Credentials” specification family Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ① OpenID Connect for Verifiable Presentations (Presentation of verifiable credentials) ② Self-Issued OP v2 (authentication using identifiers not namespaced to the third-party identity providers)
#identiverse - Self-Issued OP (SIOP) has been in OpenID Connect Core from ratification and provides a good starting point - Leverages simplicity and security of OpenID Connect and OAuth 2.0 - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Existing OpenID Connect RPs can receive verifiable credentials; Existing OpenID Connect OPs can issue verifiable credentials Why use OpenID Connect & OAuth2.0 as a basis?
#identiverse OpenID for Verifiable Presentations (OpenID4VPs)
#identiverse Same Device Presentation
#identiverse Cross Device Presentation
#identiverse ① RP requests Credential(s)* OpenID for Verifiable Presentations Website or App (Verifier) Wallet OP Alice ⓪ User tries to access a resource Stored Verifiable Credentials ② Wallet returns Verifiable Presentation(s) in VP Token - Query language to granularly specify what kind of credential Verifier wants. (utilizes DIF Presentation Exchange 2.0) - Verifiable Presentations* are returned in a newly defined VP Token - Simple overall architecture, e.g. device local communication when same device flow is used *can be any credential/presentation format, not limited to not limited to W3C Verifiable Credentials.
#identiverse OpenID4VPs allows choices across components in the VC Tech Stack. Component Implementer’s choices when using OpenID4VP Credential Format Any format (W3C JWT-VC or LDP-VC, ISO mDL, SD-JWT, …) Method to obtain Public Keys Any DID method, raw keys, or X.509 certs Cryptography Any cryptosuite (EdDSA, ES256K, etc.) Revocation Any mechanism (Status List 2021, Revocation List 2020, Accumulators, etc.) Trust Management Any mechanism for managing trusted Issuers, Wallets and Relying Parties (Trusted Registries, Ledgers, …)
#identiverse It is NOT SIOPv2 that you will use to present verifiable credentials
#identiverse Self-Issued OP v2 (SIOP v2)
#identiverse Self-Issued OP v2 Website (RP) User Agent OP Alice ⓪ User tries to access a resource - ID Tokens are signed with user-controlled key material (pseudonymous authentication with pairwise subject identifiers) - Identifiers are user controlled and do not depend on a third-party identity provider - Can be used in combination with OpenID4VPs, when the use case requires end-user authentication, i.e. the features of OpenID Connect, such as issuance of ID Tokens. ② OP on the user device issues subject- signed ID Token ① RP requests ID Token
#identiverse Why use OpenID4VPs & SIOP v2 - Credential format/crypto suite agnostic - Same device and cross device scenarios - Mutual authentication of RP and wallet - Pseudonymous authentication to RPs through SIOP v2 - Works well with OAuth for authorization of API-based payments and remote signature creation - Offline - work in progress (MOSIP) - Selective disclosure (if supported by credential format) - Note: referenced by ISO/IEC 18013-7 and 23220-4 Mobile Driving Licences related draft standards as a data release method
#identiverse - First Implementer’s Drafts approved (both SIOP v2 and OpenID4VPs) - Can be implemented with IPR protection - Targeting Second Implementer’s Draft by the end of 2022 - Existing & ongoing Implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Workday - Ping Identity - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly Status: Credential Presentation
#identiverse OpenID for Verifiable Credential Issuance (OpenID4VCI)
#identiverse Issuer Initiates Process (same device)
#identiverse Issuer Initiates Process (cross device)
#identiverse Wallet Initiates Process (e.g. issuance during presentation)
#identiverse OpenID 4 Verifiable Credentials Issuance Credentia l Issuer Website or App (RP) Wallet OP Alice ⓪ User tries to log in RP Stored Verifiable Credentials ② Wallet issues Verifiable Presentation(s) ① RP requests Credential(s) ⓪ Wallet requests & User authorizes credential issuance ③ Credential is issued ① access token(, refresh token) ② Wallet requests credential issuance Credential issuance via simple OAuth-authorized API
