Compressed Web credentials
Compressed Web credentials are currently marked as 'Retired' as per our Service Level Agreement. This capability is no longer actively enhanced or supported and will be removed from the MATTR VII platform on August 19th, 2024. It is highly recommended to issue Compact Semantic Credentials instead.
Overview
Using JSON-LD as the data-model for credentials is useful to provide rich semantic meaning in a human-readable format that can be worked with using some existing tooling. However, the expanded form of the linked-data format does result in larger sized payloads that can be problematic when trying to verify credentials in an offline scenario using QR codes.
Compressing the credentials in a lossless way using a CBOR-LD format allows for a wider range of credentials to be encoded into a QR code that can be presented to verifiers.
This tutorial will use API endpoints available on MATTR VII, the MATTR Wallet and also a sample application to demonstrate a working solution whilst allowing you to learn about the constraints of working with devices in an offline mode.
Converting payloads
The MATTR VII API has an endpoint to be able to convert linked-data between JSON-LD and a binary format, CBOR-LD, in a lossless manner.
The API is general purpose and can convert any data model however there are 2 types of model that we'll focus on:
Verifiable Credentials
Verifiable Presentations
This implementation of compressed credentials using CBOR-LD is currently in a Technical Preview. This means we may change how this feature is implemented resulting in breaking changes to the API as well as the feature set being limited in some capacity.
Create a JSON-LD credential
Follow the tutorial on creating credentials, start with a basic credential as using ZKP-enabled or complex credentials will hit some limitations discussed later on in the guide.
Request
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/sign1{
2 "issuer": {
3 "id": "did:web:organization.com",
4 "name": "tenant"
5 },
6 "subjectId": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
7 "type": [
8 "VerifiableCredential",
9 "CourseCredential"
10 ],
11 "claims": {
12 "givenName": "Chris",
13 "familyName": "Shin",
14 "educationalCredentialAwarded": "Certificate Name"
15 },
16 "persist": false,
17 "revocable": false
18}
Use the Public DID (menu > Settings > Public DID) from your MATTR mobile wallet as the
subjectId
Response
1{
2 "id": "c6667bb7-9442-49a5-bb0b-fce269e97fc6",
3 "tag": "identifier123",
4 "credential": {
5 "@context": [
6 "https://www.w3.org/2018/credentials/v1",
7 "https://mattr.global/contexts/vc-extensions/v2",
8 ],
9 "type": [
10 "VerifiableCredential",
11 "CourseCredential"
12 ],
13 "issuer": {
14 "id": "did:web:organization.com",
15 "name": "tenant"
16 },
17 "issuanceDate": "2021-07-26T01:05:05.152Z",
18 "expirationDate": "2023-02-21T06:44:28.952Z",
19 "credentialSubject": {
20 "id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
21 "givenName": "Chris",
22 "familyName": "Shin",
23 "educationalCredentialAwarded": "Certificate Name"
24 },
25 "proof": {
26 "type": "Ed25519Signature2018",
27 "created": "2021-07-26T01:05:06Z",
28 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..o6hnrrWpArG8LQz2Ex_u66_BtuPdp3Hkz18nhNdNhJ7J1k_2lmCCwsNdmo-kNFirZdSIMzqO-V3wEjMDphVEAA",
29 "proofPurpose": "assertionMethod",
30 "verificationMethod": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj#z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj"
31 }
32 },
33 "issuanceDate": "2021-07-26T01:05:05.152Z"
34}
Convert a credential to CBOR-LD
To convert this JSON-LD credential into a CBOR-LD representation use the Convert Linked Data endpoint.
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/linkeddata/convertRequest
1{
2 "options": {
3 "inputFormat": "jsonld",
4 "outputFormat": "cborld"
5 },
6 "data": {
7 "@context": [
8 "https://www.w3.org/2018/credentials/v1",
9 {
10 "@vocab": "https://w3id.org/security/undefinedTerm#"
11 },
12 "https://schema.org"
13 ],
14 "type": [
15 "VerifiableCredential",
16 "CourseCredential"
17 ],
18 "issuer": {
19 "id": "did:web:organization.com",
20 "name": "tenant"
21 },
22 "issuanceDate": "2021-07-26T01:05:05.152Z",
23 "credentialSubject": {
24 "id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
25 "givenName": "Chris",
26 "familyName": "Shin",
27 "educationalCredentialAwarded": "Certificate Name"
28 },
29 "proof": {
30 "type": "Ed25519Signature2018",
31 "created": "2021-07-26T01:05:06Z",
32 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..o6hnrrWpArG8LQz2Ex_u66_BtuPdp3Hkz18nhNdNhJ7J1k_2lmCCwsNdmo-kNFirZdSIMzqO-V3wEjMDphVEAA",
33 "proofPurpose": "assertionMethod",
34 "verificationMethod": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj#z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj"
35 }
36 }
37}
The
optionsparameters are used to determine how the API will handle the data, in this example, we are converting fromJSON-LDas theinputFormattoCBOR-LDas theoutputFormatso these fields can be set this way.Use the
credentialobject from the Create Credential API response as thedatapayload body.
