A next-generation credential is a machine-verifiable method of conveying information about an entity (a natural person, system, organization, etc.), either self-asserted by that entity, or attested about that entity, from:


1) An issuer (may be self-issued)

to

2) A verifier

by means of 

3) A wallet

controlled by

4) A holder (an entity which is the subject of the attestation)


The ecosystem in which this transaction takes place, for the purposes of this definition, must support some semblance of each of the following characteristics:


1) Privacy-respecting / preserving / empowering of the subject

2) Interoperability across many possible implementations of all technical underpinnings of the ecosystem

3) Good user experience (UX) which informs and empowers the subject to make meaningful decisions about the transmission of attestations under their control

4) Upholds the strongest practical standards of information security within its ecosystem, which are at least suitable to support interchange of the most sensitive types of attestations within that ecosystem

5) Verifiers must be able to poll issuers for revocation of attestations.

6) Support for both online and offline modes of operation depending on requirements

  • No labels

4 Comments

  1. Should this mention something about trust models?
    Would next-generation credentials rely on Internet connectivity, or no?

  2. Shouldn't the possibility of application to offline use cases also be mentioned? (implying not only the case where the IdP is online, such as Assertion and Token in SAML and OIDC, but also including scenarios where the Holder carries the credential).

  3. RE: attestations (characteristic #5)
    Is this saying that the issue can delete data from a holder's wallet?
    Is this saying that a holder can delete data from a verifier's application?
    I could see issuers maintaining CRLs and holders 'remembering' consent decisions in their wallet, otherwise I'm not sure how #5 gets implemented.

  4. Items 5 and 6 have been updated based upon feedback from the last meeting.