CWT credentials in-person verification journey pattern

This journey pattern is used to verify a CWT credential presented in-person.

Overview

• Issuance channel: In-person, Supervised
• Device/s: Cross-device
• Formats: CWT
• Information assurance level: High
• Identity assurance level: Low (can be high if holder presents an additional identity document)

Journey flow

Architecture

Credential presentation

The holder uses their digital wallet (1) to select the appropriate credential to be presented to the verifier. Once selected, the wallet renders the credential as a QR code.

Alternatively, the holder can also print this QR code and present a paper-based credential.

Credential verification

The verifier scans the QR code presented by the holder’s wallet using a verification app (2) that can be an application built with the MATTR Pi Verifier SDK or a MATTR GO Verify branded application.

The credential’s validity is checked for the following:

• The digital signature is valid, indicating the content of the credential hasn’t been tampered with.
• The credential hasn’t been revoked by the issuer.
• The credential is currently valid and hasn’t expired yet (based on valid from and valid until values included in the credential).
• It has been issued by an issuer that is trusted to issue this type of credential according to the Digital Trust Service (3).

The only reliance the verification has on the issuer is calling an online revocation list (if the credential has revocation properties), which the credential issuer may host to check the status of the credential being presented.

No information relating to the verifier or the context in which the holder is utilizing the credential is shared or available to the issuer.

Verification can also be achieved by extracting the credential payload and passing it through to a MATTR VII verifier tenant.

Additional resources

Docs

API Reference