Offline presentations

This scenario assumes that although the mobile wallet is offline (due to no connectivity), the verifier systems are able to be connected to the network and have access to wider internet.

Using the wallet offline

The MATTR mobile wallet is able to be used in situations where the device is not connected to the internet, such as areas of poor connectivity due to lack of WiFi or mobile coverage or if the device set to flight-mode or unable to roam, say at an overseas airport.

This implementation of compressed credentials using CBOR-LD is currently in a Technical Preview. This means we may change how this feature is implemented resulting in breaking changes to the API as well as the feature set being limited in some capacity.

Opening the mobile wallet whilst offline will behave very similar to if the device has connectivity. A small 'No internet connection' notification bar is shown at the top of the screen.

View a credential

You are able to open and view a credential that has been saved to the wallet, however some validation checks are not performed as indicated by a blue warning label 'Unable to verify - Device is offline'.

Validations that cannot run offline:

  1. The issuer DID of the credential is unable to be resolved (unless it is a did:key), this means the wallet cannot be sure the issuer still has the public key associated with the credential made available.

  2. The revocation list cannot be checked, so the wallet is unable to determine if the issuer has revoked the credential.

  3. The domain of the issued credential is unable to be verified which means the DID to Domain linkage is unable to be confirmed. This shouldn't affect the verifier but may have future impact on the connection between the wallet and the issuer.

Ultimately these checks are performed when the credential is obtained in the wallet, so only a change in state would result in issues when presenting a credential to a verifier as the verification may fail if the verifier performs the checks online.

Presenting a Credential

In the menu item, tap on the 'Present Credential' item.

If the Credential is suitable a Verifiable Presentation in the form of a QR code is displayed on the screen.

A verifier may scan this QR code, decode the payload, convert from CBOR-LD to JSON-LD, then Verify the Presentation.

Credential suitability for offline use

The MATTR Wallet imposes some technical and practical constraints when determining if a credential held in the wallet may generate an offline presentation in the form of a QR code.

The most significant factor is size of the payload placed in the QR code, unfortunately at this stage there is not a simple calculation to determine this as factors such as the CBOR-LD conversion, Zlib compression and size & resolution of the QR code all impact whether the presentation may be displayed.

In general try to avoid:

  • Images embedded into the credential, unless they are tiny <100kb and the rest of the payload is small

  • BBS+ signatures, these are ideal for online challenge/response interactions so that a verifier and the holder can negotiate selective-disclosure of claims within a credential, however, the larger signature size means they are not suitable for offline use and the benefits are not apparent during a one-way flow.

  • Large nested data types, the more fields in the credential the higher the overall size of the credential. At this stage of the Technical Preview, we do not have an exact figure for the number of claims a credential can hold, however a flat list of <10 claims should generally work, more than this may result in more issues.

  • Complex linked-data structures, due to limitations in the libraries use of many linked contexts and the use of @vocab may have a dramatic increase in the resulting CBOR-LD payload size, if all other points above are met and the Wallet still refuses to create an offline presentation, it may indicate an issue with the linked-data context processing.

Sample App

The Verify CBOR-LD Presentation sample app is a simple way to get started on how to achieve this flow using a local app you can run yourself.

To set up the app you will need an active tenant on the platform and a valid credential issued to the MATTR Wallet.

Steps to verify an offline presentation

In order to decode and verify an offline presentation generated by the MATTR Wallet these steps can be followed:

  1. Decode the Base32, this a common format to encode for QR Codes

  2. The result will be a binary file, this file must then be inflated using Gzip

  3. The inflated Gzip file will be in CBOR-LD binary format, this will need to be converted to Base64 to use with the MATTR platform API

  4. Send the Base64 string to the Linked Data Convert API, using the following options.

http
Copy to clipboard.
1POST
2https://YOUR_TENANT_SUBDOMAIN.vii.mattr.glboal/core/v1/linkeddata/convert

Request

json
Copy to clipboard.
1{
2  "options": {
3    "inputFormat": "cborld",
4    "outputFormat": "jsonld",
5    "outputEncoding": "none"
6  },
7  "data": "2QUBpgGBERhweCRiYTNlMDRiMS00MjcwLTRlNmItODE3Yi0wNjQ3Yjg4YWJlN2IYc4KnGHQYaBh+eCRlMWIzNWFlMC05ZTBlLTExZWEtOWJiZi1hMzg3YjI3YzllNjAYgBph3MNOGIJubXktY3VzdG9tLnBhZ2UYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLk5ybjJRMnkyX1lua3FuRmUxNjgzUjVyRUxKN1ctODVmSHlWcThMaWk2UnNYWkEyMVN1VV95QVltWkxMVHFuXzBrQ3hIR2pqUE1KUUhYdUJLSlpQckRnGIoYlBiOgxkEAVgi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH581gi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH586cYdBhoGH54JGUxYjM1YWUwLTllMGUtMTFlYS05YmJmLWEzODdiMjdjOWU2MBiAGmHcw04Ygm5teS1jdXN0b20ucGFnZRiGeJBleUpoYkdjaU9pSkZaRVJUUVNJc0ltSTJOQ0k2Wm1Gc2MyVXNJbU55YVhRaU9sc2lZalkwSWwxOS4uRG1YRFBCR004dS1BSGJqOFpEUE5tcVJmazB3OXYyclNackx1bzNiaURHcVhYTUJlWDhmXzJGUS13OTNEdk0zd2tEWFd5bFFZS3lhbFhZT3BCeDRoQ1EYihiUGI6DGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGHWBGG4YeIIZBAFYIu0Bvq6iMTAS0faVujnXmcT7btWhS18CIRV2+ftOT5JB+fMYfYGmAYMRoWZAdm9jYWJ4KGh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdW5kZWZpbmVkVGVybSNyaHR0cHM6Ly9zY2hlbWEub3JnGHKlGHQYaBiAGmHcwpkYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLkxnV2trWEFzRWdOVGlTMzZpdHpXaTBrZFloWnFhV2ZVTlFtTlJpTnZ2NXpaVGJUV1V5VWI3RkZIQVY1MG5GMUl3cnE2UTN3MVJNVmxOellEaEkxTERnGIoYkhiOgxkEAVgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nFgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nBh1ghhscENvdXJzZUNyZWRlbnRpYWwZFmqkGHCCGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGQ5kcENlcnRpZmljYXRlIE5hbWUZDvhkU2hpbhkPcGVDaHJpcxkWcIIaYdzCmBkC7BkWdKIYcIIZBAFYIu0BV1PvG//7ZnQD1ogdi2FrEAIi1MuPtLosGl0aaOCLN5wZEcBmdGVuYW50"
8}

5. The Result will be in JSON-LD, this can be used with the Verify a Presentation endpoint

http
Copy to clipboard.
1POST
2https://YOUR_TENANT_SUBDOMAIN.vii.mattr.glboal/core/v1/presentations/verify

Request

json
Copy to clipboard.
1{
2  "presentation": {JSONLD_PRESENTATION}
3}

Response

The response will show if the presentation is verified based on the following:

Ensures the presentation conforms to the VC Data model For the verifiableCredential object;

  • Issuer DID can be resolved

  • JSON-LD context is valid for subject claims

  • Credential proof is valid & the credential has not been tampered with

  • Is not in a revoked status on a RevocationList2020

  • There is a Presentation proof that is valid for each subjectDID to prove ownership

  • Finally, a Presentation proof is valid for the holderDID for the Presentation

json
Copy to clipboard.
1{
2  "verified": true
3}