Power of Attorney
Description
Certain processes require proof of authority from a representative who has signatory rights such as the CEO. While this is currently done manually by presenting signed sheets of paper, we want to automate the process and increase the level of security.
A user of the Enterprise Wallet can delegate his authority or parts of it to another user of the wallet by issuing a power of attorney credential (POA Credential). The POA Credential needs to contain claims defining the delegate rights, the DID of the receiver of the rights and a chain of credentials to establish trust. The trust anchor of the chain has to be a Natural Person Credential of a user with signatures rights. The Enterprise Credential issued by the Bundesanzeiger proves the signature rights of the user acting as trust anchor. By presenting the Enterprise Credential and the POA Credentials to the verifier, the user of the wallet can prove that he or she is authorized. The credentials are automatically verifiable, streamlining the authorisation process.
Prerequisite
- In order to issue a Power of Attorney (PoA) Credential, the delegating user must be onboarded to issue the credential
- The delegating user needs to have a Natural Person Credential Enroll Natural Person or a POA Credential with the required rights
- The delegating user needs to be signed in to the wallet
Workflow
Steps
note
The following example assumes, that the involved parties owning the following DIDs:
- BAnz DID:
did:key:zDnaexEHa3xyCcG1pNCj65VPcbrYrrxVfxMW2qCsDN3XzqzxP - Enterprise wallet DID:
did:key:zDnaedjxqnoS2jK7RsNmRgbVNGsGnj7zSr74Y71NAMrAPZa6Q - Enterprise CEO DID:
did:key:zDnaeVXmpeF4fafnTY44Fba4yCUMgxhPf85XEoajZbsBxPnEC - Enterprise Employee DID:
did:key:zDnaeTNKUJ5msj2c6fyZBMouQaw15wCXE4KFUMGKFhbMVdW6b
-
The
Delegating Userrequests authorisation ofAuthorised User -
The POA Credential is created and stored in the workspace of the
Authorised User.{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://oid.spherity.com/contexts/cc/v1.jsonld",
"https://oid.spherity.com/contexts/poa/v1.jsonld"
],
"type": [
"VerifiableCredential",
"ChainedCredential",
"PowerOfAttorneyCertificate"
],
"issuer": "did:key:zDnaeVXmpeF4fafnTY44Fba4yCUMgxhPf85XEoajZbsBxPnEC",
"validFrom": "2024-07-30T10:20:55.189Z",
"validUntil": "2034-07-30T10:20:55.188Z",
"credentialSubject": {
"type": "PowerOfAttorney",
"dateOfBirth": "1970-01-01",
"familyName": "Mustermann",
"givenName": "Max",
"id": "did:key:zDnaeTNKUJ5msj2c6fyZBMouQaw15wCXE4KFUMGKFhbMVdW6b",
