# Issuance of Bank Data Credentials As part of SSI4D, we want to demonstrate the issuance and exchange of verified bank account information. We have the scenario that Bosch has a bank account with Commerzbank and needs to communicate the bank account with its customer Daimler. Incorrect, out-dated or tampered bank account data can be costly, therefore we aim to exchange verified bank account data in form of a verifiable credential issued by the autoritative issuer - Commerzbank - and transferred via an authenticated communication channel between Bosch and Daimler. In the following we concentrate on the process of issuing the credential to Bosch ## Assumptions * Commerzbank is represented as an ACA-Py (version? we use 0.5.3) with a public DID and role endorser on the ID Union network * Commerzbank creates a schema for bank account information on the ID Union network * Bosch's Business Partner Agent does not support handling of revocable credentials yet, so we might add an expiration time. * Commerzbank creates a credential definition based on the schema ## First Technical PoC The first step is to manually try setting up a connection and issuing a credential. Ideally, we would be able * We initiate a connection between Commerzbank and Bosch Agents * In our UI we currently only support initiating a connection based on a public DID. Would that work? Otherwise we could work with the ACA-Py Admin API * Commerzbank initiates the issue credential protocol ## How do we go from there? The above PoC is a manual flow to prove that credential issuance is working between Commerzbank and Bosch agents. However, it would be nice to have a more complete flow. We can think of the following flows. ### Bosch Agent asks for verification of its bank data (preferred) * We start with a Bank Account document in the Wallet of our Business Partner Agent. The bank account document is based on the schema on the ledger. This would be the starting point after syncing our master data with our Business Partner Agent. * Now, we want to get our bank account data data verified and initiate the verification flow by sending a proposal with our bank account data to Commerzbank (/issue-credential/send-proposal) * Commerzbank issues a VC based on the proposal * The bank account information in the Business Partner Agent wallet is verified This leaves the question open how we initate a connection and how Commerzbank verifies if the account information provided by Bosch is correct. Initially, we could neglect this issue, and extend with the following flow later: #### Using Handelsregister Auszug issued by Targens to authenticate Bosch * Commerzbank allows public invitations * Bosch knows public DID of Commerzbank * Given the flow above, the Bosch Business Partner Agent is aware of the bank account with Commerzbank and we create a connection with Commerzbank based on the public DID * Commerzbank asks for the Handelsregisterauszug * Bosch presents the Handelsregisterauszug verified by Targens * Commerzbank matches its internal Bosch customer data with this connection based on the data provided in the Handelsregisterauszug * When Bosch asks for verification of bank account (by sending a issue credential proposal), Commerzbank can verify the proposal by matching it with its internal customer data. ### Issuance initiated from Commerzbank portal Another approach would be to iniate the process within a Commerzbank online banking portal. * A Bosch employee logs into the business account with Commerzbank. * The Commerzbank portal allows to issue the bank account as a VC. This could be done the following two ways: 1. Bosch employee enters public DID of Bosch Agent and connection protocol and credential issuance is started 2. Commerzbank provides an invitation which Bosch employee has to provide to Bosch Agent. After connection is established, Commerzbank automatically issues the credential. In both approaches we could add the request for the Handelsregisterauszug.