Towards Functions for Verifiable Credentials in a 2-Holder Model
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 89, Pages 1 - 8
Abstract
A trust model commonly used to describe verifiable credential scenarios covers the roles issuer, holder and verifier which in general interact through the activities issue/hold, present/verify and revoke. The use case "German health certificate" discussed here reveals that processes may incorporate more than just one holder and require credential exchange between them. After issuance to one holder other holders occur which also may or even must present the credential in the further course. Therefore, a holder must be able to execute functions on credentials in its wallet such that some other holder also holds this credential and is able to present it successfully. To formally describe such functions and the necessary data structures in credentials, the "1-holder"-trust triangle is extended to a "2-holder"-model with two holders. Based on this extended model possible and relevant functions and their semantics in terms of verification results are defined. A concept to extend SD-JWT data structures to support this semantics is presented and its applicability is shown.
References
[1]
Ezedin Barka, Ravi Sandhu, 2000. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference, Vol. 4. NIST Baltimore, 49–58.
[2]
Maintained by the Sovrin Governance Framework Working Group. 2019. Sovrin Glossary V3. https://sovrin.org/wp-content/uploads/Sovrin-Glossary-V3.pdf
[3]
Kenichi Nakamura Chadwick and Jo Vercammen. 2022. OpenID for Verifiable Credentials. (2022).
[4]
Sam et al. Curren. 2024. DIDComm Messaging v2.1 Editor’s Draft. https://identity.foundation/didcomm-messaging/spec/v2.1/
[5]
Bundesrepublik Deutschland. 2024. IfSG. https://www.gesetze-im-internet.de/ifsg/__43.html
[6]
Michael B. Jones, John Bradley, and Nat Sakimura. 2015. JSON Web Token (JWT). RFC 7519. https://doi.org/10.17487/RFC7519
[7]
Mary Lacity and Erran Carmel. 2022. Self-Sovereign Identity and Verifiable Credentials in Your Digital Wallet.MIS Quarterly Executive 21, 3 (2022).
[8]
Tobias Looker, Paul Bastian, and Christian Bormann. 2024. Token Status List. Internet-Draft draft-ietf-oauth-status-list-01. Internet Engineering Task Force. https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/01/ Work in Progress.
[9]
Alex Preukschat and Drummond Reed. 2021. Self-sovereign identity. Manning Publications.
[10]
Daniel Richter, Christopher Robin Robin Praas, and Jürgen Anke. 2023. Beyond Paper and Plastic: A Meta-Model for Credential Use and Governance: Complete Research. In European Conference on Information Systems (ECIS 2023).
[11]
Manu Sporny, Dave Longley, David Chadwick, and Orie Steele. 2024. Verifiable Credentials Data Model v2.0, W3C Candidate Recommendation Snapshot. https://w3c.github.io/vc-data-model/
[12]
Oliver Terbu, Daniel Fett, and Brian Campbell. 2024. SD-JWT-based Verifiable Credentials (SD-JWT VC). Internet-Draft draft-ietf-oauth-sd-jwt-vc-03. Internet Engineering Task Force. https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/03/ Work in Progress.
Index Terms
- Towards Functions for Verifiable Credentials in a 2-Holder Model
Recommendations
Long-Lived Verifiable Credentials: Ensuring Durability Beyond the Issuer's Lifetime
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and SecurityUsing Self-Sovereign Identity (SSI) and Verifiable Credentials (VCs) to digitize physical credentials is gaining momentum. In particular, credentials such as diplomas may need to remain valid for decades, sometimes outliving their issuers. For instance, ...
Access with Fast Batch Verifiable Anonymous Credentials
Information and Communications SecurityAbstractAn anonymous credential-based access control system allows the user to prove possession of credentials to a resource guard that enforce access policies on one or more resources, whereby interactions involving the same user are unlinkable by the ...
Rethinking Single Sign-On: A Reliable and Privacy-Preserving Alternative with Verifiable Credentials
MTD '23: Proceedings of the 10th ACM Workshop on Moving Target DefenseSingle sign-on (SSO) has provided convenience to users in the web domain as it can authorize a user to access various resource providers (RPs) using the identity provider (IdP)'s unified authentication portal. However, SSO also faces security problems ...
Comments
Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- Bundesministerium für Wirtschaft und Klimaschutz
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 47Total Downloads
- Downloads (Last 12 months)47
- Downloads (Last 6 weeks)26
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format