VCs via DIDComm

[its-danny]

tl;dr

We can maybe use DIDComm to manage VCs after registration.

The problem

Right now, there’s no way for us to know when a user updates or wants to revoke access to a VC.

A proposal

We could potentially use DIDComm for this.

How it’d work

• Service DID Endpoint
  • When the service DID is created, we set an endpoint in the DID Document specifically for accepting DIDComm messages.
• Updating or Revoking VCs
  • If the user wants to update or revoke a VC, they initiate the request via their wallet. The wallet will then send a request to the services DID endpoint.

Encryption

• The message is encrypted using the recipient's public key.
• The encrypted message is sent to the service’s signing webhook.
• The webhook signs the encrypted message using the service's private key and returns it to us.
• We take the signed, encrypted message and sends it to the intended recipient (e.g., another service or user).
• We never see the contents of the message.

Open questions

• I don’t think this is a standard thing, so it’d be wallet-dependent and as far as I’m aware no current wallet supports this.