"proxiedPermissions": [
"opening a bank account"
]
},
"proof": {
"created": "2024-07-30T10:20:55Z",
"cryptosuite": "ecdsa-sd-2023",
"proofPurpose": "assertionMethod",
"proofValue": "u2V0AhVhAKMO67d1S3m5SW-OOmfRPtU6XhKprfz84oIRofWvuxOrPXZ7XodeTCLx9ta9LiWzsvTVtb8OlJsc7M1zMHwjKy1gjgCQCIdiWDk-Ki_-ZTXDuVoc2lZhiokPQaRZBNRMLu8juqqlYIGlMAm9U2RWEiZjdVLlXaubA5sZ0NYjDBHuKyG0UQYV7mCVYQH-I4UKYTkWNaxuVa4Do7pWkaah7uRx5l69WubrYSVdgPok_7v_uo3JBmtUBR0OOZPVfs1c_WWtXkZVCRCS850VYQGk_vivNlTHar3XtnT3TB6ephnVq_z8qIP7M_ir6r_ZvygsCQIxFbXSIGnzk-yVOXpCuWigQFjRQSOi5ix0QjHZYQKGNdfr5v06ZQEp4UovJigbwKmmf3DRjSvT-8iu5IQzzV_-k41AjviN0iVQMOXE5DLlx9FQ3bewR2RCQrHgPtClYQC6f8CDUeN26XwZmtzLi5X7_ZyYJ2w9sU8UnxvJ485h13sWiCdN-vM-SYUGg1C7rMLR-tzfP-1x-xvA7j8O6bbFYQNvPbFIPYgzUmnXEal3-a3ybSysRzGcZolsB-yN8ae9T7xKJHdDsRVosVz_plGYGvJD_j04w5ltDgvXCSarJxrxYQDS_kXG0JCu77ADlXQ9fOk_3PSrZKlZcvOX8A54H5WPJsfdHOMNZJKwm1c9yhpSanbw3mXVaDxIljYtv2hPj22JYQEFaunjBb7-q-QVIRYGEquqHU7-v9rK3ebH4M-x5IEGsNo6MOlMFZQuzAvmtn9kFGOmO5n9puZF1NGK_MHArHMVYQAhuPI89TnGOfJsEq1w7FRS9v6nNBcY-BRDa3rWjjNZencfDUN6T-JTMS4DmzLlPNr9Nu6Jei_dVheKqLXRokxRYQKBMOXAcCBKrjYS6dUkK3XsFMEFAnt-7mduMjlBUiYZWhVoT0vuDuiH7bd3WB1Db_8bOHTwhuUvzblFYhaC_185YQCgFRpEJgvX6-qb0VH9qP9hKTup7dyL2a4Pul2Txceqd-4-SDpaTL6YlHvm-tPR8gjIVQsXnG0Yd28c1_gdQeaBYQJXyM1xBBh-Lj9ZG_udmAWVF1aci2_eq0eacXvfNp241y8HdEdjKBDsWM1Yzt9NsNL7w5HagoBXgLhaG5YuONaBYQLp-qR4qUAB56VwrC_7JSjxb96Z6YJK1VtrlP7G_tyiSwF7TVT9jzcI2AInXpb968yS2656nQWcmSKbpxIRF0ehYQOrWclQ2MNiIrkIx-WhtBaNgtyGwXuvUk3ySYyFCK7sM21MuKlgoadYP4tQT9GiWlgLJ9UsIC4WN9G33TsDzax9YQFmwJy7XV5aiBNSj83BFwlnUP71X31RGCU_HKEONGoRVgvUasWXPBlraADec4p5lMEzb87oNsjWdnu9JPltBVYlYQJi0PG9REUdslnnsXEjnXQzhoQzlXjkyIS0S0-CL5NU93LNNWwbWZN73xor73v_48xCQWKd5ysgOQJBnrOET8IpYQB29XWl833dQTPPpBt8hx1_SHtr2o3jXfPs_r0Cw5zbnvQcOatRSa5jhctxduBkwx-Ae9V5-OF3E7a75fJhelpxYQOKen3Q9ZWeuz-7BXvLDMMR238Rb3nPHXpm5Bl8oLAqdfuhYeKzHBqoVRbbaNiLbRtl7FsYTHvqbwqhqwe3rPWxYQBW-3jKPgtdcTEH32hG4g2BfpfYhHVzGk5HeXWNz_BpDm5AxX-W7ycfkKUvrkwf8IqZAkaTo-QxgpJd_dz_DwO9YQDCBco4QOlL6kgzPU6fspNkCUHgA2dBKKI7oCBi9sG9cFEhTY35UQ4D-sUZ8fW4bo5XwZugfr7sT2Zhyzp8b1TRYQJsjIa6zeS9m2ka8oA98XUA1iH23XJkloFIdDFdV6PumpmehN42Xma_O6nfMIt2bBPuCeB83uK9qk6Z7lTfcnEFYQH9hA_pp_HHPqpAyISahcAXgUz57uah-ZjK7Q8G0rM0NjS7j6hbNZ-6i1C-OSHYojFxnnCDDGX2_rycgfeDMDh9YQDgFt-3L0Hiy7AsJaU-KbPyTM3CQHPxnu7QBqJLLISG-34Igj4uPXMYxMY7bjZCrLyWSn3oIpHr8XZB8AJ1VCONYQFiIb472_-JBnxFSV1zEzjvd7svJayDiJVLTGHh6Rlgx8gbdIXh_JDEAZaiWZxZTMH_sORnrHOiTQR7lG6Wtx-lYQB_XSQQQKFC4ZLvpkMdQZgN_ORLFD8Ckpg9c4BfE7r7Io8VOzidr8FpLNxiZ1ORzybThC4Uw80eIFzqkW-2FbfdYQEd0doppEb6Gmfdh4GZW7aN3PtRiE1doK_HxvwmzTREsRqvZsGOeD1XL9uAI8DTA3pIda8Qbiy4GeEvGFURpBUtYQBSxHJ3tEb7aOLapOda6U3wovPEpZHSWCcxSW5_T0GtF1gYESkyo9bLsD0MBaKwagkKNuvZdTdOMFeBv0x9SXvlYQB03O71xPPO3DuI17XpHd5J3rHz3QZNJ7FncovOQE9YGp_EWXgJfhbMZQx3CmGp7f5C0mLEte6Xab_boST9WOuxYQMNoI8k_CN45470kQqOjfLzdxKfL6wGldw1xuzaBRiynGhiekbQnfU23vLkVG5D8HPspNGSGowuEnHPHqmQCiddYQBUl4DGC_wRl3UcGy8Yw4B73_dsWF8y_s_wxIg0GrC6VE0cVx-WSBJ_Mxe7X_QPj1bfryARvvMyQFLzA8luKjihYQALL0ppPgbx9CKB5VpC2p4Bj26PXcXEFmuC06Z5e2bFqDl40YYTARSfY9jOyrJSf58AVjJR6aOCsUNYQJp5fr7hYQMuj9JgJRksdbre_ODrJe4bsNOFaDWN8dF_l24u606V3ghetLebmj1qC-eoehb3X4geeVZYIQU_QOaZUPZrukUlYQM8bBYSNqbJshlNpBANZJf2oPVfgFTnYNQGZdjUj26N6MqX2ExCvVdkiPh7ZJ2roaOuxhmsCTr4MD4bgOO2v0MhYQB_BTPxTiZib8_1yfn5r3R2-kFI0fJ2_amn1yenaj-UJtx1-25U7A45Jf_N2XmnZrAp854f9gSzbRr9mYwPhiKFYQLsXdGslZSM2EjNnF_bob-vkU_Kk4CrwkIsN47xf0BwMIEucx2mPc5jPuIN5kAj9NdjKAVi3rFsWVeROHRDZRoxYQOdWv5I1ZxHavUuy5iUonnqtdjlor8ujmMq9NsxaOC3eJSNruN1gDA16fTHj-VFakSSmaxIixJ81lZb5hDEZgNdYQBa5mb_dHm6JdYr4z0mO4IEyunc_Th5FwjgdSORIGkU3pUWj87p4CNtnPJfHsMwfcovlGKcm73E96no5z9sIW_JYQM9dr_KDr2UUBdMxyyOSvVueyRRUhMPYB-Hya_0PO19_0_VV2i4QNgDc5A--mU9gRNkPOdRGtzhC-ZHiMYLGJVmA",
"type": "DataIntegrityProof",
"verificationMethod": "did:key:zDnaeVXmpeF4fafnTY44Fba4yCUMgxhPf85XEoajZbsBxPnEC#zDnaeVXmpeF4fafnTY44Fba4yCUMgxhPf85XEoajZbsBxPnEC"
},
"provenanceProof": {
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://oid.spherity.com/contexts/oid/v1.jsonld"
],
"issuer": "did:key:zDnaexEHa3xyCcG1pNCj65VPcbrYrrxVfxMW2qCsDN3XzqzxP",
"type": [
"VerifiableCredential",
"LegalEntityCertificate"
],
"validFrom": "2024-07-30T10:15:32.859Z",
"validUntil": "2034-07-30T10:15:32.858Z",
"credentialSubject": {
"companyIdentifier": "urn:mdms:12345678",
"companyName": "Flower Power AG",
"functionary": {
"authorizationExtent": "full",
"isAuthorizedRepresentative": true,
"isExclusionOfParagraph181": false,
"legalEntityId": "did:key:zDnaeVXmpeF4fafnTY44Fba4yCUMgxhPf85XEoajZbsBxPnEC",
"role": "CEO"
},
"id": "did:key:zDnaedjxqnoS2jK7RsNmRgbVNGsGnj7zSr74Y71NAMrAPZa6Q",
"type": [
"LegalPersonId",
"LegalPersonBaseData",
"LegalPerson"
]
},
"proof": {
"created": "2024-07-30T10:15:32Z",
"cryptosuite": "ecdsa-sd-2023",
"proofPurpose": "assertionMethod",
