# WACI v0.1 + Mediated Exchanges **Note**: This is a **Work-In-Progress(WIP)** document ## Introductions The [WACI v0.1](https://identity.foundation/waci-presentation-exchange) spec supports the presentation exchanges between a Wallet and a Verifier. The assumption here is that the Wallet holds the requested credentials. There are some cases where the wallet relies on another holder (could be an issuer) to satisfy the presentation requirements. Use Case: Verifier requires a Drivers's License (DL) and the latest Credit Report (CR) from the user to complete some transaction. One way to do it is for the user to go to the Credit Report Issuer and store the Credit Report VC in the wallet. But a more efficient way would be to store a Credential Manifest from the Credit Report issuer, contact the issuer to send the presentation directly to the verifier. This document builds on top of WACI v0.1 ## Definitions - User: Human interacting with the wallet software - Wallet: software that acts on behalf of the user - Verifier/Requesting Party: Need some credential/data from the user to complete the transaction - Service Holder (Svc Holder): Party which can give the credential/data on behalf of a user - Mediated Exchanges: When wallet needs credentials from Svc Holder/Holders to satisfy the verifier presentation request. ## FAQ 1. What is a Mediated Exchange? In a Mediated Exchange, the wallet needs help from a Svc Holder to fulfill a presentation request 1. Why can't the wallet aggregate credentials rather than Svc Holder send it to the verifier? There can be cases where different holders hold credentials on behalf of the user. Holders need to present their credentials inside a presentation and the private key to sign the presentation are not shared between different holders. Currently, there are no standards to aggregate presentations. ## Flow diagram ### WACI v0.1 ```sequence Verifier -> Wallet: Out-Of-Band(OOB) message Wallet -> Verifier: Message 0 - Propose Presentation Verifier -> Wallet: Message 1 - Request Presentation Wallet-> Verifier: Message 2 - Present Proof ``` ### WACI v0.1 + Mediated Exchanges ```sequence Verifier -> Wallet: Out-Of-Band(OOB) message Wallet -> Verifier: Message 0 - Propose Presentation Verifier -> Wallet: Message 1 - Request Presentation \n(Driver License + Credit Report) Wallet -> Wallet : Checks credentials Wallet -> Svc Holder : Message 1.1 - Verification Method Request Svc Holder -> Wallet : Message 1.2 - Verification Method Response Wallet -> Verifier: Message 1.3 - Propose Presentation \nwith Change Request Verifier -> Wallet: Message 1.4 - Request Presentation \nwith split presentation_def Wallet -> Svc Holder: Message 1.5 - Send Presentation Request Wallet-> Verifier: Message 2 - Present Proof Svc Holder -> Verifier: Message 2 - Present Proof Verifier -> Verifier: validate presentations ``` If the verifier doesn't want to be identified for privacy reasons by the Svc Holders, then it can use DIDComm Mediators. The DIDComm service endpoint of the OOB/destination DID will contain the DIDComm Mediator endpoint. The DIDComm mediations are defined [Aries RFC 0211: Mediator Coordination Protocol](https://github.com/hyperledger/aries-rfcs/tree/master/features/0211-route-coordination) and [Aries RFC 0094: Forward Message](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0094-cross-domain-messaging/README.md#corerouting10forward). ## DIDComm Messages ### Out-Of-Band(OOB)/Bootstrap message [WACI v0.1 Reference](https://identity.foundation/waci-presentation-exchange/#message-1-qr-code) ### Message 0 - Propose Presentation [WACI v0.1 