VC API Use Cases

W3C Working Group Note

This version:
https://www.w3.org/TR/2022/NOTE-vc-api-use-cases-20220830/
Latest published version:
https://www.w3.org/TR/vc-api-use-cases/
Latest editor's draft:
https://w3c-ccg.github.io/vc-api-use-cases/
Editors:
Juan Caballero (Spherity)
Joe Andrieu (Legendary Requirements)
Eric Schuh (Legendary Requirements)
Author:
Participate:
GitHub w3c-ccg/vc-api-use-cases
File a bug
Commit history
Pull requests

Copyright © 2022 W3C® (MIT, ERCIM, Keio, Beihang). W3C liability, trademark and permissive document license rules apply.

Abstract

TODO: write a real abstract

Status of This Document

This is a preview

Do not attempt to implement this version of the specification. Do not reference this version as authoritative in any way. Instead, see https://w3c-ccg.github.io/vc-api-use-cases/ for the Editor's draft.

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

This document represents a concise but limited collection of use cases readers should review alongside the VC API Specification.

Comments regarding this document are welcome. Please file directly on GitHub, or send them to public-vc-comments@w3.org (subscribe, archives).

This document was published by the VC API Working Group as a Working Group Note.

GitHub Issues are preferred for discussion of this specification.

Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 1 March 2019 W3C Process Document.

1. Introduction

For Verifiable Credentials to be realized as a usable data format there needs to exist a neutral, standard-governed way for Issuers, Holders and Verifiers of these credentials to transport them between said entities. TODO: Finish introduction

1.1 Existing Work

TODO: fill in

2. Use Cases

3. Requirements

4. Features and Benefits

5. VC API Actions

5.1 Issuer to Holder

5.2 Present for Verification

5.3 Refresh

6. Focal Use Cases

6.1 Get Digital Permanent Resident Card

Lana is an IT administrator for the United States Citizenship and Immigration Services (USCIS) Digital Permanent Resident Card (PRC) program. She configures the USCIS website to issue digital Permanent Resident Cards by utilizing industry standard issuer software and setting up the appropriate HTTP API Authorizations between systems. Legal Permanent Residents, upon receiving their physical card in the mail, are given the USCIS website URL, a login account, and PIN code that they may use to manage their account and pick up their digital Permanent Resident Card. When Louis, a Legal Permanent Resident, requests a digital Permanent Resident Card via the USCIS website, he authenticates using his login account and once authenticated, provides a DID associated with his client-side digital wallet against which the website will issue VCs. The USCIS website then connects to the digital card issuing server, which builds the Verifiable Credential Permanent Resident Card using Louis' account data, and then utilizes industry standard HTTP APIs to issue the Permanent Resident Card as a Verifiable Credential. Louis can then use his Digital Permanent Resident Card in online scenarios when he needs to prove his resident status, such as when applying for a job.

Requirements:

Contributed by: Digital Bazaar

Mermaid

Lana - Issuer Adminuscis.gov - Issuer AppGeneric Issuer SAAS - Issuer Serviceauthn.io - Holder ServiceLouis's Browser - Holder AppLouis - HolderConfigure to properly use Generic Issuer SAAS1Process configuration2Status check3Verify Authorization4Check business rules5All good6Configuration complete7Holder-App/registerCredentialHandler8uscis.gov9uscis.gov10uscis.gov/index.html11uscis.gov/index.html12Click \"Get PRC\"13uscis.gov/getPRC14request authentication15request authentication16provide authentication details17uscis.gov/authenticate?louiss-details18process provided authentication details19authentication succus20authentication succuss21Holder-App/requestPresentation22Holder/selectHolderService23holderServiceSelection24HolderService/requestPresentation25Holder/selectWallet26walletSelection27Holder/selectProfile28profileSelection29HolderApp/requestedPresentation30IssuerApp/requestedPresentation31IssuerService/credentials/issue?\"providedVP\"32IssuerApp/credentials/issued?\"issuedCredentailsWrappedByIssuerApp\"33HolderApp/newCredential?\"issuedCredentialUnwrappedByIssuerApp\"34Holder/selectHolderService35holderServiceSelection36HolderService/storeCredentials?\"credentials\"37Holder/selectWallet38walletSelection39Holder/selectProfile40profileSelection41Store credentials42HolderApp/credentialsStored43Lana - Issuer Adminuscis.gov - Issuer AppGeneric Issuer SAAS - Issuer Serviceauthn.io - Holder ServiceLouis's Browser - Holder AppLouis - Holder
Figure 1 UC2.1 Mermaid

