Specification to unite decentralized identity schemes opens door to new applications

The decentralized identity community is integrating OpenID’s protocols for verifiable credentials with DIDComm to give businesses a way to utilize VCs with “direct communication between trusted connections,” as the Decentralized Identity Foundation (DIF) puts it a blog post.

DIF held a webinar this week to describe and discuss the project, its impact on secure digital identity and self-sovereign identity (SSI), featuring presentations from Artur Philipp of IDunion and SVA System and Sam Curren of Indicio. Curren and Philipp are also among the editors of the HyperLedger AnonCreds Specification.

The OpenID4VC protocols are made up of OpenID4VCI and OpenID4VP, providing a standardized framework for authentication across applications and websites.

DIDComm is a decentralized protocol for secure, privacy-enhancing communication with decentralized identifiers (DIDs).

The combination is referred to as OpenIDIDComm.

What IDunion DID

The introduction of eIDAS 2.0 and its architectural reference framework specified that credential issuance and requests must be carried out through OpenID’s verifiable credential protocols, rather than DIDComm, Philipp explains.

IDunion’s tech stack 1.0 allowed credentials and other messages to be exchanged, while OpenID’s protocols do not support messages. “You cannot transfer arbitrary data,” Philipp says. That feature is useful for a whole range of use cases, however.

A way to comply with eIDAS 2.0 while including the features provided by IDunion’s use of DIDComm therefore led to the establishment of the working group to combine the two approaches.

Curren and Philipp explained various workflows between issuers and digital wallets, all designed to maintain compatibility with the broader ecosystem of OpenID implementations.

The specification adds two fields to the metadata concept OpenID4VCI borrows from OAuth, Curren explains; the DID of the issuer and a signal of whether the DIDComm connection is required or optional. Based on that signal, the wallet uses the protocol to transmit the access token to the issuer over DIDComm, and the issuer correlates the access token with the DIDComm relationship.

Once the DIDComm relationship is established, communication by offline devices is possible due to DIDComm’s routing capabilities.

“Running side by side, OpenID4VC and DIDComm hold the promise of revolutionizing digital identity management and communication,” DIF says in summary. “By incorporating a familiar pattern for the exchange of verifiable credentials alongside a secure communication channel with capabilities that extend beyond verifiable credentials, businesses can benefit from enhanced security and trustworthiness of digital identities while maximizing their benefits.”

Article Topics

decentralized identifiers (DIDs)  |  DIDComm  |  identity management  |  IDunion  |  interoperability  |  OpenID Foundation  |  OpenID4VC  |  verifiable credentials