Read-Only Credentials

Addresses the case where a verifier cannot supply a challenge to proof the credential

Description (User Story)

The very first credentials were just parchements with a seal in wax or other media, like the Chinese "Chop" mark. These type of credential remain the most common today. This use case addresses credentials that can be read in digital format, but not modified by the user app in any way.

Narrative

There are two media that are most common for an RO digital cred today: (1) The NFC card and (2) a bar code, or QR code containing the information. These are given to the user in for storage on a mobile phone, or printed on a card or piece of paper.  It is common for credentials installed on a mobile phone to also be provided as a bar or QR code to handle cases where the phone is non-functional for some reason.

Secondary Use Case 

It is also possible for the verifier to obtain additional credentials as well as the RO Cred including a proof of presence response to a nonce transmitted by the Verifier. That case is not addressed here because the primary cred is still just an RO cred.

Many RO creds are also available using a BLE (Bluetooth Low Energy) or other radio, but these are similar to NFC and so are not further considered.


Actors

ActorRole in the use case
Holderof the cred
Verifierof the cred
NFC cardhold the cred


User Stories

ElementDetailNotes
As a,<description of user>
I want<functionality>
so that<benefit>
Acceptance Criteria
Given<how things begin>
When<action taken>
Then<outcome of taking action>


Prerequisites / Assumptions

  •  Duplication of RO cred can be simple and so mitigation like short time duration and online verification are often employed to prevent replay attacks.
  • Note that online verification is a privacy risk of the issuer leaning where the cred has been used. This logging is also considered to be a positive security feature as attacks during of after presentment can be evaluated.
  • One well-know replay attack against a smart health card COVID credential is that when installed on an Apple wallet, it can be displayed to another phone which can capture the cred and install in the reader's wallet.


Use Case Details

Privacy


Data Provided


Data Retained


Diagram


Steps

Primary Use Case

The anticipated normal sequence

#StepDescription
1

2

3

4


Secondary Use Case(s)

Alternate or variant sequences

#StepDescription
1

2

3

4


Sequence Diagram


End State

Describe what measures or signifies the end of the case


Success

Markers or metrics that indicate success

  •  


Failure

Markers or metrics that indicate failure

  •  


References

Champion / Stakeholder

Tom Jones


Related Material

Resources and Links