Building the Pillar Wallet: Credential Issuance and Usage

Written by
Ron Kreutzer
Core Team Member

This is part three of my series on personal data and digital identity. Part one of the series discussed the concept of digital identity, and part two discussed some of the emerging standards regarding Self-Sovereign Identity and Verifiable Credentials.

Today we’ll look at the process of receiving credentials, then using your credentials to prove your identity, and recording your consent of that event.

You’ll note the title of the series has changed slightly. I’m no longer referring to a personal data locker, and instead focusing on the personal data and identity functions being integrated into the wallet app.

The concept of a secure storage area built into the wallet has been a core theme of the project since its earliest days. Now, much like in your physical wallet where cash, credit cards and your identity cards exist side-by-side, so too will the digital equivalent of those functions exist in the digital wallet.

Credential Issuance

We previously discussed that governments and businesses could issue credentials to you, and that you could store these credentials in your digital wallet.

Let’s delve deeper into the process of issuing credentials. There are several ways that credentials could be issued to you, including the following:

Using Credentials

Once credentials exist in your wallet, you can use them to access online sites that support a digital identity.

A common way to access such a website would be to scan a login QR Code on the site with your digital wallet. You’d then be presented with a prompt asking for your consent to share specific personal data with the site.

Behind the scenes, your digital wallet translates the QR code, identifies the personal data that is being requested, and then determines whether you have the credentials to provide that information.

If so, it would then create a proof of that information and present a screen asking for your consent to share that data. Once consent is given, the wallet stores a receipt of that consent.

There are two Concepts here to discuss: proofs and consent receipts.

  1. A proof is a cryptographically signed piece of data that contains all the personal data that is being requested.
    This proof can span multiple verifiable credentials, gathering only the pieces that are needed from such credentials, in addition to self-attested data that doesn’t necessarily need a credential.
    The data in a proof can be verified back to the issuer of the underlying credential, with assurance that the credential belongs to the same identity holder as the proof.
  2. A consent receipt is a record of you providing personal data to a company.
    This receipt may include the uses for each piece of personal data that the company has agreed to. These receipts are stored in your wallet and can be used later if issues arise with the company.
    In the broader ecosystem, work is progressing on standards for consent receipts and proofs, and how these are stored. As well, work is continuing on the interoperability of competing methods. Pillar is participating in those discussions, as we believe it is beneficial that all digital wallets can use these functions, and the underlying credential data interchangeably.

So far in this series, we’ve looked at:

At the Odyssey Hackathon

Conclusion

In this series we’ve covered a lot about digital identity, and how it can be applied in the real-world. Hopefully, you now you have an understanding of how credentials and digital identifiers can help streamline identification processes, as well as enabling you to reclaim control of your identity and privacy. Let us know what you think…

· · ·

More Posts

Copyright © 2020 Pillar Project A.G.
21 Bahnhofstrasse, Zug, Switzerland, 6300 🇨🇭
HQ: Level 9, 9 Appold Street,
EC2A 2AP, London, UK 🇬🇧