#identiverse - Defined a new OAuth-protected Credential Endpoint - in addition to Authorization/Token Endpoints - Two authorization flows: - Code flow (others OAuth 2.0 grant types possible): authorization for one or more credentials at the Authorization Endpoint once the wallet is invoked - Pre-authorized code flow (new grant type): authorization for one or more credentials prior to the Wallet being invoked. - Supports different methods for the Wallet to prove possession of key material used to bind credential Design Principles
#identiverse Why use OpenID4VCI? - Credential format/crypto suite agnostic - Hardware-backed key material for cryptographic binding of attribute attestations (leveraging HSMs, SEs, TEEs) - Same device and cross device scenarios - Mutual authentication of wallet and issuer - Can extend existing OAuth/OpenID deployments, simple way for existing AS/IDPs to become PID/(Q)EAA issuers - Note: will be added to ISO 23220-3 electronic ID standards
#identiverse - Targeting First Implementer’s draft by the end of 2022. - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Mattr - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Status of the Issuance specification
#identiverse Whitepaper “OpenID for Verifiable Credentials” - Aims to assist decision-makers, architects and implementers in the decision-making process when building verifiable credentials ecosystem. - Some popular sections… - Demystifying myths about verifiable credentials - Various scopes of “decentralization” - Shift in the trust model brought by verifiable credentials - Business drivers - Use-Cases
#identiverse - Security and simplicity guaranteed – OAuth/OpenID Connect deployment experience (3B+ users, millions applications), and OpenID Foundation Certification program - Fast, scalable adoption - easy integration/deployment on existing infrastructure given the familiarity of the developers and administrators with OAuth/OpenID - Adoption underway - Projects in the EU (EBSI/ESSIF, Secure Digital Identities Showcase) - Incorporated into major participant’s products (e.g. Microsoft, Ping Identity, walt.id) - Global Assured Identity Network PoC - Could meet high security requirements with FAPI Security Profile - Interoperability on the protocol layer that is both credential format agnostic, and allows for interoperability between markets Why use OpenID for Verifiable Credentials?
#identiverse Call to Action 1. Implement the specifications to unlock your use cases and provide us feedback 2. Read the whitepaper and stay up to date with the recent developments
#identiverse Thank you! #identiverse
Example: Authorization Request HTTP/1.1 302 Found Location: https://server.example.com/authorize? response_type=code //any other grant type &client_id=s6BhdRkqt3 &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &code_challenge_method=S256 &scope=openid_credential:https://example.org/idcard &redirect_uri=https://client.example.org/cb
Example: Credential Issuance HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "format": "ldp_vc", "credential" : "eyJjcmVkZW50a...d0MifQ==" } POST /credential HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW type=https://example.org/idcard format=ldp_vc did=did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8 proof=%7B%22type%22:%22jwt%22…0aW9EkL1nOzM%22%7D Request Response
Example: Issued Credential { ... "issuer": "did:key:z6MkgF2pvVNEFXCksupWKrdPhL6ubecis3AWbWVsr9bNAbwC", "type": [ "VerifiableCredential" ], "credentialSchema": { "id": "https://example.org/idcard", }, "credentialSubject": { "placeOfBirth": { "country": "DE", "locality": "Berlin" }, "familyName": "Family001",
#identiverse Request Example (W3C VCs) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"1", "constraints": { "fields": [ { "path": [ "$.credentialSchema.id" ], "filter": { "type": "string", "pattern": "https://example.org/idcard" } } ] } } } } }
#identiverse Response Example (W3C VCs) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context":[ "https://www.w3.org/2018/credentials/v1" ], "holder":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569", "proof":{ "domain":"https://example.com/callback", "jws":"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a", "proofPurpose":"authentication", "type":"Ed25519Signature2018", "verificationMethod":"did:key:z6MkqUDiu3..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential":[ { … "type":[ "VerifiableCredential" ], "credentialSubject":{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "familyName":"Family001", "givenName":"Given001", "birthDate":"1950-01-01", "placeOfBirth":{ "country":"DE", "locality":"Berlin" } }, ID Token VP Token
