Secure messaging functionality is central to the future of distributed digital trust. Communication is part of the foundation of the internet, and historically, establishing digital connections with others has always required an intermediary “connection broker,” like Google, WhatsApp, an email provider, or a phone carrier. By leveraging the power of DIDs as well as the power of JOSE specifications, it is possible to establish secure connections simply as a byproduct of two or more parties exchanging DIDs.
The foundational basis of this secure messaging architecture is called JSON Web Message (JWM). JWM is a standard for universal secure messaging; it belongs to the JOSE family of specifications alongside JSON Web Encryption (JWE) and JSON Web Signature (JWS).
DIDComm provides the core messaging protocols that create a secure tunnel between DIDs. In its simplest form, it’s a secure communication layer built on top of the information contained in DID Documents. DIDComm messages are based on the structure of JSON Web Messages. The basic structure of the message specifies the type, id, and other attributes common to all messages. Using these standards allows each party in a distributed ecosystem to exercise control, practice full transparency, and participate in trustworthy communication.
To learn more about our approach to messaging, read our blog, “JWM: a new standard for secure messaging”.
MATTR VII provides secure messaging capabilities and allows customers to create, sign, and verify messages using DIDs.
This is particularly effective when it comes to authenticating end-users. For example, the mobile wallet app can send a JWS with a signature that is generated from the Subject DID on the mobile app. Any party receiving that message can use the platform to verify the JWS, thereby proving that the Mobile Wallet App has access to the private key of the Subject DID. This kind of information is incredibly useful in establishing trust between parties before continuing with an interaction.
For more detail on our Messaging capabilities, check out the API Reference Docs.