Skip to main content
European CommissionEBSI European Blockchain

Identify required capabilities

Last updated on

Define the capabilities needed for exchanging VCs

The following subsection will guide you to outline all necessary capabilities at each step of your user journey. The goal is to identify each functional step and its capabilities in the user journey.

It's now time to define the capabilities required for exchanging Verifiable Credentials (VCs). The functional scenarios below illustrate the capabilities required to exchange VCs between trusted issuers, holders, and verifiers, outlined as sequences of actions that the user performs to achieve their goal.

Functional Scenarios Examples

How a Natural Person downloads and sets up their digital wallet

  1. The user downloads and installs a digital wallet.
  2. The user sets up and secures their wallet.
  3. The user creates DIDs and private and public keys.

How a Natural Person requests a Verifiable Attestation from a Trusted Issuer

  1. The user visits the official website of the Trusted Issuer.
  2. The user authenticates with the Trusted Issuer.
  3. The user requests a Verifiable Attestation.
  4. The user scans a QR code with their phone's camera to claim the Verifiable Attestation with their wallet.
  5. The user unlocks their wallet.
  6. The user authorises the issuance of the Verifiable Attestation.
  7. The issuer authenticates the user (in a pre-authorised flow, this step is omitted)
  8. The user reviews and approves the storage of the Verifiable Attestation.

How a Natural Person presents one or more Verifiable Attestations to a Verifier

  1. The user visits the official website of a Verifier and selects the service.
  2. The Verifier requests to present one or more verifiable credentials.
  3. The user scans a QR code with their phone's camera to start the Verifiable Attestation presentation process on their wallet.
  4. The user unlocks their wallet.
  5. The user reviews and authorises the sharing of their Verifiable Credentials.
  6. The Verifier verifies the VP (signature, trusted issuer and accreditation validity)
  7. The Verifier grants the user access to the service.
Hands on!

Next Steps to define your Verifiable Credential functional capabilities

  1. Review the functional scenarios you outlined for your user stories in Section 1 Template #3.
  2. For each user story, define the target component and the capability required with the help of Section 2 Template #13.
  3. Consult the specifications referenced in Section 2 Template #13 for each capability and assess the implementation effort.

Use the table in Section 2 Template #13 below to guide you:

Section 2 Template #13

How as a Natural Person I download and setup my digital wallet

Functional scenariosScenario DescriptionHolder Wallet ComponentsActions
1To set up my digital wallet, as a Natural Person, I download and install a digital wallet.Download and install a digital walletVisit the App Store
1Select a Wallet
1Download and install a wallet
2To start using my wallet, as a Natural Person, I set up and secure my walletWallet UIEnter information (name, etc.)
2Wallet UISecure wallet (pin/password/face id/...)
2Wallet Key managerCreate DIDs, private and public keys
2Wallet Secure EnclaveStore DIDs, private and public keys