Reference](https://identity.foundation/waci-presentation-exchange/#message-0-propose-presentation) ### Message 1 - Request Presentation [WACI v0.1 Reference](https://identity.foundation/waci-presentation-exchange/#message-1-request-presentation) ```json= { "type":"https://didcomm.org/present-proof/3.0/request-presentation", "id":"<message unique id>", "pthid":"<id present in invitation>", "from":"did:example:verifier", "to":"did:example:prover", "attachments":[ { "@id":"ed7d9b1f-9eed-4bde-b81c-3aa7485cf947", "mime-type":"application/json", "format":"dif/presentation-exchange/definitions@v1.0", "data":{ "json":{ "dif":{ "options":{ "challenge":"3fa85f64-5717-4562-b3fc-2c963f66afa7", "domain":"4jt78h47fh47" }, "presentation_definition":{ "id":"7994ebbe-cb85-42ab-ba57-39294682dd7b", "input_descriptors":[ { "id":"driver_license", "name":"Driver's license.", "purpose":"Verify your identity.", "schema":[ { "uri":"https://trustbloc.github.io/context/vc/examples/mdl-v1.jsonld#mDL" } ] }, { "id":"credit_score", "name":"Credit Score and Report.", "purpose":"Determine eligibility for the service.", "schema":[ { "uri":"https://trustbloc.github.io/context/vc/examples/credit-score-v1.jsonld" } ] } ] } } } } } ] } ``` ### Message 1.1 - Verification Method Request Wallet asks the service holder to provide the verificationMethod key that would be used to sign the presentation in Message 2. ```json= { "type":"https://trustbloc.dev/waci/1.0/verification-method-request", "id":"<message unique id>", "from":"did:example:prover", "to":"did:example:issuer", "body":{ } } ``` ### Message 1.2 - Verification Method Respone ```json= { "type":"https://trustbloc.dev/waci/1.0/verification-method-response", "id":"<message unique id>", "from":"did:example:issuer", "to":"did:example:prover", "body":{ "verificationMethod":"did:example:issuer-abc#key1" } } ``` | Key | Description | Mandatory | Valid Values | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -------------------------------- | | verificationMethod | verificationMethod key that would be used to sign the presentation | Yes | JSON-LD proof verificationMethod | ### Message 1.3 - Propose Presentation with Change Request Wallet sees that some service holder needs to provide the VC to satisfy the request and sends a didcomm specific "change-request" message to the verifier. This is similar to [preview-presentation](https://github.com/hyperledger/aries-rfcs/tree/master/features/0037-present-proof#presentation-preview) message in [present-proof protocol](https://github.com/hyperledger/aries-rfcs/tree/master/features/0037-present-proof#propose-presentation) In this case, the Wallet asks the verifier to send separate presentation_def attachments for 2 groups (attachment 1 for DL and attachment 2 for CR). ```json= { "type": "https://didcomm.org/present-proof/3.0/propose-presentation", "id":"<message unique id>", "pthid":"<id from oob_message>", "from":"did:example:prover", "to":"did:example:verifier", "body":{ "presentation_proposal":{ "type":"https://trustbloc.dev/waci/1.0/change-request", "group":[ { "referenceID":"e9d36fed-a5c8-4479-bb2e-9b903fd20eda", "pres_def_descriptors":[ "driver_license" ], "verificationMethod" : "did:example:prover#key1" }, { "referenceID":"7d1b6f62-8efd-4ba9-b021-877216632ad6", "pres_def_descriptors":[ "credit_report" ], "verificationMethod" : "did:example:issuer-abc#key1" } ], "ncvi" : true } } } ``` | Key | Description | Mandatory | Valid Values | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -------------------------------- | | referenceID | UUID which will be used to correlate descriptors with presentation definition attachments in Message 1.4 | Yes | String | | pres_def_descriptors | An array of