Webinar recap: Decentralized identity protocols and standards

10 December 2020

Last week, our second webinar in series on decentralized identity went live! In this session, our specialists Richard Astley and Mikko Vuorinen focused specifically on decentralized identity protocols and standards. Don’t worry if you missed it, the full recording is now available on YouTube. This blog will recap the Q&A segment of the webinar. If you have any additional questions or want to book a slot with one of our experts, contact us here: info@condatis.com.

The link between wallets and mobile phones

If I get a new mobile phone or switch from iPhone to Android will my new wallet contain all my credentials from my old one, or is everything stored on the device lost if I don’t have the old wallet anymore?

Unfortunately, wallet credentials are currently lost when going through this process. The wallet Is secured with keys that are specific to that device. The current way around it is exporting the credentials from one wallet and restoring them onto another phone. Wallets aren’t currently backed up online, meaning everything is protected on your device. Wallets are more secure when stored locally as they are generally secured with biometrics, meaning the security that’s used to encrypt the data rests protected by a hardware key or the secure enclave of the phone. Unfortunately, any new phone would need different keys to the chips that have first encrypted it.

There is work going on to make it easier to backup and restore your credentials but it’s not as simple as downloading the app again and having all your information, however, you can have credentials reissued when redownloaded.

What happens if I try to issue a credential and the recipient’s phone is offline?

There are two agents that can use the secure communication channel at any time. Obviously, a mobile phone isn’t on all the time. Therefore, when the mobile phone is off, there is a cloud agent that handles either the initial issuance request or proof request. The cloud agent will hold that request until the mobile phone is back online again. Once the mobile phone is back online, it broadcasts to the cloud agent and that agent can push down either of the requests. There is clearly a dependence on a cloud service that will forward messages on, alternatively, it can also be a mediator that forwards messages between different agents.

Relationship between wallets and agents

Where is the border between a wallet and an agent?

Starting with agents, they are ultimately what talk in the protocols, so it’s agents that communicate with other agents. Whether that be as part of the process of issuing or requesting proof of a credential. A wallet however has a larger job than the agent. A wallet has various roles, one is to provide a good user experience and UI for a user to manage their identity with. It’s also about the cryptography that is used for protecting that data. A wallet has an agent for when it needs to communicate with other agents. Ultimately, the agent is the protocol and the communication, and the wallet is an application that uses the agent.


Where is the line between the standards and the stack specific implementation?

The key role of the stack specific protocols is the communication between the agents. There is the standard for representing the verifiable credentials, and the standards for the decentralized identifiers. They mostly define the content, not how the communication between different parts work. That is where most of the implementation-specific protocols come into play, at least for the moment. There is ongoing work to make these protocols more standardised and interoperable, allowing communication between different implementations.

In short, the standards define the structure and semantics of the verifiable credential core content, while the protocols define the communication layer.

Up next

Next webinar on decentralized identity










We have our next webinar in the series coming up on 16th December. In this session, Mikko and Richard will look at using Hyperledger Aries to issue and verify credentials. The series will run up until March, giving our attendees the opportunity to learn and enhance their knowledge even further.

Register to attend

Don’t miss our next webinar in the Azure AD B2C series

13th January @ 3PM GMT | Secure your IT real-estate with Microsoft Azure AD B2C. Join us we look at federation and single sign-on.

Download the webinar slides.

     Yes, I would like to subscribe to Condatis’ newsletter and receive company related news & updates—you can unsubscribe at any time.

      All personal data submitted via this form will be stored and used in line with the General Data Protection Regulation (GDPR). Please read our privacy policy to learn more on how we protect and manage personal data submitted through our website.