Verified Contact | development

bcgov / bc-wallet-mobile

BC Wallet to hold Verifiable Credentials

Apache License 2.0

56 stars 44 forks source link

Verified Contact | development #1931

Open cvarjao opened 2 months ago

cvarjao commented 2 months ago

Description of feature / user story

As a holder, when connecting to an organization or individual, I want to have confidence that the individual/organization is who they say they are.

Notes

How can we go from "unverified contact" to "verified contact"? Is this a protocol?
We can leverage Person Credential for verifying individuals
We can leverage Business Card for verifying organizations
How do we know a received presentation was for the purpose of contact verification? there isn't a lot of metadata on a proof request and presentation

Reference Work

Microsoft Teams labels attendees outside the organization as "unverified"

Acceptance Criteria

Wireframes or relevant image assets / links

https://www.figma.com/proto/mfUqAvZIeOsgxPqWTTp0SU/BC-Wallet-app?node-id=157-80&viewport=803%2C-528%2C0.53&t=vM56OziJrLAoYClY-0&scaling=scale-down&content-scaling=fixed&starting-point-node-id=527%3A1245&show-proto-sidebar=1

CharlesMacpherson commented 2 months ago

I was chatting with Oliver on this topic. We thought that the wallet could automatically acknowledge either a Person proof request, a DBC proof request or a CANdy DID as a verified contact.

CharlesMacpherson commented 2 months ago

Recognition of the CANdy DID will work with issuer who have a static public DID. I am curious if our BC gov verifiers would or could have a static CANdy DID, and could that also be the for VC-AuthN-OIDC use cases like ACM.

cvarjao commented 2 months ago

I am not too sure about the wallet "automatically acknowledge", I think it needs to have user consent. Just because I am connecting with you, it doesn't mean I want to tell you my real name, or share anything. Maybe there is a bit of someone needs to share first. The what is being verified, it might also be a factor. I just want to know you are a real person (and not robot) or I want to know that you are not only a real person, but the person named "John Smith". That is to say, there are some interesting question to investigate.

we are not using public DIDs at the moment, we use peer DIDs. Ongoing conversations about OOB and reusing connections using public DIDs.

CharlesMacpherson commented 2 months ago

I am not too sure about the wallet "automatically acknowledge", I think it needs to have user consent

I agree. Enable the wallet to recognized a successful proof request or static/public DID, but Allow the user to know that information make the decision to tag the connection as trusted/verified