Proactive Credential Sharing

Introduction

Historically, wallet holders couldn't share information from their credentials unless someone requested it through a verification request (or 'proof'/'presentation' request). That means you wouldn't be able to share, for example, your business card with a new connection, or your address with someone who needed directions to your home, unless those people somehow conjured up a presentation request to send you first.

Interactive connections allow the wallet holder to share information without needing to receive a verification request first. This proactive way of sharing credentials creates a two-way street between a wallet holder and an institution. Instead of a passive responder, the wallet holder is a peer who can initiate actions of their own. In addition, wallet holders can interact not only with institutions, but also with other wallet holders, to communicate securely and share verified information. Like the other features in the Trinsic platform, interactive connections will continue to evolve over time based on the needs of our developer community.

Sharing your credentials proactively

There are two ways to proactively share your credentials in the Trinsic Wallet. Before doing so, make sure:

  • You and your connection are using the same network
  • You and your connections both have the Trinsic Wallet mobile app open throughout the credential sharing process

From your connections screen

  1. Go to the "Connections" tab in the Trinsic Wallet
  2. Click on the connection with whom you would like to share information with
  3. On the activity log screen, click on the credential icon, and all of the credentials in your wallet will appear
  4. Click on a single credential and choose which attributes in the credential you want to share

From your credentials screen

  1. Go to the "Credentials" tab in the Trinsic Wallet
  2. Click on the credential you would like to share and then click on the "Share with Connection" icon in the lower-right hand side of the screen
  3. Select which attributes you would like to share from that credential
  4. Choose which connection you would like to share the information with

Under the hood

Accomplishing proactively sharable credentials is more complex than it may appear at face value because building interoperable solutions is extremely important to us. In addition, we wanted to retain the cryptographic integrity of the protocols we use for verification.

Typically, the verification request sent by a verifier to a holder includes a nonce; the holder then uses this nonce to generate a unique proof which the verifier can trust as a response to their request. This prevents replay and other attacks. Therefore, a request is required to ensure cryptographic integrity.

We implemented the propose presentation method of the Aries RFC 0037 to accomplish this use case. This way, the credential holder specifies the kind of proof they wish to generate. The verifier uses the proposal as a template for creating their request which the holder can respond to.

Future plans

As of right now, you can use the proactive credential sharing feature with connections only. In the future, we will be exploring ways in which you can proactively share credentials with someone who is not a connection through a public credential link. More to come on that in future, but any thoughts, input, or feedback are always welcome.


Did this page help you?