#identiverse Request Example (ISO mDL) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims": { "vp_token": { "presentation_definition": { "id": "mDL-sample-req", "input_descriptors": [ { "id": "mDL", "format": { "mdl_iso_cbor": { "alg": ["EdDSA", "ES256"] }, "constraints": { "limit_disclosure": "required", "fields": [ { "path": ["$.mdoc.doctype"], "filter": { "type": "string", "const": "org.iso.18013.5.1.mDL" } }, { "path": ["$.mdoc.namespace"], "filter": { "type": "string",
Response Example (ISO mDL) { "aud": "https://client.example.org/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "iss": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "sub_jwk": { "x": "cQ5fu5VmG...dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA...rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "mDL", "path": "$", "format": "mdl_iso" } ], "definition_id": "mDL-sample-req", "id": "mDL-sample-res" } } } { "status": 0, "version": "1.0", "documents": [ { "docType": "org.iso.18013.5.1.mDL", "deviceSigned": { "deviceAuth": { "deviceMac": [ << {1: 5} >>, {}, null, h'A574C64F18902BFE18B742F17C581218F88EA279AA96D0F5888123843461A3B6' ] }, "nameSpaces": 24(h'A0') }, "issuerSigned": { "issuerAuth": [ << {1: -7} >>, { 33: h'30820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C2300A06082A8648CE3D040302305B310B 3009060355040613025A45312E302C060355040A0C25465053204D6F62696C69747920616E64205472616E73706F7274206F66205A6 5746F706961311C301A06035504030C1349414341205A65746573436F6E666964656E73301E170D3231303932393033333034355A170 D3232313130333033333034345A3050311A301806035504030C114453205A65746573436F6E666964656E7331253023060355040A0C1 C5A65746F70696120436974792044657074206F662054726166666963310B3009060355040613025A453059301306072A8648CE3D020 106082A8648CE3D030107034200047C5545E9A0B15F4FF3CE5015121E8AD3257C28D541C1CD0D604FC9D1E352CCC38ADEF5F790 2D44B7A6FC1F99F06EEDF7B0018FD9DA716AEC2F1FFAC173356C7DA3693067301F0603551D23041830168014BBA2A53201700D3 C97542EF42889556D15B7AC4630150603551D250101FF040B3009060728818C5D050102301D0603551D0E04160414CE5FD758A8E8 8563E625CF056BFE9F692F4296FD300E0603551D0F0101FF040403020780300A06082A8648CE3D0403020347003044022012B06A38 13FFEC5679F3B8CDDB51EAA4B95B0CBB1786B09405E2000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F3 0FE7AB815371942328317C' }, << 24(<< { "docType": "org.iso.18013.5.1.mDL", "version": "1.0", "validityInfo": { "signed": 0("2022-04-15T06:23:56Z"), "validFrom": 0("2022-04-15T06:23:56Z"), "validUntil": 0("2027-01-02T00:00:00Z") }, "valueDigests": { ID Token VP Token
#identiverse Request Example (AnonCreds) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"NextcloudLogin", "input_descriptors":[ { "id":"ref2", "name":"NextcloudCredential", "format": { "ac_vc": { "proof_type": ["CLSignature2019"] } }, "constraints":{ "limit_disclosure":"required", "fields":[{ "path": [ "$.schema_id" ], "filter": { "type": "string", "pattern": "did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" } }, {"path":["$.values.email"]}, {"path":["$.values.first_name"]}, {"path":["$.values.last_name"]}]
#identiverse Response Example (AnonCreds) { "aud": "https://example.com/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "auth_time": 1638483344, "iss": "https://self-issued.me/v2", "sub_jwk": { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "ref2", "path": "$", "format": "ac_vp", "path_nested": { "path": "$.requested_proof.revealed_attr_groups.ref2", "format": "ac_vc" } } ], "definition_id": "NextcloudLogin", "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs": {}, "revealed_attr_groups": { "ref2": { "sub_proof_index": 0, "values": { "email": { "raw": "alice@example.com", "encoded": "115589951…83915671017846" }, "last_name": { "raw": "Wonderland", "encoded": "167908493…94017654562035" }, "first_name": { "raw": "Alice", "encoded": "270346400…99344178781507" } } } }, … }, "identifiers": [ { "schema_id": "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1", "cred_def_id": "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred", "rev_reg_id": null, "timestamp": null } ] ID Token VP Token

