Student obtains verinym from trusted channel (for now: API endpoint, later: from website).
Student queries ledger to get endpoint. (and name?)
Student sends Anoncrypted (to Verinym) ConnectionRequest (authorization in header, not message)
University sends Anoncrypted (to DID from ConnectionRequest) ConnectionResponse
Connection is considered to be complete, rest of communcation done using AuthCrypt.
This means that plaintext is no longer needed, so this can be removed and the didOrNonce field can be simplified to be just "did"
pimotte
commented
5 years ago
Design:
Student obtains verinym from trusted channel (for now: API endpoint, later: from website). Student queries ledger to get endpoint. (and name?) Student sends Anoncrypted (to Verinym) ConnectionRequest (authorization in header, not message) University sends Anoncrypted (to DID from ConnectionRequest) ConnectionResponse Connection is considered to be complete, rest of communcation done using AuthCrypt.
This means that plaintext is no longer needed, so this can be removed and the didOrNonce field can be simplified to be just "did"