Response
1{
2 "metadata": {
3 "encoding": "base64",
4 "format": "cborld"
5 },
6 "data": "2QUBpgGDEaFmQHZvY2FieChodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3VuZGVmaW5lZFRlcm0jcmh0dHBzOi8vc2NoZW1hLm9yZxhypRh0GGgZFmYaYP4KQhkWaniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLm82aG5ycldwQXJHOExRejJFeF91NjZfQnR1UGRwM0hrejE4bmhOZE5oSjdKMWtfMmxtQ0N3c05kbW8ta05GaXJaZFNJTXpxTy1WM3dFak1EcGhWRUFBGRZuGRZ0GRZygxkEAVgi7QF5Zstx+ThTpsnM6PT9HUGF+M9xvreJOA19iXiGHF+h1Fgi7QF5Zstx+ThTpsnM6PT9HUGF+M9xvreJOA19iXiGHF+h1Bh1ghhscENvdXJzZUNyZWRlbnRpYWwZFlCkGHCCGQQBWCLtARZTDdo2+1dGfSuuFZwIr5V7W0wCy12o/1rlCaugUC67GQ5EcENlcnRpZmljYXRlIE5hbWUZDtpkU2hpbhkPUmVDaHJpcxkWWIIaYP4KQRiYGRZcohhwghkEAVgi7QF5Zstx+ThTpsnM6PT9HUGF+M9xvreJOA19iXiGHF+h1BkRomZ0ZW5hbnQ="
7}
The metadata field provides information about the response, for CBOR-LD format the data is always Base64 encoded.
The
datapayload has gone from 1082 characters to 664, approximately a reduction of a third. This can vary depending on the content of the credential, in particular how the expanded Linked Data is represented, further information is available later on in this tutorial.
Convert a verifiable presentation to JSON-LD
Along with credentials, presentations can be converted using the API in the exact same way, in this example, we will convert a CBOR-LD encoded Verifiable Presentation into JSON-LD.
The MATTR Mobile Wallet is able to generate verifiable presentations in a CBOR-LD format and encode them into a QR code (note in the wallet, first the binary is Gzipped then Base32 encoded), once read it will need to be decoded to binary, inflated then converted to Base64.
This is an example of a verifiable presentation in a CBOR-LD format with Base64 encoding.
1"2QUBpgGBERhweCRiYTNlMDRiMS00MjcwLTRlNmItODE3Yi0wNjQ3Yjg4YWJlN2IYc4KnGHQYaBh+eCRlMWIzNWFlMC05ZTBlLTExZWEtOWJiZi1hMzg3YjI3YzllNjAYgBph3MNOGIJubXktY3VzdG9tLnBhZ2UYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLk5ybjJRMnkyX1lua3FuRmUxNjgzUjVyRUxKN1ctODVmSHlWcThMaWk2UnNYWkEyMVN1VV95QVltWkxMVHFuXzBrQ3hIR2pqUE1KUUhYdUJLSlpQckRnGIoYlBiOgxkEAVgi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH581gi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH586cYdBhoGH54JGUxYjM1YWUwLTllMGUtMTFlYS05YmJmLWEzODdiMjdjOWU2MBiAGmHcw04Ygm5teS1jdXN0b20ucGFnZRiGeJBleUpoYkdjaU9pSkZaRVJUUVNJc0ltSTJOQ0k2Wm1Gc2MyVXNJbU55YVhRaU9sc2lZalkwSWwxOS4uRG1YRFBCR004dS1BSGJqOFpEUE5tcVJmazB3OXYyclNackx1bzNiaURHcVhYTUJlWDhmXzJGUS13OTNEdk0zd2tEWFd5bFFZS3lhbFhZT3BCeDRoQ1EYihiUGI6DGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGHWBGG4YeIIZBAFYIu0Bvq6iMTAS0faVujnXmcT7btWhS18CIRV2+ftOT5JB+fMYfYGmAYMRoWZAdm9jYWJ4KGh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdW5kZWZpbmVkVGVybSNyaHR0cHM6Ly9zY2hlbWEub3JnGHKlGHQYaBiAGmHcwpkYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLkxnV2trWEFzRWdOVGlTMzZpdHpXaTBrZFloWnFhV2ZVTlFtTlJpTnZ2NXpaVGJUV1V5VWI3RkZIQVY1MG5GMUl3cnE2UTN3MVJNVmxOellEaEkxTERnGIoYkhiOgxkEAVgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nFgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nBh1ghhscENvdXJzZUNyZWRlbnRpYWwZFmqkGHCCGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGQ5kcENlcnRpZmljYXRlIE5hbWUZDvhkU2hpbhkPcGVDaHJpcxkWcIIaYdzCmBkC7BkWdKIYcIIZBAFYIu0BV1PvG//7ZnQD1ogdi2FrEAIi1MuPtLosGl0aaOCLN5wZEcBmdGVuYW50"To validate if the presentation is valid, first, we need to convert it to JSON-LD, then it can be used with the Verify a Presentation endpoint.
