Overview #
OpenID for Verifiable Presentations (OpenID4VP) is an extension of the OpenID Connect standard that enables secure, interoperable, and standardized verification of Verifiable Credentials (VCs). By implementing OpenID4VP, the Blerify Wallet facilitates seamless interactions where users can present credentials to verifiers securely and efficiently.
Benefits of OpenID4VP #
Interoperability: Compatible with identity systems built on OpenID Connect.
Standardization: Simplifies adoption by adhering to global standards.
Security: Ensures authenticity and integrity through cryptography.
Privacy: Supports selective disclosure, allowing users to share only necessary data.
OpenID4VP Workflow in Blerify Wallet #
- Verifier Setup:
- The verifier configures an OpenID Connect endpoint capable of handling OpenID4VP requests.
- The endpoint specifies required attributes and types of Verifiable Credentials.
- Presentation Flow:
- Verification Request:
- The verifier generates a Presentation Request and shares it via a QR code or a link.
- The request specifies required credentials and attributes.
- Credential Selection:
- The user scans the QR code or clicks the link to open the Blerify Wallet.
- The wallet displays available credentials matching the verifier’s requirements.
- Selective Disclosure (Optional):
- If enabled, the user can select which parts of the credential to share.
- If enabled, the user can select which parts of the credential to share.
- Signing and Submission:
- The wallet signs the Verifiable Presentation (VP) using the private key linked to the user’s DID.
- The signed VP is sent to the verifier’s endpoint.
- Verification:
- The verifier validates the VP’s signature and checks if the credentials meet the specified requirements.
- The verifier validates the VP’s signature and checks if the credentials meet the specified requirements.
- Verification Request:
- User Feedback:
- Both the wallet and the verifier notify the user of the verification result (approved or rejected).
- Key Components:
vp_token: Contains the Verifiable Presentation encoded as JSON.nonceandstate: Ensure uniqueness and integrity of the transaction.presentation_submission: Maps user credentials to verifier requirements.
- Example of a VP Token:
{ "iss": "did:lacchain:123456789abcdef", "aud": "https://verifier.example.com", "vp_token": { "type": ["VerifiablePresentation"], "verifiableCredential": [ { "@context": ["https://www.w3.org/2018/credentials/v1"], "type": ["VerifiableCredential", "DiplomaCredential"], "issuer": "did:lacchain:org12345", "credentialSubject": { "id": "did:lacchain:user67890", "degree": { "type": "BachelorDegree", "name": "Computer Science" } }, "proof": { "type": "Ed25519Signature2018", "created": "2024-12-18T14:10:00Z", "proofPurpose": "assertionMethod", "verificationMethod": "did:lacchain:user67890#key-1", "jws": "eyJhbGciOiJFZERTQSJ9..." } } ] } }
Use Cases for OpenID4VP in Blerify #
Service Access:
Authenticate users in digital platforms using Verifiable Credentials (e.g., diplomas, IDs).
Event Validation:
Verify identity and credentials of attendees at events.
Enhanced Privacy:
Protect user data with selective disclosure and cryptographic proofs.
Advantages of Blerify's Implementation #
Integrated DIDs:
Fully supports decentralized identifiers for self-sovereign identity.
User Control:
Users decide what data to share, ensuring compliance with privacy standards.
Developer Tools:
APIs and SDKs simplify integration of OpenID4VP flows into third-party applications.
