18 MAPPING SELF SOVEREIGN IDENTITY MODELS TO THE TRUST FRAMEWORK
OIX has ensured that this framework model addresses the needs of both âtraditionalâ centralised identity models and newer Self Sovereign privacy-centric digital identity models.
In the Self Sovereign model the provider of the Wallet the user, or holder, utilises to manage their Digital Identity is likely to take the role of the Identity Provider as described in this guide. Accordingly, a âSmart Walletâ is required that works for the user to enable the rules of the Relying Party to be easily fulfilled.
The below diagram shows how the roles and constructs used in Self Sovereign models map to a Digital ID as described in this guide:
The below diagrams and tables explore how SSI roles overlay on some of the examples of how a Digital ID works referred to earlier in this guide.
The use of a Passport Digitized Credential is a good example of a single layered self-sovereign transaction:
- User Requests check-in from carrier
- Carrier requests passport info from traveller
- User authenticates to Digital ID Smart Wallet and Requests passport
- Digital ID Smart Wallet makes request to Issuer
- Issuer asks User to Verify request to share digital passport
- User Approves request to share digital passport
- Issuer issues digital passport to Digital ID Smart Wallet
- Digital ID Smart Wallet shares digital passport
However, once the Digital ID, or a Rules Agent, starts to derive credentials, the Digital ID or Rules Agent also plays the role of verifier and issuer, resulting in a more complex picture. The below Diagram shows how this works with a Rules Agent:
- User Requests an account creation from Relying party
- Relying party discloses rules to holder
- User authorizes Digital ID Smart Wallet to accept rules from Relying party and to provide required identity information to Rules Agent
- Smart wallet provides required identity information to Rules Agent
- Rules Agent issues derived credential to Digital ID Smart Wallet
- Digital ID Smart Wallet shares derived credential to relying party
The Relying Party is also an Issuer when it creates an Access Credential for the user to use to access their account with that Relying Party. So it also becomes the verifier of its issued credential:
- Relying Party offers User the ability to user their Digital ID Smart Wallet to access their account
- User accepts this offer
- User goes to their Digital ID Smart Wallet
- Relying Party issues their authenicator rules to the Digital ID Smart Wallet
- Relying Party issues their an accoutn key into the Users Digital ID Smart Wallet, which is bound to the correct authenticators.
- User wishes to access their accoint with the Relying Party
- Relying party asks the user to present their account key.
- User presents their accoint key to the Relying Party.