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/linkeddata/convertRequest
1{
2 "options": {
3 "inputFormat": "cborld",
4 "outputFormat": "jsonld",
5 "outputEncoding": "none"
6 },
7 "data": "2QUBpgGBERhweCRiYTNlMDRiMS00MjcwLTRlNmItODE3Yi0wNjQ3Yjg4YWJlN2IYc4KnGHQYaBh+eCRlMWIzNWFlMC05ZTBlLTExZWEtOWJiZi1hMzg3YjI3YzllNjAYgBph3MNOGIJubXktY3VzdG9tLnBhZ2UYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLk5ybjJRMnkyX1lua3FuRmUxNjgzUjVyRUxKN1ctODVmSHlWcThMaWk2UnNYWkEyMVN1VV95QVltWkxMVHFuXzBrQ3hIR2pqUE1KUUhYdUJLSlpQckRnGIoYlBiOgxkEAVgi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH581gi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH586cYdBhoGH54JGUxYjM1YWUwLTllMGUtMTFlYS05YmJmLWEzODdiMjdjOWU2MBiAGmHcw04Ygm5teS1jdXN0b20ucGFnZRiGeJBleUpoYkdjaU9pSkZaRVJUUVNJc0ltSTJOQ0k2Wm1Gc2MyVXNJbU55YVhRaU9sc2lZalkwSWwxOS4uRG1YRFBCR004dS1BSGJqOFpEUE5tcVJmazB3OXYyclNackx1bzNiaURHcVhYTUJlWDhmXzJGUS13OTNEdk0zd2tEWFd5bFFZS3lhbFhZT3BCeDRoQ1EYihiUGI6DGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGHWBGG4YeIIZBAFYIu0Bvq6iMTAS0faVujnXmcT7btWhS18CIRV2+ftOT5JB+fMYfYGmAYMRoWZAdm9jYWJ4KGh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdW5kZWZpbmVkVGVybSNyaHR0cHM6Ly9zY2hlbWEub3JnGHKlGHQYaBiAGmHcwpkYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLkxnV2trWEFzRWdOVGlTMzZpdHpXaTBrZFloWnFhV2ZVTlFtTlJpTnZ2NXpaVGJUV1V5VWI3RkZIQVY1MG5GMUl3cnE2UTN3MVJNVmxOellEaEkxTERnGIoYkhiOgxkEAVgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nFgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nBh1ghhscENvdXJzZUNyZWRlbnRpYWwZFmqkGHCCGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGQ5kcENlcnRpZmljYXRlIE5hbWUZDvhkU2hpbhkPcGVDaHJpcxkWcIIaYdzCmBkC7BkWdKIYcIIZBAFYIu0BV1PvG//7ZnQD1ogdi2FrEAIi1MuPtLosGl0aaOCLN5wZEcBmdGVuYW50"
8}
We want the output to be in plain JSON, so set the
outputEncodingtonone(the default value isbase64).
