GNAP + Interactive Workflows

(Greetings from W3C CCG / VC-API world)

Use Cases

Specific use cases:

1. Re-issuing an existing expired Verifiable Credential
2. Issuing Education VCs if pre-requisites are met

Generalized to:

• Iterative issue workflow

​

(Resulted in PRs #254 and #255 to VC-API spec.)

1. Re-Issue Workflow

​

Client: "Issuer, I would like an expired VC to be re-issued."

Issuer: "Great, please present me a copy of the expired credential, a fresh authn token, and supporting VCs X, Y, and Z. You may submit them to the following endpoint."

Client: (POSTs to the designated endpoint) "Here are your required pre-requisites."

Issuer: "Here is you re-issued credential."

​

Hey, that reminds me of GNAP!

GNAP draft 8 - 1.5.5. Refreshing an Expired Access Token / 6.1. Rotating the Access Token

​

​

GNAP

​

• access_token.manage endpoint

​

But what about pre-reqs? (proofs of payment, etc.)

VC / VC-API

​

• refreshService.type / refreshService.url

2. Issue a VC, with pre-requisites

Client: "Issuer, I want a credential for the completion of a course."

Issuer: "Please provide the following pre-requisites:

a) an instance of DIDAuth (with the DID that you want the credential issued to).,

b) an instance of an OpenID Connect ID Token or Access Token from the university's OIDC provider (so that we can verify in our databases which student is requesting the credential, if they're eligible, etc)., and

c) a VC receipt / proof of payment. Please provide them as a VP, to the following endpoint."

Client: "I have performed the OpenID Connect authorization flow, and received the required access token.

Here are the pre-requisites, including the access token, in a VP signed by a DID, serving as an example of DID Auth."

Issuer: "Here is your proof of course completion credential."

​

​

GNAP's 'interact.start' / '.finish' modes

Interact URIs as "please submit the pre-requisites to the following endpoint"

Working Together

Questions