Verified Contact | development

[cvarjao]

Description of feature / user story

As a holder, when connecting to an organization or individual, I want to have confidence that the individual/organization is who they say they are.

Notes

• How can we go from "unverified contact" to "verified contact"? Is this a protocol?
• We can leverage Person Credential for verifying individuals
• We can leverage Business Card for verifying organizations
• How do we know a received presentation was for the purpose of contact verification? there isn't a lot of metadata on a proof request and presentation
• out of scope:
  • "use something else"

    Reference Work

• Microsoft Teams labels attendees outside the organization as "unverified"

Acceptance Criteria

Wireframes or relevant image assets / links

https://www.figma.com/proto/mfUqAvZIeOsgxPqWTTp0SU/BC-Wallet-app?node-id=157-80&viewport=803%2C-528%2C0.53&t=vM56OziJrLAoYClY-0&scaling=scale-down&content-scaling=fixed&starting-point-node-id=527%3A1245&show-proto-sidebar=1

[CharlesMacpherson]

I was chatting with Oliver on this topic. We thought that the wallet could automatically acknowledge either a Person proof request, a DBC proof request or a CANdy DID as a verified contact.

[CharlesMacpherson]

Recognition of the CANdy DID will work with issuer who have a static public DID. I am curious if our BC gov verifiers would or could have a static CANdy DID, and could that also be the for VC-AuthN-OIDC use cases like ACM.

[cvarjao]

I am not too sure about the wallet "automatically acknowledge", I think it needs to have user consent. Just because I am connecting with you, it doesn't mean I want to tell you my real name, or share anything. Maybe there is a bit of someone needs to share first. The what is being verified, it might also be a factor. I just want to know you are a real person (and not robot) or I want to know that you are not only a real person, but the person named "John Smith". That is to say, there are some interesting question to investigate.

we are not using public DIDs at the moment, we use peer DIDs. Ongoing conversations about OOB and reusing connections using public DIDs.

[CharlesMacpherson]

I am not too sure about the wallet "automatically acknowledge", I think it needs to have user consent

I agree. Enable the wallet to recognized a successful proof request or static/public DID, but Allow the user to know that information make the decision to tag the connection as trusted/verified