Recommended

OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 

Recommended

OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes DecentralizedTorsten Lodderstedt
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...Tatsuo Kudo
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?Evernym
 
Hyperledger Aries 101
Hyperledger Aries 101Hyperledger Aries 101
Hyperledger Aries 101Hyperleger Tokyo Meetup
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明FIDO Alliance
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要Naohiro Fujie
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityEvernym
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Jun Kurihara
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 

More Related Content

What's hot

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes DecentralizedTorsten Lodderstedt
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...Tatsuo Kudo
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?Evernym
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明FIDO Alliance
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要Naohiro Fujie
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityEvernym
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Jun Kurihara
 

What's hot (20)

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
 
The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes Decentralized
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?
 
Hyperledger Aries 101
Hyperledger Aries 101Hyperledger Aries 101
Hyperledger Aries 101
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
 
Fido認証概要説明
Fido認証概要説明Fido認証概要説明
Fido認証概要説明
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
 
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
Modern Authentication -- FIDO2 Web Authentication (WebAuthn) を学ぶ --
 

Similar to OpenID for Verifiable Credentials

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATUREProfesia Srl, Lynx Group
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentitySSIMeetup
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0Krishna-Kumar
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsOlivier Potonniée
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE
 
Cloud Identity Webinar
Cloud Identity WebinarCloud Identity Webinar
Cloud Identity WebinarWSO2
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0WSO2
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Oliver Pfaff
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service Nya
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 

Similar to OpenID for Verifiable Credentials (20)

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
 
Bye bye Identity Server
Bye bye Identity ServerBye bye Identity Server
Bye bye Identity Server
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign Identity
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Securing online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applicationsSecuring online services by combining smart cards and web-based applications
Securing online services by combining smart cards and web-based applications
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & Community
 
Cloud Identity Webinar
Cloud Identity WebinarCloud Identity Webinar
Cloud Identity Webinar
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0What’s New in WSO2 IoT Server 3.1.0
What’s New in WSO2 IoT Server 3.1.0
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 

More from Torsten Lodderstedt

Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32Torsten Lodderstedt
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityTorsten Lodderstedt
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectTorsten Lodderstedt
 

More from Torsten Lodderstedt (15)

GAIN Presentation.pptx
GAIN Presentation.pptxGAIN Presentation.pptx
GAIN Presentation.pptx
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID Connect
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization Requests
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization Requests
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity Assurance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical Interoperability
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID Connect
 

Recently uploaded

一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理AS
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书B
 
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide HandbookTOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide HandbookVarun Mithran
 
Dan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat HoodieDan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat Hoodierahman018755
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书A
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.Tortogel
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays SweatshirtsFree on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirtsrahman018755
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...Varun Mithran
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Dewi Agency
 
Washington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers ShirtWashington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers Shirtrahman018755
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Managementseank14
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理AS
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformonhackersuli
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证hfkmxufye
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样AS
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfe-Market Hub
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理A
 

Recently uploaded (20)

一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理一比一原版英国格林多大学毕业证如何办理
一比一原版英国格林多大学毕业证如何办理
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
 
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide HandbookTOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
 
Dan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat HoodieDan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat Hoodie
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays SweatshirtsFree on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
 
Washington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers ShirtWashington Football Commanders Redskins Feathers Shirt
Washington Football Commanders Redskins Feathers Shirt
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
 
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
一比一原版(Polytechnic毕业证书)新加坡理工学院毕业证原件一模一样
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdf
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理
 

