Skip to main content

Protocols

In the OID application, credential exchange protocols are fundamental to ensuring secure, interoperable, and verifiable digital identity interactions. We have chosen to implement the Credential Manifest and Presentation Exchange protocols from the Decentralized Identity Foundation (DIF) to achieve this goal.

Credential Manifest

The Credential Manifest protocol allows issuers to describe the credentials they offer in a standardized way. This protocol facilitates clear communication between issuers and holders, ensuring that holders understand what credentials they can obtain and under what conditions.

  • Standardization: Credential Manifest provides a standardized format for issuers to describe their credentials, making it easier for holders to understand and request the appropriate credentials.
  • Flexibility: It supports a wide range of credential types and can be extended to meet specific use cases and requirements.
  • Interoperability: By adhering to DIF standards, Credential Manifest ensures compatibility with other decentralized identity systems and protocols.
  • Transparency: Holders can see detailed information about the credentials they are eligible to receive, including the required attributes and issuance policies.
Key Features of Credential Manifest
  • Credential Definitions: Issuers define the structure and content of the credentials they offer, including required attributes and verification methods.
  • Issuance Policies: Issuers specify the conditions under which credentials can be issued, such as the need for specific verifiable claims or the completion of certain workflows.
  • User Guidance: The manifest includes guidance for holders on how to request and receive credentials, making the process user-friendly and transparent.

Presentation Exchange

The Presentation Exchange protocol enables the secure and standardized presentation of credentials from holders to verifiers. This protocol ensures that verifiers can request, receive, and validate the credentials they need while maintaining the privacy and security of the holder's data.

  • Standardized Requests: Verifiers can create standardized requests for specific credentials, ensuring clarity and consistency in the information they receive.
  • Selective Disclosure: Holders can choose which attributes to disclose in response to a verifier's request, protecting their privacy and minimizing data exposure.
  • Interoperability: Presentation Exchange is designed to work seamlessly with other DIF protocols and standards, promoting broad compatibility and ease of integration.
  • Verification Assurance: The protocol includes mechanisms for verifiers to validate the authenticity and integrity of the presented credentials, ensuring trust and reliability.
Key Features of Presentation Exchange
  • Request Definitions: Verifiers define the credentials and attributes they need, including specific conditions and requirements for the presentation.
  • Response Mechanisms: Holders can construct responses that match the verifier's request, selectively disclosing the necessary information while protecting their privacy.
  • Validation Tools: The protocol includes tools and methods for verifiers to validate the presented credentials, ensuring they are genuine and have not been tampered with.
  • Privacy Enhancements: By supporting selective disclosure and other privacy-preserving techniques, Presentation Exchange helps protect the holder's sensitive information.

Implementation Strategy

Our implementation of Credential Manifest and Presentation Exchange is designed to be agnostic, enabling us to easily integrate additional protocols as the Self-Sovereign Identity (SSI) ecosystem evolves. This strategy ensures flexibility, future-proofing, and broad compatibility.

  • Protocol Abstraction: We use an abstraction layer that decouples the implementation details of specific protocols, allowing us to add or switch protocols without significant changes to the core system.
  • Modular Architecture: Our system is built using a modular architecture where each protocol is implemented as a separate module. This modularity facilitates easy updates and the addition of new protocols.
  • Standard Interfaces: We define standard interfaces for credential issuance, presentation, and verification, ensuring that any protocol adhering to these interfaces can be integrated seamlessly.