6.2 Refresh Expired Over Age Token

Riley has onboarded into the TruAge digital age verification system, which has provided her with a set of Verifiable Credentials that she stores in her digital wallet. A subset of the Verifiable Credentials that she has received are digitally signed single-use age tokens that only assert that she is above the age of 21 and are marked as "used" by the TruAge system when they are submitted as a part of an age-restricted goods purchase, such as buying a bottle of wine. Eventually, Riley runs out of single use age tokens in her digital wallet. The digital wallet keeps track of which tokens have been used and once all tokens have been consumed, contacts a refresh service endpoint listed in one of the TruAge credentials that provides new over-age tokens. The digital wallet requests a new set of tokens by hitting the HTTP API of this VC-refresh service listed in the “refreshService” array and POSTing the original Verifiable Credential containing the refresh service description. The HTTP API ensures that it has received a valid credential and reissues a set of new digitally signed single-use age tokens in the response.

Requirements:

Mermaid

Riley's Wallet - Holder ServiceTruAge Website - Verifier AppGeneric Verifier SAAS - Verifier ServiceGeneric Issuer SAAS - Issuer ServiceNotice out of Age Tokens1truage.com/credentials/refresh2Domain&Challenge w/ request for expired VC3Generate VP containing Over Age VC4Sign generated VP5truage.com//presentations/submissions?\"OverAgeVP\"6Extract contained VC7Check if subject of contained VC is signer of VP8genericverifier.com/presentations/verify?\"OverAgeVP\"9Process provided VP10truage.com/presentations/verified?\"VerificationResult\"11Evaluate VP verification result12genericverifier.com/credentials/verify?\"OverAgeVC\"13Process provided VC14truage.com/credentials/verified?\"VerificationResult\"15Evaluate business rules16genericissuer.com/credentials/issue?\"OverAgeVC\"17Generate new Age Tokens18truage.com/credentials/issued?\"NewAgeTokenCredentials\"19rileyswallet.com/credentails/refreshed?\"NewAgeTokenCredentials\"m20Riley's Wallet - Holder ServiceTruAge Website - Verifier AppGeneric Verifier SAAS - Verifier ServiceGeneric Issuer SAAS - Issuer Service
Figure 2 UC2.2 Mermaid

Contributed by: Digital Bazaar

6.3 Execute Multi-stage Presentation Workflow

Description: Ignio, a logistics manager for "Kirk Company", would like to submit all necessary paperwork to send his company's products across international boundaries. These products are considered hazardous chemicals and thus are regulated, requiring extra paperwork to be filed before transportation is approved across boundaries. Some hazardous material shipments are different resulting in different required paperwork, and Ignio wants to automate as much of the process as possible with Shippers, their 3rd Party Logistics company (3PL). There are a set of verifiable credentials that Ignio is willing to share with Customs as well as the transportation company.

When Kirk starts a shipping workflow, his company's systems initiate the workflow by contacting a known location on the Shipper's Website. A presentation exchange occurs to first DIDAuth the company and send generic mandatory information for any shipment; if and only if the information provided requires additional information‒in this case a hazmat certification‒a second exchange is initiated to request this outstanding/required hazmat info. Once this is received, Shippers can send back a Bill of Lading in VC form. The two (or more) credential exchanges are composable and idempotent, ending in a valid BoL if successful.