"proofValue": "u2V0BhVhAAmYLOiiBnUI_mieJlMGZKaHeWFPDBEOLcERZNHMlVuIZc7nAqDxWyhO8ll4erL4SMF0tE0BzvlXObiSCRdmqCFgjgCQDdBD7b-2u9AqOeTqes3Ca_sGXwvDIt73QMZZvBBQVEo6RWEB9ewJs88R1KEpJc5NDMvRzNpcL9bulgTMIAFlW3tC9iPHf6afR12K5rGUPgfz5K4XuZnywWMZ9UrSm1aTXF29fWEAhx-zcJ7mwUbu8wyeBK72-Dq4ROhKVqp7NCg-eL_45T0xMwAU1xS2PGJu47EnnRFkFgo4eBPiiEoAzqwl6ObWQWECZGncgaxe5mMat3jNRngDPDLG8GlHA8X8hZG5Ho5K0yQj16ZN64OaltJl-8xTuY1U1SomrKY7NOh9qf4yxvGahWEB0KBprwuOwhb-9b4HkDH9ECINPKID3wnE4qOVUS2uhXlpXD_dE_qO0k3VFEXW2FwBeZ1Sndv2KQd0XxgfbB05QWEBBiwIDQAsb7Id1dMT_owrYKGR8eHEIt3YCzVWTIQMfVkacsq3GfRXiNCy5Cc1LbSCo1HuV81iJxtywsns5YEI7WEBJfewuqqeYm89dT5uNx-cbg1aQVwOX-SemWpp5jtSfCKNe9-OTf6N3zgmu1nkuZ2fYW57u4tcnXvfkdE2wh6CwWED7QK7THvbum-EC3Bx4Mc7qBzt4Zx3zklp4mOpwAN3t-4XFjxV5Bxp4OCjvfl1ribeAlzwLBW8ryGliVZfFKv9lWEDE0NGBTC9ukSOYctwx0c5iJ69-T0JYrMb8zDiLKo2fdD8_gWI3uNF4lEa-IJxrVRkNBIpYdX2kxwLiT4Mn8AOrWEBXKWg5C2fvF04t0j4TWVWz5eUJD6xzDkPIYrYhyc4fpDvdH4QByhBuGCOJkS-Y_qkfd9oEFGhBjzB7upJvgmtEWEBGm47julPXNhW1W06m2bfU4BluH3V2vjMbCSN_skB-l3YhLv4JRyM0JrqcY4ISdxzHErSEgWEhqF5nITWEToNdWEDIZ82KImp7DrLTgHwF58aeXmxpqdnz2oD41ugggN-_FyKSYLApKaF-EHckFr3BsrLoDYafn12l7YS1Rk1UbKXhWEA5zrTbFOxTa6Y-Q8D3Q0VM-mROn9E7Eg5EbQpncOUL6fQaEdqp2J_9jbED9EwJpaeBS-Xer9WR6tW648PqQv-IWEBnk4n7EcraicycYV2DXBj7izqLaOuQlvXrXIZpRlUXWheAoi8cTOYXQntW13q9ZWeGTbO6A_0vTNFgoD-7nnbCWEBZU_znG-R2NfF4-2NpuiR0uKBrzxrh7CSSrJvjj6F-JIoEjiB2yX1N6Y7mo2RAR4sEiepmrQr_z7e9jSc0xWlbWEC3icZ8-8udaZtheKInMX9ja1s8NZsNHvJkE2SPyVe0Y0z9fgowpva2lEbizqpSi0a9lRxi9TXetIDfBTwaKS-ZWECpHnz1X4IIe8j0xcBTzoc5TpBPiN6Q94DeKvIosG5Lde5WkMABBGuGR-qDlX9b55XCxcKHU4aEeoEM8t6ivhJZWECg6IeVD7kyUUjk1Gq7AUxOBQCRaVqAtNPZtEID6Tcs8TXrbV1frKGTQomjKA3DACRskWBW3-7z6bSxwYknkeenogBYINpdBkYjRHVgkf1nNGp0IZ1DuGStalAZRQvii7HvJWIBAVggknrFo9rxCo4ClWfUNG3mggwh4J6okfrzapK1la6jZ5aA",
"type": "DataIntegrityProof",
"verificationMethod": "did:key:zDnaexEHa3xyCcG1pNCj65VPcbrYrrxVfxMW2qCsDN3XzqzxP#zDnaexEHa3xyCcG1pNCj65VPcbrYrrxVfxMW2qCsDN3XzqzxP"
}
}
}
The semantic of the terms in the credential subject of the power of attorney credential is defined in the context https://oid.spherity.com/poa. The context https://oid.spherity.com/cc extends the credential by the term provenanceProof. The new term provenanceProofs allows to establish trust chains, e.g.:
BAnz <--EnterpriseCredential-- Functionary <--POA-- Employee A <--POA-- Employ B
The trust chain ends at the Bundesanzeiger which is asserting the signatory rights of a functionary in the enterprise credential. The functionary can delegate its rights or a part of them to employee A by issuing a POA-credential describing the delegated rights. The employee B can do the same and delegating the received rights to employee B.
Result
- The employee has received an PoA Credential that is stored in the Enterprise Wallet and can be used for business partner presentations.