Response
1{
2 "metadata": {
3 "encoding": "none",
4 "format": "jsonld"
5 },
6 "data": {
7 "@context": [
8 "https://www.w3.org/2018/credentials/v1"
9 ],
10 "type": [
11 "VerifiablePresentation"
12 ],
13 "holder": "did:key:z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx",
14 "id": "ba3e04b1-4270-4e6b-817b-0647b88abe7b",
15 "proof": [
16 {
17 "type": "Ed25519Signature2018",
18 "challenge": "e1b35ae0-9e0e-11ea-9bbf-a387b27c9e60",
19 "created": "2022-01-10T23:37:50Z",
20 "domain": "my-custom.page",
21 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Nrn2Q2y2_YnkqnFe1683R5rELJ7W-85fHyVq8Lii6RsXZA21SuU_yAYmZLLTqn_0kCxHGjjPMJQHXuBKJZPrDg",
22 "proofPurpose": "authentication",
23 "verificationMethod": "did:key:z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx#z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx"
24 },
25 {
26 "type": "Ed25519Signature2018",
27 "challenge": "e1b35ae0-9e0e-11ea-9bbf-a387b27c9e60",
28 "created": "2022-01-10T23:37:50Z",
29 "domain": "my-custom.page",
30 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..DmXDPBGM8u-AHbj8ZDPNmqRfk0w9v2rSZrLuo3biDGqXXMBeX8f_2FQ-w93DvM3wkDXWylQYKyalXYOpBx4hCQ",
31 "proofPurpose": "authentication",
32 "verificationMethod": "did:key:z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j#z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j"
33 }
34 ],
35 "verifiableCredential": [
36 {
37 "@context": [
38 "https://www.w3.org/2018/credentials/v1",
39 {
40 "@vocab": "https://w3id.org/security/undefinedTerm#"
41 },
42 "https://schema.org"
43 ],
44 "type": [
45 "VerifiableCredential",
46 "CourseCredential"
47 ],
48 "credentialSubject": {
49 "educationalCredentialAwarded": "Certificate Name",
50 "familyName": "Shin",
51 "givenName": "Chris",
52 "id": "did:key:z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j"
53 },
54 "issuanceDate": "2022-01-10T23:34:48.748Z",
55 "issuer": {
56 "id": "did:web:organization.com",
57 "name": "tenant"
58 },
59 "proof": {
60 "type": "Ed25519Signature2018",
61 "created": "2022-01-10T23:34:49Z",
62 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..LgWkkXAsEgNTiS36itzWi0kdYhZqaWfUNQmNRiNvv5zZTbTWUyUb7FFHAV50nF1Iwrq6Q3w1RMVlNzYDhI1LDg",
63 "proofPurpose": "assertionMethod",
64 "verificationMethod": "did:key:z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j#z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j"
65 }
66 }
67 ]
68 }
69}
The value from the data object can now be sent to the Verify a Presentation endpoint to validate if the Presentation is valid.
1POST https://YOUR_TENANT_URL/core/v2/credentials/web-semantic/presentations/verifyRequest
1{
2 "presentation": {
3 "@context": [
4 "https://www.w3.org/2018/credentials/v1"
5 ],
6 "type": [
7 "VerifiablePresentation"
8 ],
9 "holder": "did:key:z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx",
10 "id": "ba3e04b1-4270-4e6b-817b-0647b88abe7b",
11 "proof": [
12 {
13 "type": "Ed25519Signature2018",
14 "challenge": "e1b35ae0-9e0e-11ea-9bbf-a387b27c9e60",
15 "created": "2022-01-10T23:37:50Z",
16 "domain": "my-custom.page",
17 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Nrn2Q2y2_YnkqnFe1683R5rELJ7W-85fHyVq8Lii6RsXZA21SuU_yAYmZLLTqn_0kCxHGjjPMJQHXuBKJZPrDg",
18 "proofPurpose": "authentication",
19 "verificationMethod": "did:key:z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx#z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx"
20 },
21 {
22 "type": "Ed25519Signature2018",
23 "challenge": "e1b35ae0-9e0e-11ea-9bbf-a387b27c9e60",
24 "created": "2022-01-10T23:37:50Z",
25 "domain": "my-custom.page",
26 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..DmXDPBGM8u-AHbj8ZDPNmqRfk0w9v2rSZrLuo3biDGqXXMBeX8f_2FQ-w93DvM3wkDXWylQYKyalXYOpBx4hCQ",
27 "proofPurpose": "authentication",
28 "verificationMethod": "did:key:z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j#z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j"
29 }
30 ],
31 "verifiableCredential": [
32 {
33 "@context": [
34 "https://www.w3.org/2018/credentials/v1",
35 {
36 "@vocab": "https://w3id.org/security/undefinedTerm#"
37 },
38 "https://schema.org"
39 ],
40 "type": [
41 "VerifiableCredential",
42 "CourseCredential"
43 ],
44 "credentialSubject": {
45 "educationalCredentialAwarded": "Certificate Name",
46 "familyName": "Shin",
47 "givenName": "Chris",
48 "id": "did:key:z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j"
49 },
50 "issuanceDate": "2022-01-10T23:34:48.748Z",
51 "issuer": {
52 "id": "did:web:organization.com",