Requirements:

Mermaid

Ignio - Logistic ManagerKirk Company Enterprise Resource Planning App - Holder and Holder ServiceShipping Co. Website - Issuer AppGeneric Verifier SAAS - Verifier ServiceShipping Co DatabaseGeneric Issuer SAAS - Issuer ServiceVerify all necessary info ready to request Bill of Lading (BoL)1Display requested data2Evaluate data Ignio - Logistic Manager->>Ignio - Logistic Manager:Decide ready to get BoL3Trigger request for BoL4shippingco.com/credentails/issue?\"BillOfLading\"5genericverifier.com/presentations/available6Challenge for DID Auth7Domain&Challenge + Shipping Info + HTTP Callback location8Generate challenge response VP which contains requested Shipping Info VCs9shippingco.com/presentations/submissions/HTTPCallback?\"ChallengeResponseVP\"10genericverifier.com/presentations/verify?\"ChallengeResponseVP\"11Evaluate Challenge Response12shippinco.com/presentations/verified?\"VerificationResultVP\"13Check business rules14Register Shiptment info15info registered16Request for DID Atuh + Hazmat Info + HTTP Callback location17Generate VP containing Hazmat Info18shippingco.com/presenations/submissions/HTTPCallback2?\"HazmatVP\"19genericverifier.com/presentations/verify?\"HazmatVP\"20Evaluate Hazmat VP21shippinco.com/presentations/verified?\"VerificationResultVP\"22Check business rules23Register Hazmat Info24info registered25Request Shipment and Hazmat info26requested info27Generate BoLRequestVP28genericissuer.com/credentials/issue?\"BoLRequestVP\"29Check business rules30shippingco.com/credentials/issued?\"BoL\"31kirkcompany.com/credentails/newCredential?\"BoL\"32BoL Ready notice33Ignio - Logistic ManagerKirk Company Enterprise Resource Planning App - Holder and Holder ServiceShipping Co. Website - Issuer AppGeneric Verifier SAAS - Verifier ServiceShipping Co DatabaseGeneric Issuer SAAS - Issuer Service
Figure 3 UC2.3 Mermaid

Contributed by: Digital Bazaar

6.4 Aggregated Credential Workflow

Tod is using digital credentials to apply for a service/qualify for a job/gain access to a programme. Some of his credentials are available today, some will need to be provided when they are ready (for example, a criminal background check can take 24-48 hrs to process). He would like these credentials to be presented to the Verifier (service provider) when ready, without having to constantly return to the Verifier (service provider) and deliver them "by hand". He should be able to have them released from his Holder directly as they become available.

Requirements:

Mermaid 

sequenceDiagram
    autonumber
        Kenzie 
(Holder)->>jobapplications.com 
(Verifier App):jobapplications.com/presenations/submit?"application"
        jobapplications.com 
(Verifier App)->>jobapplications.com 
(Verifier App):process application
        jobapplications.com 
(Verifier App)->>Kenzie 
(Holder):Request credentials A and B
        Kenzie 
(Holder)->>Kenzie's Wallet 
(Holder Service):Check for A and B
        Kenzie's Wallet 
(Holder Service)->>Kenzie 
(Holder):Display A, B not found
        Kenzie 
(Holder)->>Kenzie's Wallet 
(Holder Service):Need B
        Kenzie's Wallet 
(Holder Service)->>backgroundcheck.com 
(Issuer App):backgroundcheck.com/index.html
        backgroundcheck.com 
(Issuer App)->>Kenzie's Wallet 
(Holder Service):index.html
        Kenzie's Wallet 
(Holder Service)->>backgroundcheck.com 
(Issuer App):backgroundcheck.com/getBackgroundCheck
        backgroundcheck.com 
(Issuer App)->>Kenzie's Wallet 
(Holder Service):getBackgoundCheck.html
        Kenzie's Wallet 
(Holder Service)->>backgroundcheck.com 
(Issuer App):backgroundcheck.com/getBackgrounCheck/credentials/issue?"RequestedInfo"
        backgroundcheck.com 
(Issuer App)->>backgroundcheck.com 
(Issuer App):evaluate requested info
        backgroundcheck.com 
(Issuer App)->>Generic Issuer 
(Issuer Service):genericissuer.com/credentials/issue?"backgrounCheckCredential+info"
        Generic Issuer 
(Issuer Service)->>backgroundcheck.com 
(Issuer App):issued VC
        backgroundcheck.com 
(Issuer App)->>Kenzie's Wallet 
(Holder Service):kenzieswallet.com/credentials/recieve?"VC"
        Kenzie's Wallet 
(Holder Service)->>Kenzie 
(Holder):Notify B Ready
        Kenzie 
(Holder)->>jobapplications.com 
(Verifier App):jobapplications.com/presenations/submit?"application"
        jobapplications.com 
(Verifier App)->>Kenzie 
(Holder):Request Credentials A and B
        Kenzie 
(Holder)->>Kenzie's Wallet 
(Holder Service):Send A and B to jobapplications.com
        Kenzie's Wallet 
(Holder Service)->>jobapplications.com 
(Verifier App):jobapplications.com/presentations/submit?"application with A and B"
        jobapplications.com 
(Verifier App)->>Generic Verifier 
(Verifier Service):genericVerifer.com/presentations/verify?"applicationwith A and B"
        Generic Verifier 
(Verifier Service)->>jobapplications.com 
(Verifier App):Verification Result
        jobapplications.com 
(Verifier App)->>jobapplications.com 
(Verifier App):process application
        jobapplications.com 
(Verifier App)->>Kenzie's Wallet 
(Holder Service):Application Accepted
        Kenzie's Wallet 
(Holder Service)->>Kenzie 
(Holder):Application Accepted
Figure 4 UC2.4 Mermaid

Contributed by:SecureKey Technologies Inc.

6.5 Submit/Sign/Verify a test credential to a licensure system

A student, Shabazz, wants to publish their MBLEx test results from an education test provider, Massage Therapy Test Corp. Massage Therapy Test Corp proxies their authority to sign to a service provider, SSI Ventures. SSI Ventures issues Shabazz a VC when he logs into his Massage Therapy Test Corp account and enables his browser-based SSI Wallet, Billfold. The signed VC is then stored in Shabazz’ Billfold™ Wallet to be presented elsewhere.

In a separate session, Shabazz logs into a web portal of a State Massage Therapy licensure system to apply for his Massage Therapy license. The licensure specialist at the State checks the issuer using a State accreditation system, then checks the signature on the test results VC and ingests the credential’s payload. The licensure specialist then finalizes their workflow and issues Shabazz a Massage Therapy license.

Requirements:

  • 1. VC Issuance
  • 2. VC Presentation
  • 3. Issuer Lookup (is that business logic?),
  • 4. VP Verification
  • 5. VC Verification
  • X. Website as Consumer.
  • X. Issuance-as-a-Service,

