# Wrapping Indy Credentials (AnonCreds) in W3C VCs AnonCreds are typically bound to a holder by using a link secret and not by issuing a credential to a public DID. In order to add such a credential (or a subset of attributes) to the public profile, we suggest the following mechanism which expresses the intent: I self-attest that I have this credential with the specific attribute values, if you require a proof you can ask me using the Aries present proof protocol. Given an AnonCred based on the schema [M6Mbe3qx7vB4wpZF4sBRjt:2:bank_account:1.0](https://indy-test.bosch-digital.de/browse/domain?page=1&query=M6Mbe3qx7vB4wpZF4sBRjt%3A2%3Abank_account%3A1.0&txn_type=) with attributes ``` iban: 456 bic: 1234 ``` we dynamically create the following VC with an inline context generated on the fly: ``` { "@context":[ "https://www.w3.org/2018/credentials/v1", { "@context":{ "sc":"did:sov:iil:M6Mbe3qx7vB4wpZF4sBRjt:2:bank_account:1.0", "bic":{ "@id":"sc:bic" }, "iban":{ "@id":"sc:iban" } } }, "type":[ "VerifiableCredential", ], "issuer": "did:sov:iil:M6Mbe3qx7vB4wpZF4sBRjt" "id":"urn:583100e7-9141-4444-b3bf-3bd27fb1e33e", "credentialSubject":{ "bic":"456", "iban":"1234" } } ``` Further, we have thought about two different mechansism to include Indy specific information in the credential. ### Custom Proof Type Defining a custom LD proof type, e.g. `IndyCredDefProofType` that contains the credential definition ID. ``` "proof": { "type": "IndyCredDefProofType", "proofPurpose": "assertionMethod", "verificationMethod": "M6Mbe3qx7vB4wpZF4sBRjt:3:CL:571:bank_account_no_revoc" // credDefId } ``` ### Custom Credential Type Defining a custom credential type, e.g. `IndyCredential` that defines the Indy specific vocabular ``` { "@context":[ "https://www.w3.org/2018/credentials/v1", https://raw.githubusercontent.com/iil-network/contexts/master/indycredential.jsonld, { "@context":{ "sc":"did:sov:iil:M6Mbe3qx7vB4wpZF4sBRjt:2:bank_account:1.0", "bic":{ "@id":"sc:bic" }, "iban":{ "@id":"sc:iban" } } }, "type":[ "VerifiableCredential", "IndyCredential" ], "issuer": "did:sov:iil:M6Mbe3qx7vB4wpZF4sBRjt" "id":"urn:583100e7-9141-4444-b3bf-3bd27fb1e33e", "credentialSubject":{ "bic":"456", "iban":"1234" }, "schemaId":"M6Mbe3qx7vB4wpZF4sBRjt:2:bank_account:1.0", "credDefId":"M6Mbe3qx7vB4wpZF4sBRjt:3:CL:571:bank_account_no_revoc" } ``` ## Handling in public profile ```plantuml skinparam BoxPadding 20 participant "Verifier" as verifier box Holder participant "Public Profile Endpoint" as holder_profile participant "DIDComm Endpoint" as holder_didcomm end box database VDR verifier <-> VDR: Resolve DID doc verifier -> verifier: Find "profile" service from DID doc verifier <-> holder_profile: Fetch public profile (JSON-LD VP) from "profile" endpoint verifier -> verifier: Verify JSON-LD VP signature\n(with key from DID Doc) loop for each VC in public profile VP verifier -> verifier: find AnonCred specific information (credential definition id) verifier -> verifier: Build DIDComm Presentation Request with restriction on credential_defnition_id and (optionally) attribute values verifier <-> holder_didcomm: Request VP verifier -> verifier: Verify VP and check with public profile information end ``` The Verifier verifies the JSON-LD VP proof. The individual VC contained in the VP can not be verified directly, because their origin is an AnonCred. The Verifier can request a VP (AnonCred VP) via DIDComm in case the Holder's signature is not enough and a 3rd party (Issuer) confirmation (proof) is necessary. ### Example of DIDcomm Presentation Request (indy proof request) ``` { "proof_request": { "requested_attributes": { "attr1_referent": { "names": ["iban", "bic"], "restrictions": [ { "attr::iban::value": "456", // (optional) "attr::bic::value": "1234", // (optional) "cred_def_id":"M6Mbe3qx7vB4wpZF4sBRjt:3:CL:571:bank_account_no_revoc" } ] } }, "requested_predicates": {} } } ```