53 "name": "tenant"
54 },
55 "proof": {
56 "type": "Ed25519Signature2018",
57 "created": "2022-01-10T23:34:49Z",
58 "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..LgWkkXAsEgNTiS36itzWi0kdYhZqaWfUNQmNRiNvv5zZTbTWUyUb7FFHAV50nF1Iwrq6Q3w1RMVlNzYDhI1LDg",
59 "proofPurpose": "assertionMethod",
60 "verificationMethod": "did:key:z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j#z6MkkL9kGggqk12KZV7XE9uBoDhGGEwHYqe7CB7Qanq2vX6j"
61 }
62 }
63 ]
64 }
65}
Response
1{
2 "verified": true
3}
Offline presentations
This scenario assumes that although the mobile wallet is offline (due to no connectivity), the verifier systems are able to be connected to the network and have access to wider internet.
Using the wallet offline
The MATTR mobile wallet is able to be used in situations where the device is not connected to the internet, such as areas of poor connectivity due to lack of WiFi or mobile coverage or if the device set to flight-mode or unable to roam, say at an overseas airport.
This implementation of compressed credentials using CBOR-LD is currently in a Technical Preview. This means we may change how this feature is implemented resulting in breaking changes to the API as well as the feature set being limited in some capacity.
Opening the mobile wallet whilst offline will behave very similar to if the device has connectivity. A small 'No internet connection' notification bar is shown at the top of the screen.
View a credential
You are able to open and view a credential that has been saved to the wallet, however some validation checks are not performed as indicated by a blue warning label 'Unable to verify - Device is offline'.
Validations that cannot run offline:
The issuer DID of the credential is unable to be resolved (unless it is a
did:key), this means the wallet cannot be sure the issuer still has the public key associated with the credential made available.The revocation list cannot be checked, so the wallet is unable to determine if the issuer has revoked the credential.
The domain of the issued credential is unable to be verified which means the DID to Domain linkage is unable to be confirmed. This shouldn't affect the verifier but may have future impact on the connection between the wallet and the issuer.
Ultimately these checks are performed when the credential is obtained in the wallet, so only a change in state would result in issues when presenting a credential to a verifier as the verification may fail if the verifier performs the checks online.
Presenting a credential
In the menu item, tap on the 'Present Credential' item.
If the credential is suitable a verifiable presentation in the form of a QR code is displayed on the screen.
A verifier may scan this QR code, decode the payload, convert from CBOR-LD to JSON-LD, then verify the presentation.
Credential suitability for offline use
The MATTR Wallet imposes some technical and practical constraints when determining if a credential held in the wallet may generate an offline presentation in the form of a QR code.
The most significant factor is size of the payload placed in the QR code, unfortunately at this stage there is not a simple calculation to determine this as factors such as the CBOR-LD conversion, Zlib compression and size & resolution of the QR code all impact whether the presentation may be displayed.
In general try to avoid:
Images embedded into the credential, unless they are tiny <100kb and the rest of the payload is small
BBS+ signatures, these are ideal for online challenge/response interactions so that a verifier and the holder can negotiate selective-disclosure of claims within a credential, however, the larger signature size means they are not suitable for offline use and the benefits are not apparent during a one-way flow.
Large nested data types, the more fields in the credential the higher the overall size of the credential. At this stage of the Technical Preview, we do not have an exact figure for the number of claims a credential can hold, however a flat list of <10 claims should generally work, more than this may result in more issues.
Complex linked-data structures, due to limitations in the libraries use of many linked
contextsand the use of@vocabmay have a dramatic increase in the resulting CBOR-LD payload size, if all other points above are met and the Wallet still refuses to create an offline presentation, it may indicate an issue with the linked-data context processing.