OpenID for Verifiable Credentials

  • 3. #identiverse Verifiable Credentials: A Paradigm Shift Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ● Verifiable credential is a tamper-evident credential with a cryptographically verifiable authorship that contains claims about a subject. ● This enables ○ decoupling issuance from presentation ○ multi-use of the credentials ○ combination of multiple credentials in one presentation
  • 4. #identiverse Verifiable Credentials around you Use Case 1: mobile Driving Licence Use Case 2: Vaccination QR Code
  • 5. #identiverse Verifiable Credentials: Benefits - End-Users gain more control, privacy, and portability over their identity information. - Cheaper, faster, and more secure identity verification, when transforming physical credentials into digital ones using verifiable credentials. - Universal approach to handle identification, authentication, and authorization in digital and physical space - Issuers gain more flexibility : - No need for public service with high availability depending on the process - Diverse presentation channels offered by the wallet
  • 6. #identiverse ③ OpenID for Credential Issuance (Issuance of verifiable credentials) Components of the “OpenID for Verifiable Credentials” specification family Issuer (Website) Verifier (Website) Holder (Digital Wallet) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud Issue Credentials Present Credentials ① OpenID Connect for Verifiable Presentations (Presentation of verifiable credentials) ② Self-Issued OP v2 (authentication using identifiers not namespaced to the third-party identity providers)
  • 7. #identiverse - Self-Issued OP (SIOP) has been in OpenID Connect Core from ratification and provides a good starting point - Leverages simplicity and security of OpenID Connect and OAuth 2.0 - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Existing OpenID Connect RPs can receive verifiable credentials; Existing OpenID Connect OPs can issue verifiable credentials Why use OpenID Connect & OAuth2.0 as a basis?
  • 8. #identiverse OpenID for Verifiable Presentations (OpenID4VPs)
  • 11. #identiverse ① RP requests Credential(s)* OpenID for Verifiable Presentations Website or App (Verifier) Wallet OP Alice ⓪ User tries to access a resource Stored Verifiable Credentials ② Wallet returns Verifiable Presentation(s) in VP Token - Query language to granularly specify what kind of credential Verifier wants. (utilizes DIF Presentation Exchange 2.0) - Verifiable Presentations* are returned in a newly defined VP Token - Simple overall architecture, e.g. device local communication when same device flow is used *can be any credential/presentation format, not limited to not limited to W3C Verifiable Credentials.
  • 12. #identiverse OpenID4VPs allows choices across components in the VC Tech Stack. Component Implementer’s choices when using OpenID4VP Credential Format Any format (W3C JWT-VC or LDP-VC, ISO mDL, SD-JWT, …) Method to obtain Public Keys Any DID method, raw keys, or X.509 certs Cryptography Any cryptosuite (EdDSA, ES256K, etc.) Revocation Any mechanism (Status List 2021, Revocation List 2020, Accumulators, etc.) Trust Management Any mechanism for managing trusted Issuers, Wallets and Relying Parties (Trusted Registries, Ledgers, …)
  • 13. #identiverse It is NOT SIOPv2 that you will use to present verifiable credentials
  • 15. #identiverse Self-Issued OP v2 Website (RP) User Agent OP Alice ⓪ User tries to access a resource - ID Tokens are signed with user-controlled key material (pseudonymous authentication with pairwise subject identifiers) - Identifiers are user controlled and do not depend on a third-party identity provider - Can be used in combination with OpenID4VPs, when the use case requires end-user authentication, i.e. the features of OpenID Connect, such as issuance of ID Tokens. ② OP on the user device issues subject- signed ID Token ① RP requests ID Token
  • 16. #identiverse Why use OpenID4VPs & SIOP v2 - Credential format/crypto suite agnostic - Same device and cross device scenarios - Mutual authentication of RP and wallet - Pseudonymous authentication to RPs through SIOP v2 - Works well with OAuth for authorization of API-based payments and remote signature creation - Offline - work in progress (MOSIP) - Selective disclosure (if supported by credential format) - Note: referenced by ISO/IEC 18013-7 and 23220-4 Mobile Driving Licences related draft standards as a data release method
  • 17. #identiverse - First Implementer’s Drafts approved (both SIOP v2 and OpenID4VPs) - Can be implemented with IPR protection - Targeting Second Implementer’s Draft by the end of 2022 - Existing & ongoing Implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Workday - Ping Identity - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly Status: Credential Presentation
  • 18. #identiverse OpenID for Verifiable Credential Issuance (OpenID4VCI)
