Derived credentials journey pattern
This journey pattern is used to claim a digital copy of an existing physical credential. It can be embedded into enrolment and/or OID4VCI journey patterns.
Overview
- Issuance channel: Remote, Unsupervised
- Device/s: On device / Cross-device / In-person
- Formats: mDocs, CWT, JSON
- Information assurance level: High
- Identity assurance level: High (when identity assurance checks are included)
Journey flow
Scanning the physical credential
Samantha wants to claim a digital equivalent of physical credential she has in her possession. She uses her wallet to scan/read the physical credential.
Locating suitable credential offers
The wallet identifies the issuer and looks up an external marketplace for any associated credential offers that are available by this issuer for this physical credential. These offers are then displayed to Samantha who can choose which offer to accept.
Different offers can enable Samantha to receive the credential in a range of available formats that suit a variety of verification scenarios and use cases.
Triggering the issuance workflow
Once Samantha selects which offer to accept, the issuance workflow follows the same steps outlined in the OID4VCI journey pattern.
Architecture
Scanning the physical credential
The holder’s wallet (1) initiates the credential offer by scanning the physical identification using a document verification capability.
The physical credential includes a verifiable identifier that enables the wallet to look it up in an Issuers registry (2) and reference the credential offers associated with this type of physical credential.
Issuance flow options
The wallet (1) then displays these options to the user who can select the most suitable one. These offers may differ in the information they include, the credential profiles they generate, or the authentication protocols they require.
Credential issuance workflow
Steps 3 and onwards follow the same architecture outlined in the OID4VCI journey pattern.