Steps to verify an offline presentation
In order to decode and verify an offline presentation generated by the MATTR Wallet these steps can be followed:
Decode the Base32, this a common format to encode for QR Codes
The result will be a binary file, this file must then be inflated using Gzip
The inflated Gzip file will be in CBOR-LD binary format, this will need to be converted to Base64 to use with the MATTR platform API
Send the Base64 string to the Linked Data Convert API, using the following options.
1POST https://YOUR_TENANT_URL/core/v2/credentials/web-semantic/linkeddata/convertRequest
1{
2 "options": {
3 "inputFormat": "cborld",
4 "outputFormat": "jsonld",
5 "outputEncoding": "none"
6 },
7 "data": "2QUBpgGBERhweCRiYTNlMDRiMS00MjcwLTRlNmItODE3Yi0wNjQ3Yjg4YWJlN2IYc4KnGHQYaBh+eCRlMWIzNWFlMC05ZTBlLTExZWEtOWJiZi1hMzg3YjI3YzllNjAYgBph3MNOGIJubXktY3VzdG9tLnBhZ2UYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLk5ybjJRMnkyX1lua3FuRmUxNjgzUjVyRUxKN1ctODVmSHlWcThMaWk2UnNYWkEyMVN1VV95QVltWkxMVHFuXzBrQ3hIR2pqUE1KUUhYdUJLSlpQckRnGIoYlBiOgxkEAVgi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH581gi7QG+rqIxMBLR9pW6OdeZxPtu1aFLXwIhFXb5+05PkkH586cYdBhoGH54JGUxYjM1YWUwLTllMGUtMTFlYS05YmJmLWEzODdiMjdjOWU2MBiAGmHcw04Ygm5teS1jdXN0b20ucGFnZRiGeJBleUpoYkdjaU9pSkZaRVJUUVNJc0ltSTJOQ0k2Wm1Gc2MyVXNJbU55YVhRaU9sc2lZalkwSWwxOS4uRG1YRFBCR004dS1BSGJqOFpEUE5tcVJmazB3OXYyclNackx1bzNiaURHcVhYTUJlWDhmXzJGUS13OTNEdk0zd2tEWFd5bFFZS3lhbFhZT3BCeDRoQ1EYihiUGI6DGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGHWBGG4YeIIZBAFYIu0Bvq6iMTAS0faVujnXmcT7btWhS18CIRV2+ftOT5JB+fMYfYGmAYMRoWZAdm9jYWJ4KGh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdW5kZWZpbmVkVGVybSNyaHR0cHM6Ly9zY2hlbWEub3JnGHKlGHQYaBiAGmHcwpkYhniQZXlKaGJHY2lPaUpGWkVSVFFTSXNJbUkyTkNJNlptRnNjMlVzSW1OeWFYUWlPbHNpWWpZMElsMTkuLkxnV2trWEFzRWdOVGlTMzZpdHpXaTBrZFloWnFhV2ZVTlFtTlJpTnZ2NXpaVGJUV1V5VWI3RkZIQVY1MG5GMUl3cnE2UTN3MVJNVmxOellEaEkxTERnGIoYkhiOgxkEAVgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nFgi7QFXU+8b//tmdAPWiB2LYWsQAiLUy4+0uiwaXRpo4Is3nBh1ghhscENvdXJzZUNyZWRlbnRpYWwZFmqkGHCCGQQBWCLtAVdT7xv/+2Z0A9aIHYthaxACItTLj7S6LBpdGmjgizecGQ5kcENlcnRpZmljYXRlIE5hbWUZDvhkU2hpbhkPcGVDaHJpcxkWcIIaYdzCmBkC7BkWdKIYcIIZBAFYIu0BV1PvG//7ZnQD1ogdi2FrEAIi1MuPtLosGl0aaOCLN5wZEcBmdGVuYW50"
8}
5. The Result will be in JSON-LD, this can be used with the Verify a Presentation endpoint
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/presentations/verifyRequest
1{
2 "presentation": {JSONLD_PRESENTATION}
3}
Response
The response will show if the presentation is verified based on the following:
Ensures the presentation conforms to the VC Data model For the verifiableCredential object;
Issuer DID can be resolved
JSON-LD context is valid for subject claims
Credential proof is valid & the credential has not been tampered with
Is not in a revoked status on a RevocationList2020
There is a Presentation proof that is valid for each subjectDID to prove ownership
Finally, a Presentation proof is valid for the holderDID for the Presentation
1{
2 "verified": true
3}