  • 21. #identiverse Wallet Initiates Process (e.g. issuance during presentation)
  • 22. #identiverse OpenID 4 Verifiable Credentials Issuance Credentia l Issuer Website or App (RP) Wallet OP Alice ⓪ User tries to log in RP Stored Verifiable Credentials ② Wallet issues Verifiable Presentation(s) ① RP requests Credential(s) ⓪ Wallet requests & User authorizes credential issuance ③ Credential is issued ① access token(, refresh token) ② Wallet requests credential issuance Credential issuance via simple OAuth-authorized API
  • 23. #identiverse - Defined a new OAuth-protected Credential Endpoint - in addition to Authorization/Token Endpoints - Two authorization flows: - Code flow (others OAuth 2.0 grant types possible): authorization for one or more credentials at the Authorization Endpoint once the wallet is invoked - Pre-authorized code flow (new grant type): authorization for one or more credentials prior to the Wallet being invoked. - Supports different methods for the Wallet to prove possession of key material used to bind credential Design Principles
  • 24. #identiverse Why use OpenID4VCI? - Credential format/crypto suite agnostic - Hardware-backed key material for cryptographic binding of attribute attestations (leveraging HSMs, SEs, TEEs) - Same device and cross device scenarios - Mutual authentication of wallet and issuer - Can extend existing OAuth/OpenID deployments, simple way for existing AS/IDPs to become PID/(Q)EAA issuers - Note: will be added to ISO 23220-3 electronic ID standards
  • 25. #identiverse - Targeting First Implementer’s draft by the end of 2022. - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Mattr - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Status of the Issuance specification
  • 26. #identiverse Whitepaper “OpenID for Verifiable Credentials” - Aims to assist decision-makers, architects and implementers in the decision-making process when building verifiable credentials ecosystem. - Some popular sections… - Demystifying myths about verifiable credentials - Various scopes of “decentralization” - Shift in the trust model brought by verifiable credentials - Business drivers - Use-Cases
  • 27. #identiverse - Security and simplicity guaranteed – OAuth/OpenID Connect deployment experience (3B+ users, millions applications), and OpenID Foundation Certification program - Fast, scalable adoption - easy integration/deployment on existing infrastructure given the familiarity of the developers and administrators with OAuth/OpenID - Adoption underway - Projects in the EU (EBSI/ESSIF, Secure Digital Identities Showcase) - Incorporated into major participant’s products (e.g. Microsoft, Ping Identity, walt.id) - Global Assured Identity Network PoC - Could meet high security requirements with FAPI Security Profile - Interoperability on the protocol layer that is both credential format agnostic, and allows for interoperability between markets Why use OpenID for Verifiable Credentials?
  • 28. #identiverse Call to Action 1. Implement the specifications to unlock your use cases and provide us feedback 2. Read the whitepaper and stay up to date with the recent developments
  • 30. Example: Authorization Request HTTP/1.1 302 Found Location: https://server.example.com/authorize? response_type=code //any other grant type &client_id=s6BhdRkqt3 &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &code_challenge_method=S256 &scope=openid_credential:https://example.org/idcard &redirect_uri=https://client.example.org/cb
  • 31. Example: Credential Issuance HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "format": "ldp_vc", "credential" : "eyJjcmVkZW50a...d0MifQ==" } POST /credential HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW type=https://example.org/idcard format=ldp_vc did=did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8 proof=%7B%22type%22:%22jwt%22…0aW9EkL1nOzM%22%7D Request Response
  • 32. Example: Issued Credential { ... "issuer": "did:key:z6MkgF2pvVNEFXCksupWKrdPhL6ubecis3AWbWVsr9bNAbwC", "type": [ "VerifiableCredential" ], "credentialSchema": { "id": "https://example.org/idcard", }, "credentialSubject": { "placeOfBirth": { "country": "DE", "locality": "Berlin" }, "familyName": "Family001",
  • 33. #identiverse Request Example (W3C VCs) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"1", "constraints": { "fields": [ { "path": [ "$.credentialSchema.id" ], "filter": { "type": "string", "pattern": "https://example.org/idcard" } } ] } } } } }
  • 34. #identiverse Response Example (W3C VCs) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context":[ "https://www.w3.org/2018/credentials/v1" ], "holder":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569", "proof":{ "domain":"https://example.com/callback", "jws":"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a", "proofPurpose":"authentication", "type":"Ed25519Signature2018", "verificationMethod":"did:key:z6MkqUDiu3..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential":[ { … "type":[ "VerifiableCredential" ], "credentialSubject":{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8", "familyName":"Family001", "givenName":"Given001", "birthDate":"1950-01-01", "placeOfBirth":{ "country":"DE", "locality":"Berlin" } }, ID Token VP Token
