6 Functional Requirements
This section lists the technical capabilities of this Building Block.
This section lists the technical capabilities of this Building Block.
The credential wallet should host the credential offering endpoint that the credential issuer should call to share the
The credential issuer MUST expose an endpoint that provides relevant information to ensure a convenient and secure credential issuance.
The credential issuer SHOULD be able to validate the wallet before issuing the credentials
The credential issuer MUST authenticate the holder before issuing the credentials
The credential wallet MUST be able to trust the credential issuer before requesting the credentials
The credential wallet MUST be able to request credentials from a trusted credential issuer
The credential wallet MUST be able to validate the credential before storing the credentials
The credential wallet MUST enable cryptographic mechanisms to store the credentials
The credential wallet MUST have trusted hardware providing a secure environment (tamper-proof) and storage for cryptographic assets such as keys
The credential issuer SHOULD NOT be able to learn details of the presentation when there is a status check of the credentials by a verifier
The wallet SHOULD verify the validity of the credential when accessed and show the status to the holder to take appropriate action
The credential verifier MUST be able to trust the credential wallet before requesting the presentations
The credential verifier MUST be able to request a verifiable presentation
The credential wallet MUST be able to validate the verifier before presenting a credential
The credential wallet SHOULD capture the holder's consent before the credentials are presented to any verifier.
The credential issuer SHOULD NOT be involved in the presentation process
The credential wallet (with the holder's consent) SHOULD be able to present a selected subset of the data fields (claims) from a credential while other fields are not revealed to the verifier.
The credential verifier MUST be able to receive the verifiable presentation from the wallet
The credential verifier SHOULD be able to verify the presentations after receiving the presentation
The credential wallet SHOULD enable the holder to present a pseudonym instead of their real identity when authenticating online or presenting credentials, except in cases where identification is mandatory.
The credential verifier SHOULD NOT be able to link two presentations to the same holder (unless the holder's information is provided as part of the presentation)
Two credential verifiers SHOULD NOT be able to link two presentation transactions to the same holder by sharing the received presentations
After receiving a presentation the credential verifier SHOULD NOT be able to prove to any third party that the holder had presented the credentials to the verifier for identification purposes earlier. (OPTIONAL)
The credential wallet backend SHOULD NOT be able to track where the credentials are being presented or learn details about the attributes of any transactions performed by the Holder
The credential verifier SHOULD NOT be able to prove to any third party the credential's authenticity and the integrity of its attributes that the verifier had previously verified. (OPTIONAL)
The credential issuer and the credential verifier should not be able to link an issuance and presentation session to the same holder (unless the Holder provides sufficiently identifying information as part of their authentication to the Issuer and as part of the presented credential shared with the verifier)