IDs from input descriptors from Message 1 | Yes | Array of Strings | | verificationMethod | Indicates the verificationMethod keys that would be signed by each presentation group. This is to make sure verifier can trust the presentation sent by Svc Holders | Yes | JSON-LD proof verificationMethod | | ncvi | non-correlatable-verifier-id | No | true or false | ### Message 1.4 - Request Presentation with split presentation_def ```json= { "type":"https://didcomm.org/present-proof/3.0/request-presentation", "id":"<message unique id>", "pthid":"<id present in invitation>", "from":"did:example:verifier", "to":"did:example:prover", "attachments":[ { "@id":"c93f0a4b-4ee1-4c14-a697-07183bde6708", "mime-type":"application/json", "format":"dif/presentation-exchange/definitions@v1.0", "referenceID":"<id_from_change_request_for_driver_license>", "data":{ "json":{ "dif":{ "options":{ "challenge":"b2898dd5-12a8-4d95-a114-88a519fe2950", "domain":"4jt78h47fh47", "signingKey(TODO: Use DID terminology)" : "did:example:prover:1" }, "presentation_definition":{ "id":"4fbb64cf-d3ee-4018-85da-689c761822bd", "input_descriptors":[ { "id":"driver_license", "name":"Driver's license.", "purpose":"Verify your identity.", "schema":[ { "uri":"https://trustbloc.github.io/context/vc/examples/mdl-v1.jsonld#mDL" } ] } ] } } } } }, { "@id":"9c412a12-94a9-45dc-a207-d2c395a300bc", "mime-type":"application/json", "format":"dif/presentation-exchange/definitions@v1.0", "referenceID":"<id_from_change_request_for_credit_report>", "data":{ "json":{ "dif":{ "options":{ "challenge":"798a6ced-424c-427c-a211-4b2046f622ed", "domain":"4jt78h47fh47", "sendTo" : "did:example:prover:2" }, "presentation_definition":{ "id":"184d5610-f006-4979-bfd7-da97ae42a32d", "input_descriptors":[ { "id":"credit_score", "name":"Credit Score and Report.", "purpose":"Determine eligibility for the service.", "schema":[ { "uri":"https://trustbloc.github.io/context/vc/examples/credit-score-v1.jsonld" } ] } ] } } } } } ] } ``` Now the request has 2 presentation definition attachments. If ncvi is set to true in the previous message, then the verifier needs to have a separate challenge and sendTo fields, so that the svc holders will not be able to correlate the messages. | Key | Description | Mandatory | Valid Values | | ----------- | --------------------------------------------- |:--------- | ------------------------------ | | referenceID | referenceID from change-request group message | Yes | String | | sendTo | presentation destination | Yes | DID with valid didcomm service | ### Message 1.5 - Send Proof ```json= { "type":"https://trustbloc.dev/waci/1.0/send-presentation", "id":"<message unique id>", "from":"did:example:prover", "to":"did:example:issuer", "body":{ "@id":"9c412a12-94a9-45dc-a207-d2c395a300bc", "mime-type":"application/json", "format":"dif/presentation-exchange/definitions@v1.0", "referenceID":"<id_from_change_request_for_credit_report>", "pthid":"<id present in invitation>", "data":{ "json":{ "dif":{ "options":{ "challenge":"798a6ced-424c-427c-a211-4b2046f622ed", "domain":"4jt78h47fh47", "sendTo" : "did:example:prover:2" }, "presentation_definition":{ "id":"184d5610-f006-4979-bfd7-da97ae42a32d", "input_descriptors":[ { "id":"credit_score", "name":"Credit Score and Report.", "purpose":"Determine eligibility for the service.", "schema":[ { "uri":"https://trustbloc.github.io/context/vc/examples/credit-score-v1.jsonld" } ] } ] } } } } } } ``` ### Message 2 - Present Proof [WACI v0.1 Reference](https://identity.foundation/waci-presentation-exchange/#message-2-present-proof) #### Presentation from Wallet to Verifier Driver License Presentation from Wallet ```json= { "type":"https://didcomm.org/present-proof/3.0/presentation", "id":"f1ca8245-ab2d-4d9c-8d7d-94bf310314ef", "from":"did:example:verifier", "to":"did:example:prover", "body":{ }, "attachments":[ { "@id":"2a3f1c4c-623c-44e6-b159-179048c51260", "mime-type":"application/ld+json", "format":"dif/presentation-exchange/submission@v1.0", "data":{ "@context":[ "https://www.w3.org/2018/credentials/v1", "https://identity.foundation/presentation-exchange/submission/v1" ], "holder":"did:orb:EiAKvgn-utI8XBb1gqSoXs_l3zEWIQ-XcLkQiFYrXw8r7A", "presentation_submission":{ "descriptor_map":[ { "id":"driver_license", "path":"$.verifiableCredential[0]" } ] }, "proof":{ "created":"2021-06-07T16:03:55.249-04:00", "domain":"adapter-rp.devel.trustbloc.dev", "jws":"eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..oEnVrBYzX3jwb6ojm_TBL6jwxuXyIUAWFfStYza53U8lwOTAuLnorzlosal2MY0Vz1bL_5POWG9hk0yu9KA-DQ", "proofPurpose":"authentication", "type":"Ed25519Signature2018", "verificationMethod":"did:example:prover#key1 }, "type":[ "VerifiablePresentation", "PresentationSubmission" ], "verifiableCredential":[ { "@context":[ "https://www.w3.org/2018/credentials/v1", "https://trustbloc.github.io/context/vc/examples/mdl-v1.jsonld" ], "credentialSubject":{ "birthdate":"1990-01-01", "document_number":"123-456-789", "driving_privileges":"G2", "expiry_date":"2025-05-26", "family_name":"Smith", "given_name":"John", "issue_date":"2020-05-27", "issuing_authority":"Ministry of Transport Ontario", "issuing_country":"Canada", "resident_address":"4726 Pine Street", "resident_city":"Toronto", "resident_postal_code":"A1B 2C3", "resident_state":"Ontario" }, "description":"Drivers License for John Smith (Issued by Government of Castleham)", "id":"urn:uuid:680f53be-1f5b-479d-8908-f2a0edb6d8f7", "issuanceDate":"2021-06-07T20:02:44.542341539Z", "issuer":{ "id":"https://demo-issuer.devel.trustbloc.dev/didcomm", "name":"TrustBloc - Driving License + Assurance Issuer" }, "name":"Drivers License", "proof":{ "created":"2021-06-07T20:02:44.730614315Z", "jws":"eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..NVum9BeYkhzwslZXm2cDOveQB9njlrCRSrdMZgwV3zZfLRXmZQ1AXdKLLmo4ClTYXFX_TWNyB8aFt9cN6sSvCg", "proofPurpose":"assertionMethod", "type":"Ed25519Signature2018", "verificationMethod":"did:orb:EiA3Xmv8A8vUH5lRRZeKakd-cjAxGC2A4aoPDjLysjghow#tMIstfHSzXfBUF7O0m2FiBEfTb93_j_4ron47IXPgEo" }, "type":[ "VerifiableCredential", "mDL" ] } ] } } ] } ``` #### Presentation from Svc Holder to Verifier: Credit Report Presentation from Wallet ```json= { "type":"https://didcomm.org/present-proof/3.0/presentation", "id":"f1ca8245-ab2d-4d9c-8d7d-94bf310314ef", "from":"did:example:verifier", "to":"did:example:prover", "body":{ }, "attachments":[ { "@id":"2a3f1c4c-623c-44e6-b159-179048c51260", "mime-type":"application/ld+json", "format":"dif/presentation-exchange/submission@v1.0", "data":{ "@context":[ "https://www.w3.org/2018/credentials/v1", "https://identity.foundation/presentation-exchange/submission/v1" ], "holder":"did:orb:EiAKvgn-utI8XBb1gqSoXs_l3zEWIQ-XcLkQiFYrXw8r7A", "presentation_submission":{ "descriptor_map":[ { "id":"credit_score", "path":"$.verifiableCredential[0]" } ] }, "proof":{ "created":"2021-06-07T16:03:55.249-04:00", "domain":"mydomain.com", "jws":"eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..oEnVrBYzX3jwb6ojm_TBL6jwxuXyIUAWFfStYza53U8lwOTAuLnorzlosal2MY0Vz1bL_5POWG9hk0yu9KA-DQ", "proofPurpose":"authentication", "type":"Ed25519Signature2018", "verificationMethod":"did:example:issuer-abc#key1" }, "type":[ "VerifiablePresentation", "PresentationSubmission" ], "verifiableCredential":[ { "<credit_report_vc_keys>":"<credit_report_vc_values>" } ] } } ] } ```