    • Mermaid

    Shabazz (Student) - HolderShabazz's Browser - Holder AppMassage Therapy Test Corp Webpage - Issuer AppShabazz's Wallet - Holder ServiceSSI Venture - Issuer Servicefloydsmassagetheray.com - Verifier AppState Verifier - Verifier Servicemassagetherapytestcorp.com1messagetherapytestcorp.com/index.html2index.html3display webpage4Authnticate5messagetherapytestcorp.com/authenticate6authentication challenge7challenge8authentication information9messagetherapytestcorp.com/authenticate?\"info\"10process authentication information11authentication success12authentication success13get Message Therapy Credential14messagetherapytestcorp.com/getTherapyCredential15DID Auth Challenge16Select a wallet17Select Wallet18Request DID Auth Challenge Response19generate DID Auth response20DID Auth response21messagetherapytestcorp.com/getTherapyCredential/didAuth?\"DIDAuthResponse\"22Process response23ssiventures.com/messagetestcorp/credentials/issue?\"VPfromDIDAuth\"24messagetherapytestcorp.com/credentials/issued?\"issuedCredentailsWrappedByIssuerApp\"25HolderApp/newCredential?\"issuedCredentialUnwrappedByIssuerApp\"26store credential27sucess28Credential successfully stored in wallet29Go to Floyd's Message Therapy Webpage30floydsmessagetherapy.com/index.html31index.html32display page33Submit employment application34floydsmessagetherapy.com/employmentApp35Domain&Challenge36Select a wallet37wallet selection38Domain&Challenge39generate VP40Challenge response VP41floydsmessagetherapy.com/empoymentApp/challengeResponse?\"VP\"42Process response43request application with State License VC44Request VP45Generate VP46VP w/Application and State License47floydsmessagetherapy.com/presenatations/submit?\"Application wtih State License VP\"48stateverifier.com/credentials/verify?\"StateLicenseVC\"49Verification Result50process application51Application submitted52Application submitted53Shabazz (Student) - HolderShabazz's Browser - Holder AppMassage Therapy Test Corp Webpage - Issuer AppShabazz's Wallet - Holder ServiceSSI Venture - Issuer Servicefloydsmassagetheray.com - Verifier AppState Verifier - Verifier Service
    Figure 5 UC2.5 Mermaid

    Contributed by:RANDA Solutions

    6.6 Supply Chain Import

    In order to export steel products to the global market, Steel Mills Global must prove the quality of their products. For this, they rely on Inspectors & Co, an internationally recognized steel testing company. Upon inspection, Inspectors & Co issues a Mill Test Report VC to Steel Mills Global.

    Steel, Inc. imports and distributes steel products domestically. Negotiating a shipment Steel Mills Global presents the MTR as proof of product quality. Steel Inc. verifies the MTR VP and accepts the shipment.

    Steel, Inc. initiates the importing procedures, starting out self-issuing an Import Declaration Form VC. The MTR and IDF are jointly presented to the Customs authority which verifies the VP. Upon verification the customs release is granted for goods import.

    Note: These VC types are taken from the Traceability Vocabulary, a W3C-CCG work item for supply chain use-cases.

    Requirements:

    Mermaid 

    sequenceDiagram               
autonumber     
  Holder - Steel Mills Global (SMG)->>Holder App -  SMG Enterprise API:getMillTestReportVC     
  Holder App -  SMG Enterprise API->>Issuer App - Inspectors & Co Enterprise Software:inspectorandco.com/credentials/issue     
  Issuer App - Inspectors & Co Enterprise Software->>Lacy - Inspectors & Co Inspector:New inspection requested     
  Lacy - Inspectors & Co Inspector->>Lacy - Inspectors & Co Inspector:Completes SMG Inspection     
  Lacy - Inspectors & Co Inspector->>Issuer App - Inspectors & Co Enterprise Software:Issue Mill Test Report to SMG     
  Issuer App - Inspectors & Co Enterprise Software->>Issuer Service - Inspectors & Co Issuer:IandCoIssuer.com/credentials/issue     
  Issuer Service - Inspectors & Co Issuer->>Issuer Service - Inspectors & Co Issuer:Process request     
  Issuer Service - Inspectors & Co Issuer->>Issuer App - Inspectors & Co Enterprise Software:Issued Credentials     
  Issuer App - Inspectors & Co Enterprise Software->>Holder App -  SMG Enterprise API:smgApi.com/credentials/recieve?\"MillTestReportVP\"     
  Holder App -  SMG Enterprise API->>Holder App -  SMG Enterprise API:Process returned VP     
  Holder App -  SMG Enterprise API->>Holder Service - SMG Wallet:smgWallet.com/credentials/store?\"MTRVP\"     
  Holder Service - SMG Wallet->>Holder Storage - SMG EDV/KMS:smgEdv.com/credentials/store?\"MTRVP\"     
  Holder Storage - SMG EDV/KMS->>Holder Storage - SMG EDV/KMS:Store credentials     
  Holder Storage - SMG EDV/KMS->>Holder Service - SMG Wallet:Storage success and access info     
  Holder Service - SMG Wallet->>Holder App -  SMG Enterprise API:Storage acknowledged     
  Holder App -  SMG Enterprise API->>Holder - Steel Mills Global (SMG):Mill Test Report recieved     
  Steel, Inc->>Holder - Steel Mills Global (SMG):Purchase Inquiry     
  Holder - Steel Mills Global (SMG)->>Holder - Steel Mills Global (SMG):Process Inquiry    
  Holder - Steel Mills Global (SMG)->>Steel, Inc:Agree to sell     
  Steel, Inc->>Holder - Steel Mills Global (SMG):Request Mill Test Report     
  Holder - Steel Mills Global (SMG)->>Holder App -  SMG Enterprise API:sendMillTestReportVC     
  Holder App -  SMG Enterprise API->>Verifier App - Steel, Inc. Business API:steelincapi.com/presentations/available     
  Verifier App - Steel, Inc. Business API->>Holder App -  SMG Enterprise API:Domain&Challenge     
  Holder App -  SMG Enterprise API->>Holder Service - SMG Wallet:smgWallet.com/presentations/issue?\"Domain&Challenge\"     
  Holder Service - SMG Wallet->>Holder Service - SMG Wallet:Generate VP containing the MTR     
  Holder Service - SMG Wallet->>Holder Storage - SMG EDV/KMS:smgEdv.com/credentials/sign?\"GeneratedVP\"     
  Holder Storage - SMG EDV/KMS->>Holder Storage - SMG EDV/KMS:Sign VP     
  Holder Storage - SMG EDV/KMS->>Holder Service - SMG Wallet:SignedVP     
  Holder Service - SMG Wallet->>Holder App -  SMG Enterprise API:SignedVP     
  Holder App -  SMG Enterprise API->>Verifier App - Steel, Inc. Business API:steelincapi.com/presentations/submissions?\"SignedVP\"     
  Verifier App - Steel, Inc. Business API->>Verifier App - Steel, Inc. Business API:Check business rules     
  Verifier App - Steel, Inc. Business API->>Verifier Service - Steel Industry Verifier:steelindustryverifier.com/presentations/verify     
  Verifier Service - Steel Industry Verifier->>Verifier Service - Steel Industry Verifier:Check proofs     
  Verifier Service - Steel Industry Verifier->>Issuer Service - Inspectors & Co Issuer:IandCoIssuer.com/credentials/revocationList?\"MTRVC\"     
  Issuer Service - Inspectors & Co Issuer->>Issuer Service - Inspectors & Co Issuer:Check revocation list     
  Issuer Service - Inspectors & Co Issuer->>Verifier Service - Steel Industry Verifier:revocationStatus=notRevoked     
  Verifier Service - Steel Industry Verifier->>Verifier App - Steel, Inc. Business API:steelincapi.com/presentations/verified?\"MTRVC\"     
  Verifier App - Steel, Inc. Business API->>Verifier App - Steel, Inc. Business API:Check business rules     
  Verifier App - Steel, Inc. Business API->>Verifier App - Steel, Inc. Business API:Record verification result     
  Verifier App - Steel, Inc. Business API->>Steel, Inc:New Verification Result Notification     
  Verifier App - Steel, Inc. Business API->>Holder App -  SMG Enterprise API:steelincapi.com/presentations/verified?\"SignedVP\"     
  Holder App -  SMG Enterprise API->>Holder - Steel Mills Global (SMG):Mill Test Report Verified
    Figure 6 UC2.6 Mermaid

    Contributed by:Transmute Industries

    A. Terminology

    This section is non-normative.
    Error 
    Cannot GET /uploads/XbdC1r/terms.html

    B. Acknowledgements

    This section is non-normative.

    The editors are thankful to the contributions from the VC API Working Group

    Syntax error in graphmermaid version 9.0.0