Versions Compared

Old Version 7

changes.mady.by.user Darrell O'Donnell

Saved on

compared with

New Version 8

changes.mady.by.user Sam Curren

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Mobile Verifiers
    • We need them.
    • Flow
      • Holder displays QR, Verifier scans with mobile app and sees the result. - Common Model, assumed by those new to industry.
      • 'presenting' the QR code feels natural when 'presenting' a credential.
      • QR is best as invitation, not requiring user to know in advance what to present.
      • Verifier can also display QR.
      • Speed of transaction
        • User prepares to have transaction happen fast
          • Preselect or preauthorize set of actions
          • Can be assisted by governance / trust registry to find common targets
        • build set of 'reapprovals' after done initially.
          • save my authorization
    • Unique Features
      • Offline Verifications
        • Can't use shortened QR codes
        • BLE Verification useful offline
          • Needs framework support
        • Machine Readable Governance - cached
          • Cache schemas
          • Cache public keys for verifiers?
          • Pass file? (Interaction)
        • NFC - Needs investigation
      • Common Hardware
      • Framework support required
        • Offline aware
      • UI Supports required
      • Cache Needed
      • User Experience
        • Clear for Holder
        • Clear for Verifier
        • Clear indication of where in the flow they are. Universal progress bar?
        • Particularly for non-happy paths
          • Internationalization / Localization
      • Performance
      • Auditing verifications
        • reporting verifications back to main org
        • minimal disclosure auditing
        • knowing what is stored/passed
    • Actions Items
  • Device Recovery (Backup/Restore/SyncRecovery/Rotation to new keys)
    • Backup / Restore Formats?
    • https://w3c-ccg.github.io/universal-wallet-interop-spec/
    • Data Model + app specific in the same format?
    • Keep them separate?
    • Security of backups?
      • huge attack vector – e.g. family member restores backup to new device and uses data
      • Is it possible to disable an old phone when a restoration is done to a new phone?
      • Assumption is that encrypted backup goes one place, the recovery key goes elsewhere and the only come together for restore
        • Is there more that can be done?  Other protections?
        • Can this be done with self-service?  Is that safe enough?
        • Selective recovery – is that possible?
    • Some things that can't be backed up or restored
      • Example is a device-based keys – you can't back these up
        • If there is a credential somehow tied to a device key, that credential must be reissued (and that's OK)
    • How to do continuous backups (don't lose data)?
      • File format
        • File format for a full backup
          • Contents – connections, credentials, history
        • Will we have to do (more or less) continuous backup - full backup every time efficient enough vs. incremental?  Classic backup issues.
          • Treat this as an optimization for now
      • An RFC to define such a protocol to be used with a backup service – perhaps supplied by a mediator (but could be any connection).
        • Setup backup – location, recovery key(s) (format – e.g. passphrase? biometrics?), restoration process
        • Make backup – ongoing – data format
        • Retrieve backup for restoration
        • Restore backup using recovery key(s)
      • How can Mobile OS features help with this?
        • E.g. Backup/Restore of app data
  • Secure Element usage
    • Provinces Project - diagram, markdown - decisions when making a wallet.
      • starting point for security framework oriented folks.
  • SDK / Embedding Agents into existing Mobile Apps

...