Verifying

Description

Verifying credentials allows organisations to view specific attributes from a wallet holder's credential(s). Verification requests (also known as proof requests) are configured by the verifying organisation to require specific credential attributes. A verification request is initiated by the wallet holder by scanning a QR code. The holder will then receive a notification in their wallet that the verifying organisation is requesting credential attributes. Once approved the credential attributes are sent to the verifying organisation. If the holder rejects the request no attributes are shared. If the holder does not have the correct credential, they will be unable to satisfy the verification request and this will fail.

FaceCheck

When verifying credentials that need an elevated level of trust the FaceCheck feature of Microsoft Verified ID can be used to provide this. It performs a Liveness validation of a photo that is included in the creadential being verified. In order to use FaceCheck the authority needs to have it enabled in Entra - this is done using the enableFacecheck endpoint. The FaceCheck quality can also be controlled via the verification credential template (see Credential Templates) being used as the basis for the verification.

Standard User Journey

HolderVerifierCendaRelying Party2. Proof request3. Issue Proof  5. OIDCResponse1. OIDC request  4. Verify Proof
  1. OIDC Request from the Relying Party to Cenda
  2. Proof Request from Cenda to the Holder's digital wallet
  3. Issue Proof from the Holder's digital wallet to Cenda
  4. Verify Proof via Cenda
  5. OIDC Response from Cenda to the Relying Party

Alternative User Journey (External Credential Verification)

<color:#393938><$ma_bank><color:#f39200><$ma_bridge><color:#a0a0a0><$cell_phone_iphone_proportional><color:#393938>SSI ProviderVerifierVerifierVerifierCendaVerifierCendaHolderHolderSSI ProviderSSI Provider1. Send credentialverification request2. Send credentialverification requestusing the Verifier data3. Create credentialverification request 4. Send deep-linkrelated to theverification request 5. Send deep-link for theHolder's digital wallet 6. Present deep-link 7. Use deep-link tolaunch the digital wallet 8. Accept verification 9. Accepted verification 10. Acceptedverification (Webhook) 11. Share Credentials 12. Verification result  13. Return VerificationResponse (Webhook)14. Retrieve verificationdata using context ID 15. Get verification datarelated to the context ID 16. Verification dataresponse

Important: All Verifiers (relying parties) wishing to use the external verification journey, should register a webhook URL into Cenda to be able to receive the callbacks

  1. Send credential verification request from the Verifier to Cenda by including the external scope
  2. Cenda sends a credential verification request to the SSI provider using the data received from the Verifier
  3. SSI Provider creates a credential verification request
  4. SSI Provider returns to Cenda a deep-link related to the verification request
  5. Cenda returns to the Verifier the RequestUri to be used as a deep-link for the Holder's digital wallet
  6. Verifier presents the deep-link to the Holder*
  7. Holder uses the deep-link to launch the digital wallet
  8. Holder accepts the verification request
  9. SSI Provider informs Cenda for the verification acceptance
  10. Cenda informs Verifier for the verification acceptance using the registered webhook URL
  11. Holder shares the requested credentials from the digital wallet
  12. SSI Provider informs Cenda for the credential verification result (success or failure)
  13. Return Verification Response from Cenda to the Verifier using the registered webhook URL
  14. Verifier uses the context ID included in the issuing response from Cenda to retrieve the issuance data
  15. Cenda retrieves the verification data related to the context ID
  16. Cenda returns the verification data to the Issuer

*Note: The Holders should avoid using the deep-link as a browser URL, because depending on the browser behaviour it might not trigger the digital wallet as expected. Instead the deep-link should be presented to the Holder in a format of QR-code, link or button on a page, etc.

Context

Using the Issued Verifiable CredentialUsing the Issued Verifiable CredentialVerifying Enterprise[enterprise]Digital Service[system]CendaSSI Tech Provider[enterprise]Service that wants toverify a VC Subsystem allowingverifying of VCSSI Verifier[Allowing Verification to beintegrated into customerservice]SSI ProviderSSI WalletUserissuing or verificationto walletusesusesverifyingverifyingLegend personsystemcontainerexternal personexternal systemexternal container

OIDC Interface Definition

Cenda's Open ID Connect interface can be used to verify credential-based proofs. See OIDC Interface Definition for details.