As a Natural Person, I request a Verifiable Attestation from a Trusted Issuer

Functional scenariosScenario DescriptionIssuer ComponentsHolder Wallet ComponentsCapability
1In order to request an attestation from a Legal Entity, as a Natural Person, I can visit the official website of the Trusted Issuer.WebsiteServe the Trusted Issuer Website
2In order to get access to my profile, as a Natural Person, I can authenticate with the Trusted Issuer.WebsiteDisplay supported authentication options
2Authentication ServiceAuthenticate the user
2Authentication ServiceCreate user session
3To get a Verifiable Attestation from a Legal Entity that attests my claims, as a Natural Person, I can request a Verifiable Attestation.WebsiteDisplay an option to issue the credential in a Verifiable Credential format
3VC Issuance serviceCreate Credential Offer for the requested Verifiable Credential
3WebsiteCase A: Render the Credential Offer into a QR code
3WebsiteCase B: Redirect the user to her wallet
4To claim the Verifiable Attestation with my wallet that is on a different device than the browser I'm using for the Trusted Issuer website, as a Natural Person I scan the QR code with my phone's camera.QR code scannerScan the QR code
5To start the Verifiable Attestation issuance process on my wallet, as a Natural Person, I'm redirected to my digital wallet.VC managerFetch the Credential Offer
6To get access to my wallet, as a Natural Person, I unlock my wallet.UIAsk the user to unlock the wallet
7To ensure that the issuer is trusted and that the issuance request is valid, as a Natural Person, I authorise the issuance request.VC managerValidate the credential offer
7VC managerFetch issuer metadata
7TIR managerCheck whether the issuer is Trusted
7TIR managerCheck whether the issuer is accredited to issue the Verifiable Attestation
7TIR managerCheck the Accreditations validity
7UIAsk the user to authorise the VC issuance
7VC managerSend an authorsation request to the /authorisaiton endpoint
7UIDisplay the authorisation screen (if authentication is required)
8To learn about the identity of the user, as an Issuer, I authenticate the user. Note: in a pre-authorised flow, this step is omitted.Authentication serviceAuthenticate the user
8Authentication serviceCreate user session
8Authentication serviceReturn an Authorisation Response (user is returned to the wallet)
8.1Optional: The Issuer may request to present one or more Verifiable Presentations. For details see the How do I present Verifiable Credentials? user journey .
9To bind the Verifiable Attestation to my DID, as a Natural Person, I request the VC and prove ownership of my DID.VC managerProcess the Authorisation Response
9VC managerRequest access token via the /token endpoint
9Secure enclaveCreate a proof of DID ownership
9VC managerSend a Credential request (incl DID ownership proof)
A1Case A: In-time VC issuance To issue the Verifiable Attestation, as an Issuer, I verify the request and construct and e-seal the Verifiable Attestation.VC issuance serviceVerify the DID ownership proof
A1VC issuance serviceFetch user information from the database
A1VC issuance serviceConstruct a Verifiable Credential
A1E-sealing serviceE-seal the Verifiable Credential
A1VC issuance serviceReturn a Verifiable Credential
A2To store my Verifiable Attestation, as a Natural Person, I receive and verify the Verifiable Attestation.VC managerReceive a Verifiable Credential
A2SignerVerify the signature of the issuer in the issuance request
A2VC managerCheck whether the issuer is in the TIR
A2VC managerCheck the issuer's accreditations in the TIR
A2VC managerCheck the Accreditations status via EBSI
A2UIAsk the user to store the V. Attestation
A2VC managerStore the V. Attestation
B1Case B: Deferred Verifiable Attestation issuance To evaluate the Verifiable Attestation issuance request, as an Issuer, I notify the back office to review and authorise the issuance.VC issuance serviceVerify the DID ownership proof
B1Notification serviceNotify the back office about a pending VC issuance request
B1VC issuance serviceReturn a Credential Response with an acceptance token
B2To inform that issuance requires authorisation, as a Natural Person, I receive a notification that my request is being processed.VC managerReceive a Credential Response with an acceptance token
B2UINotify the user that the VC issuance is pending authorisation
B3To issue the Verifiable Attestation, as an Issuer, I fill in the information, e-seal the Verifiable Attestation, and notify the user.Back office UIAuthorise the VC issuance
B3VC issuance serviceFetch user information from the data base or fill in a form
B3VC issuance serviceConstruct a Verifiable Credential
B3E-sealing serviceE-seal the Verifiable Credential
B3Notification ServiceNotify the user that the Verifiable Attestation has been issued
B4To receive the Verifiable Attestation, as a Natural Person, I open the notification that opens my digital wallet.VC managerSend a Deferred Credential Request
B4VC managerReceive a Verifiable Credential
B4SignerVerify the signature of the issuer in the issuance request
B4VC managerCheck whether the issuer is in the TIR
B4VC managerCheck the issuer's accreditations in the TIR
B4VC managerCheck the Accreditations status via EBSI
10To store the received Verifiable Attestation, as a Natural Person, I review and approve the storage of the Verifiable Attestation.UINotify the user about the received credential
10VC managerStore the Verifiable Credential

As a Natural Person, I present one or more Verifiable Attestations to a Verifier

Functional scenariosScenario DescriptionVerifier ComponentsHolder Wallet ComponentsCapability
1To use a service, as a Natural Person, I can visit the official website of a Verifier and select the service.WebsiteServe the Trusted Issuer Website
2To serve the user, as a Verifier, I can request to present one or more verifiable credentials.VP serviceCreate Verifiable Presentation request
2WebsiteCase A: Render the Credential Offer into a QR code
2WebsiteCase B: Redirect the user to her wallet
3To be able to share my Verifiable Credentials using my digital wallet, as a Natural Person, I scan the QR code with my phone's camera.QR code scannerScan the QR code
4To start the Verifiable Attestation presentation process on my wallet, as a Natural Person, I'm redirected to my digital wallet.VP managerFetch the VP Token Request
5To get access to my wallet, as a Natural Person, I unlock my wallet.UIAsk the user to unlock the wallet
6Optional: To ensure that the verifier is trusted and that the presentation request is valid, as a Natural Person, I am notified about the validity of the presentation request.VP managerValidate the VP Request
6VP managerFetch Verifier metadata
6UIDisplay the use information about the Verifier
7To share my Verifiable Credentials, as a Natural Person, I review and authorise sharing of my Verifiable CredentialsUIDisplay the requested Verifiable Credentials and ask the user to authorise the sharing
7VP managerPrepare a Verifiable Presentation
7SignerSign the Verifiable Presentation
7VP managerSubmit the Verifiable Presentation
8To make a decision about offering the service, as a Verifier, I verify the Verifiable Presentation.VP mangerVerify the Verifiable Presentation signature
8SignerVerify the Verifiable Credential signature
8VP mangerCheck whether the issuer is Trusted
8VP mangerCheck whether the issuer is accredited to issue the Verifiable Attestation
8VP mangerCheck the Accreditations validity
8VP mangerCheck the validity of the Verifiable Credential
8VP managerCase A: Return an access token
8WebsiteCase B: Load the service in the browser.
9To use the service, I get access to the service.VP managerCase A: Redirect the user to the website.

After completing Section 2 Template #13, proceed to Plan for implementation & Integration.