Webinar recap: Decentralised identity protocols and standards

10 December 2020

Last week, our second webinar in series on decentralised identity went live! In this session, our specialists Richard Astley and Mikko Vuorinen focused specifically on decentralised identity protocols and standards. Don’t worry if you missed it, the full recording is now available on YouTube. This blog will recap the Q&A segment of the webinar. If you have any additional questions or want to book a slot with one of our experts, contact us here: info@condatis.com.

The link between wallets and mobile phones

If I get a new mobile phone or switch from iPhone to Android will my new wallet contain all my credentials from my old one, or is everything stored on the device lost if I don’t have the old wallet anymore?

Unfortunately, wallet credentials are currently lost when going through this process. The wallet Is secured with keys that are specific to that device. The current way around it is exporting the credentials from one wallet and restoring them onto another phone. Wallets aren’t currently backed up online, meaning everything is protected on your device. Wallets are more secure when stored locally as they are generally secured with biometrics, meaning the security that’s used to encrypt the data rests protected by a hardware key or the secure enclave of the phone. Unfortunately, any new phone would need different keys to the chips that have first encrypted it.

There is work going on to make it easier to backup and restore your credentials but it’s not as simple as downloading the app again and having all your information, however, you can have credentials reissued when redownloaded.

What happens if I try to issue a credential and the recipient’s phone is offline?

There are two agents that can use the secure communication channel at any time. Obviously, a mobile phone isn’t on all the time. Therefore, when the mobile phone is off, there is a cloud agent that handles either the initial issuance request or proof request. The cloud agent will hold that request until the mobile phone is back online again. Once the mobile phone is back online, it broadcasts to the cloud agent and that agent can push down either of the requests. There is clearly a dependence on a cloud service that will forward messages on, alternatively, it can also be a mediator that forwards messages between different agents.

Relationship between wallets and agents

Where is the border between a wallet and an agent?

Starting with agents, they are ultimately what talk in the protocols, so it’s agents that communicate with other agents. Whether that be as part of the process of issuing or requesting proof of a credential. A wallet however has a larger job than the agent. A wallet has various roles, one is to provide a good user experience and UI for a user to manage their identity with. It’s also about the cryptography that is used for protecting that data. A wallet has an agent for when it needs to communicate with other agents. Ultimately, the agent is the protocol and the communication, and the wallet is an application that uses the agent.


Where is the line between the standards and the stack specific implementation?

The key role of the stack specific protocols is the communication between the agents. There is the standard for representing the verifiable credentials, and the standards for the decentralised identifiers. They mostly define the content, not how the communication between different parts work. That is where most of the implementation-specific protocols come into play, at least for the moment. There is ongoing work to make these protocols more standardised and interoperable, allowing communication between different implementations.

In short, the standards define the structure and semantics of the verifiable credential core content, while the protocols define the communication layer.

Download the webinar slides.