Digital Credential Spike

[mbertucci]

How is the information captured in our application? How else can we capture the information step 2 Can we direct Housing applicants to use Digital Services Card instead of Service BC Card Does SBC Connect support digital credentials?

[mbertucci]

1) have sbc connect team

SSO team has done tests with Digtial ID and got it working .. follow up with SSO team

2) option to call Digital Credentials when we ask the applicant to input address, name etc.

[fionazhou-jsb]

Can get First Name, Last Name, Address, City and Province. Address is from BCSC on the file, meaning hosts will not be able to change the address unless they through address change process. Only one version of the credential can be saved. For example, credential for BCSC can only have one copy. Hosts need to remove existing one and add a new one (cannot have 2 versions at the same time). Options

1. • integrate on Step 3, show QR code (fast to get registration)
2. • integrate on Step 3, upload doc and use document reader
3. • integrate at the beginning

From UX perspective, login with SBC via BCSC, and then need to use BC Wallet as an extra step

[fionazhou-jsb]

@shaangill025 can you pls document your findings here so we can close this ticket? Thank you

[mbertucci]

To look in to for future features::

Note: Bertucci, Mikaela CITZ:EX Yes, we can issue STR registration as verifiable credentials. The verification for these credentials are done via proof requests. We will have the ability to enforce the 1 year expiry for registration and also be able to revoke them.

In terms of work, we will have to define the STR registration credential schema, this credential schema specifies the attributes and structure. Then use this schema for creating a credential definition which includes revocation registry details and get that published on Candy PROD network. At this stage, we can start issuing STR registrations as credentials.

For the above workflow, https://github.com/bcgov/aries-vcr-issuer-controller will be used. I am not sure if Registries has an issuer agent already deployed. Getting the issuer agent's wallet seed to be registered on the Candy network will require Digital Trust support.

We can enforce that there is only one credential for a STR registration [issued latest] that is valid at any time.

In terms of verification/presentation, it offers selective disclosure, privacy as big advantages. I believe you have already outlined the other benefits of trust and authenticity [as it will untempered and can only be issued by us], privacy and preventing fraud.

[shaangill025]

This are the credential attributes associated with Person credential [as currently specified with schema in Candy Prod] https://candyscan.idlab.org/tx/CANDY_PROD/domain/13

"attr_names": [
      "expiry_date_dateint",
      "birthdate_dateint",
      "locality",
      "street_address",
      "given_names",
      "family_name",
      "region",
      "country",
      "postal_code",
      "picture"
],

[shaangill025]

For reference, if and when Person credential is to be integrated in SBC-Auth as an authentication method. https://github.com/bcgov/vc-authn-oidc

[shaangill025]

Person credential There can only 1 valid personal credential for an individual at any given time. Each instance of BCWallet can only hold 1 person credential. If you try to get personal credential on a different phone [different instance of BCWallet] then the previously issued credential gets revoked.

FYI @mbertucci, in regards to https://www.addresschange.gov.bc.ca/, I am not sure what happens to the issued person credential when address for BC driving license is changed [wasn't able to test]. Will it be revoked and a new credential be issued?

There are 2 approached to handle this:

• Integrate it into SBC-Auth but since BCWallet and BCServiceCard app will merge into one next year, it might not be worthwhile to put effort into this. https://github.com/bcgov/vc-authn-oidc

• Integrate into step3, where if PR supporting document needs to be uploaded then it show a QR. The QR code is a representation of OOB connection request with attached proof request. We can use https://github.com/bcgov/lcrb-dav with some API work or we can develop our own controller app to accomplish this. There will a webhook listener on the STRR side to monitor and process change of statuses and based on that address info will be extracted accordingly.

  General Flow - Host scans the QR code with their phone and it is going to open the request in BCWallet app. The proof request will open with details on what all is being requested. Host will then have the option to accept or decline.

  Sample proof request config in lcrb-dav

  address-verification-bc-person-credential:
  proof-request:
  name: address-verification
  version: "1.0"
  requested_attributes:
    - names:
        - locality
        - street_address
        - region
        - country
        - postal_code
      restrictions:
        # https://candyscan.idlab.org/tx/CANDY_PROD/domain/14
        - cred_def_id: RGjWbW1eycP7FrMf4QJvX8:3:CL:13:Person
      non_revoked:
        from: $now
        to: $now
  requested_predicates:
    - name: expiry_date_dateint
      p_type: <=
      p_value: $threshold_date_now
      restrictions:
        # https://candyscan.idlab.org/tx/CANDY_PROD/domain/14
        - cred_def_id: RGjWbW1eycP7FrMf4QJvX8:3:CL:13:Person
      non_revoked:
        from: $now
        to: $now
    - name: given_names
      p_type: =
      p_value: $given_name
      restrictions:
        - cred_def_id: RGjWbW1eycP7FrMf4QJvX8:3:CL:13:Person
      non_revoked:
        from: $now
        to: $now
    - name: family_name
      p_type: =
      p_value: $family_name
      restrictions:
        - cred_def_id: RGjWbW1eycP7FrMf4QJvX8:3:CL:13:Person
      non_revoked:
        from: $now
        to: $now

[shaangill025]

Update: https://github.com/bcgov/von-bc-registries-agent for issuing credentials.