Building the Pillar Wallet: Credential Issuance and Usage
Core Team Member
March 31, 2020
This is part three of my series on personal data and digital identity. Part one of the series discussed the concept of digital identity, and part two discussed some of the emerging standards regarding Self-Sovereign Identity and Verifiable Credentials.
Today we’ll look at the process of receiving credentials, then using your credentials to prove your identity, and recording your consent of that event.
You’ll note the title of the series has changed slightly. I’m no longer referring to a personal data locker, and instead focusing on the personal data and identity functions being integrated into the wallet app.
The concept of a secure storage area built into the wallet has been a core theme of the project since its earliest days. Now, much like in your physical wallet where cash, credit cards and your identity cards exist side-by-side, so too will the digital equivalent of those functions exist in the digital wallet.
We previously discussed that governments and businesses could issue credentials to you, and that you could store these credentials in your digital wallet.
Let’s delve deeper into the process of issuing credentials. There are several ways that credentials could be issued to you, including the following:
A process could exist where you physically go into a government office, present proof of who you are. They would then use their computer system to generate a credential, which would be presented as a QR code that you would scan with your digital wallet. Once that is done, the credential would be stored for your later use.
Using your digital wallet, you could scan a government issued identification document, and a service within the wallet would verify that document and possibly ask for a selfie photo to compare the photograph. At that point, a credential would be issued that you store in your wallet.
You could go to your bank’s website, for example, and log in with your account credentials to the site. An option on the website would exist to display a QR Code that you would scan into your wallet and store the credential.
Once credentials exist in your wallet, you can use them to access online sites that support a digital identity.
A common way to access such a website would be to scan a login QR Code on the site with your digital wallet. You’d then be presented with a prompt asking for your consent to share specific personal data with the site.
Behind the scenes, your digital wallet translates the QR code, identifies the personal data that is being requested, and then determines whether you have the credentials to provide that information.
If so, it would then create a proof of that information and present a screen asking for your consent to share that data. Once consent is given, the wallet stores a receipt of that consent.
There are two Concepts here to discuss: proofs and consent receipts.
A proof is a cryptographically signed piece of data that contains all the personal data that is being requested. This proof can span multiple verifiable credentials, gathering only the pieces that are needed from such credentials, in addition to self-attested data that doesn’t necessarily need a credential. The data in a proof can be verified back to the issuer of the underlying credential, with assurance that the credential belongs to the same identity holder as the proof.
A consent receipt is a record of you providing personal data to a company. This receipt may include the uses for each piece of personal data that the company has agreed to. These receipts are stored in your wallet and can be used later if issues arise with the company. In the broader ecosystem, work is progressing on standards for consent receipts and proofs, and how these are stored. As well, work is continuing on the interoperability of competing methods. Pillar is participating in those discussions, as we believe it is beneficial that all digital wallets can use these functions, and the underlying credential data interchangeably.
So far in this series, we’ve looked at:
The decentralized identifiers that support identity
Verifiable credentials that can be issued to your identity
How to prove your identity to another company and store a receipt of that interaction
In this series we’ve covered a lot about digital identity, and how it can be applied in the real-world. Hopefully, you now you have an understanding of how credentials and digital identifiers can help streamline identification processes, as well as enabling you to reclaim control of your identity and privacy. Let us know what you think…