  • 35. #identiverse Request Example (ISO mDL) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims": { "vp_token": { "presentation_definition": { "id": "mDL-sample-req", "input_descriptors": [ { "id": "mDL", "format": { "mdl_iso_cbor": { "alg": ["EdDSA", "ES256"] }, "constraints": { "limit_disclosure": "required", "fields": [ { "path": ["$.mdoc.doctype"], "filter": { "type": "string", "const": "org.iso.18013.5.1.mDL" } }, { "path": ["$.mdoc.namespace"], "filter": { "type": "string",
  • 36. Response Example (ISO mDL) { "aud": "https://client.example.org/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "iss": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "sub_jwk": { "x": "cQ5fu5VmG...dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA...rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "mDL", "path": "$", "format": "mdl_iso" } ], "definition_id": "mDL-sample-req", "id": "mDL-sample-res" } } } { "status": 0, "version": "1.0", "documents": [ { "docType": "org.iso.18013.5.1.mDL", "deviceSigned": { "deviceAuth": { "deviceMac": [ << {1: 5} >>, {}, null, h'A574C64F18902BFE18B742F17C581218F88EA279AA96D0F5888123843461A3B6' ] }, "nameSpaces": 24(h'A0') }, "issuerSigned": { "issuerAuth": [ << {1: -7} >>, { 33: h'30820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C2300A06082A8648CE3D040302305B310B 3009060355040613025A45312E302C060355040A0C25465053204D6F62696C69747920616E64205472616E73706F7274206F66205A6 5746F706961311C301A06035504030C1349414341205A65746573436F6E666964656E73301E170D3231303932393033333034355A170 D3232313130333033333034345A3050311A301806035504030C114453205A65746573436F6E666964656E7331253023060355040A0C1 C5A65746F70696120436974792044657074206F662054726166666963310B3009060355040613025A453059301306072A8648CE3D020 106082A8648CE3D030107034200047C5545E9A0B15F4FF3CE5015121E8AD3257C28D541C1CD0D604FC9D1E352CCC38ADEF5F790 2D44B7A6FC1F99F06EEDF7B0018FD9DA716AEC2F1FFAC173356C7DA3693067301F0603551D23041830168014BBA2A53201700D3 C97542EF42889556D15B7AC4630150603551D250101FF040B3009060728818C5D050102301D0603551D0E04160414CE5FD758A8E8 8563E625CF056BFE9F692F4296FD300E0603551D0F0101FF040403020780300A06082A8648CE3D0403020347003044022012B06A38 13FFEC5679F3B8CDDB51EAA4B95B0CBB1786B09405E2000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F3 0FE7AB815371942328317C' }, << 24(<< { "docType": "org.iso.18013.5.1.mDL", "version": "1.0", "validityInfo": { "signed": 0("2022-04-15T06:23:56Z"), "validFrom": 0("2022-04-15T06:23:56Z"), "validUntil": 0("2027-01-02T00:00:00Z") }, "valueDigests": { ID Token VP Token
  • 37. #identiverse Request Example (AnonCreds) { "response_type":"id_token", "client_id":"https://example.com/callback", "scope":"openid", "redirect_uri":"https://example.com/callback", "nonce":"67473895393019470130", ... "claims":{ "vp_token":{ "presentation_definition":{ "id":"NextcloudLogin", "input_descriptors":[ { "id":"ref2", "name":"NextcloudCredential", "format": { "ac_vc": { "proof_type": ["CLSignature2019"] } }, "constraints":{ "limit_disclosure":"required", "fields":[{ "path": [ "$.schema_id" ], "filter": { "type": "string", "pattern": "did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" } }, {"path":["$.values.email"]}, {"path":["$.values.first_name"]}, {"path":["$.values.last_name"]}]
  • 38. #identiverse Response Example (AnonCreds) { "aud": "https://example.com/callback", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw", "auth_time": 1638483344, "iss": "https://self-issued.me/v2", "sub_jwk": { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6", "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS", "crv": "P-384" }, "exp": 1638483944, "iat": 1638483344, "nonce": "67473895393019470130", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "id": "ref2", "path": "$", "format": "ac_vp", "path_nested": { "path": "$.requested_proof.revealed_attr_groups.ref2", "format": "ac_vc" } } ], "definition_id": "NextcloudLogin", "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs": {}, "revealed_attr_groups": { "ref2": { "sub_proof_index": 0, "values": { "email": { "raw": "alice@example.com", "encoded": "115589951…83915671017846" }, "last_name": { "raw": "Wonderland", "encoded": "167908493…94017654562035" }, "first_name": { "raw": "Alice", "encoded": "270346400…99344178781507" } } } }, … }, "identifiers": [ { "schema_id": "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1", "cred_def_id": "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred", "rev_reg_id": null, "timestamp": null } ] ID Token VP Token