Offer Credentials

Issue credentials to an SSI wallet

Introduction

If an organisation wants to provide credentials to users, e.g. as a login credential, the organisation can use the sideos API to create Verifiable Credentials and offer these Verifiable Credentials to their users to be stored in their SSI Wallet.

There are 3 parties:

  1. SSI wallet. Interacts, stores, and manages verifiable credentials.

  2. Web Service. Role of the Issuer creates verifiable credentials and provides them to the SSI wallet.

  3. sideos API. Converts claims into verifiable credentials on behalf of the issuer.

sideos provides an SSI wallet available as sideos Transponder App for Android in Google Play Store, for iOS in Apple's App Store, and as sideos Desktop Wallet for Chrome, Firefox, and Safari.

The Web Service is your server you will integrate with the sideos API. The Web Server will interact with the SSI wallet and control the flow depending on the business requirements. To issue a credential the Web Service provides the data which will be sent as claim records to the sideos API, and in return receives the verifiable credential that will be provided to the SSI wallet.

Offer Flow

See the diagram below for the flow chart for a credential offer.

Signed Credentials

The basic credential issue flow creates a credential offer and presents the Verifiable Credential to the wallet e.g., via QR Code to pick it up. Because the SSI audience (DID of the SSI wallet) is not known in the moment of the credential creation, the provision channel needs to be trustworthy.

There are several protocols available, some more and others less complex. In many cases in the enterprise environment you already have a secure environment, e.g. via intranet pages or email. Here you can strip down the protocol to a simple credential provision without an embedded channel authentication and rely on the secure environment.

There is an endpoint to create a Verifiable Credential that includes the audience (DID) as an id in the credential subject. That way, the DID of the wallet can be included in the credential subject and thus, being ensured to be stored and used only on the respective SSI Wallet.

Offer and Request Credentials in 1 step

Imagine a flow, where the user doesn't have a credential yet and is in an onboarding flow. You could issue a credential and immediately request it for migrating the user into the new SSI flow. In that case you could use the offer&request endpoint

Last updated