Accountable Digital Identity Association (ADIA) Protocols

1. ADIA Protocols

ADIA Protocols are broadly categorized into following:

Digital Address Protocols
Directory Protocols
Credential Schema Protocols
Credential Protocols
Verification Protocols

1.1. ADIA Functions

1.1.1. HIDA Functions

1.1.1.1. User HIDA (ADIA-FN-001)

Request

{
  "@type":"https://adiassociation.org/digital-address/1.0/compute-hida-users",
  "@id":"fa04e522-d78d-4b50-a3c9-4ff73e34ffb4",
  "body": {
    "firstName":"UTF8 encoded firstname of the User according to the ID document (all uppercase)",
    "lastName":"UTF8 encoded last name of the User according to the ID document (all uppercase)",
    "birthDate":"Date of birth of the User according to the ID document. Encoding MUST be full-date as specified by [[!RFC3339]]",
    "countryOfResidence":"Country of residence of the User according to the ID document. Encoding MUST be ALPHA-2 country code as specified by [[!ISO3166]]",
    "sourceType":"Type of the ID document. This is specified by ADIA Governance for each country",
    "identifier":"Government Issued National Identifier - SSN, Resident ID, Aadhaar ID, etc."
  }
}

Response

{
  "@type":"https://adiassociation.org/digital-address/1.0/compute-hida-response",
  "@id":"44714b18-250c-498d-9f0f-fd6d207f1d8c",
  "status":"{OK | FAILED | PENDING}",
  "~thread":{
    "thid":"fa04e522-d78d-4b50-a3c9-4ff73e34ffb4",
    "message":"e.g. comment or reason of failed request"
  },
  "body": {
    "hida":"{HIDA} The Base64 encoded [[!RFC4648]] hash value resulting from the previous step.",
    "alg":"Name of the hash algorithm used (all uppercase, e.g. SHA256). Allowed hash algorithms are specified in the ADIA Governance and Certification rules."
  }
}

1.1.1.2. Entity HIDA (ADIA-FN-002)

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/compute-hida-entity",
  "@id": "1190d09d-f685-47cf-acADIA-DA-2dc1603abf71",
  "goal-code": "adia.hida.{ ard | das | issuer | service-provider }",
  "body": {
    "businessName": "UTF8 encoded business name of the Organization according to the ID document (all uppercase)",
    "countryOfIncorporation": "Country of residence of the User according to the ID document. Encoding MUST be ALPHA-2 country code as specified by [[!ISO3166]]",
    "dateOfIncorporation": "Date of dateOfIncorporation of the Organization according to the ID document. Encoding MUST be full-date as specified by [[!RFC3339]]",
    "sourceType": "Type of the ID document. This is specified by ADIA Governance for each country",
    "identifier": "Government Issued Identifier - Federal Tax ID Number/EIN, Taxpayer Identification Number (TIN), VAT Number, etc."
  }
}

Response

{
  "@type": "https://adiassociation.org/digital-address/1.0/compute-hida-response",
  "@id": "44714b18-250c-498d-9f0f-fd6d207f1d8c",
  "status": "{ OK | FAILED | PENDING }",
  "goal-code": "adia.hida.user",
  "~thread": {
    "thid": "1190d09d-f685-47cf-acADIA-DA-2dc1603abf71",
    "message": "e.g. comment or reason of failed request"
  },
  "body": {
    "hida":"The Base64 encoded [[!RFC4648]] hash value resulting from the previous step.",
    "alg":"Name of the hash algorithm used (all uppercase, e.g. SHA256). Allowed hash algorithms are specified in the ADIA Governance and Certification rules."
  }
}

1.1.2. Credential Metadata Functions

1.1.2.1. save-metadata (ADIA-FN-003)

This message may be implemented as a local function by the <a>Cloud Agent</a> or <a>DAS Agent</a> and not really a Agent-to-Agent protocol message.

Request

{
  "@type": "https://adiassociation.org/credential/1.0/save-metadata",
  "@id": "<uuid-save-metadata-12345>",
  "attributes": {
    "schemaId": "<unique-id-of-vc-schema>",
    "credentialId": "<unique-id-of-vc>",
    "issuerId": "{ISSUER_ID}",
    "dasUserId": "{DAS_USER_ID}",
    "issuanceDate": "ISO 8601 format",
    "expirationDate": "ISO 8601 format"    //Optional - based on the credential type.
  }
}

Response

{
  "@type": "https://adiassociation.org/credential/1.0/save-metadata-response",
  "@id": "<uuid-save-metadata-response>",
  "status": "{ OK | FAILED | PENDING }",
  "comment": "Metadata Saved/Failed",
  "~thread": {
    "thid": "<uuid-save-metadata-12345>",
    "message": "e.g. comment or reason of failed request"
  }
}

1.1.2.2. search-metadata (ADIA-FN-004)

Request

{
  "@type": "https://adiassociation.org/credential/1.0/search-metadata",
  "@id": "<uuid-search-metadata-12345>",
  "attributes": {
    "issuerId": "{ISSUER_ID}",                //Mandatory - to narrow the search on a specific Issuer
    "dasUserId": "{DAS_USER_ID}",             //Mandatory - to narrow the search on a specific User
    "schemaId": "<unique-id-of-vc-schema>",   //Optional - if available, otherwise will result in all schemas
    "credentialId": "<unique-id-of-vc>"       //Optional - if available, otherwise will result in all credential metadata
  }
}

Response

{
  "@type": "https://adiassociation.org/credential/1.0/search-metadata-response",
  "@id": "<uuid-search-metadata-response>",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "<uuid-search-metadata-12345>",
    "message": "e.g. comment or reason of failed request"
  },
  "searchResult": [{
    "schemaId": "<unique-id-of-vc-schema>",
    "credentialId": "<1-unique-id-of-vc>",
    "issuerId": "{ISSUER_ID}",
    "dasUserId": "{DAS_USER_ID}",
    "issuanceDate": "ISO 8601 format",
    "expirationDate": "ISO 8601 format"
  },
  {
    "schemaId": "<unique-id-of-vc-schema>",
    "credentialId": "<2-unique-id-of-vc>",
    "issuerId": "{ISSUER_ID}",
    "dasUserId": "{DAS_USER_ID}",
    "issuanceDate": "ISO 8601 format",
    "expirationDate": "ISO 8601 format"
  },
  {
    "schemaId": "<unique-id-of-vc-schema>",
    "credentialId": "<3-unique-id-of-vc>",
    "issuerId": "{ISSUER_ID}",
    "dasUserId": "{DAS_USER_ID}",
    "issuanceDate": "ISO 8601 format",
    "expirationDate": "ISO 8601 format"
  }]
}

1.1.2.3. remove-metadata (ADIA-FN-005)

This message may be implemented as a local function by the <a>Cloud Agent</a> or <a>DAS Agent</a> and not really a Agent-to-Agent protocol message.

Request

{
  "@type": "https://adiassociation.org/credential/1.0/remove-metadata",
  "@id": "<uuid-remove-metadata-12345>",
  "attributes": {
    "schemaId": "<unique-id-of-vc-schema>",
    "credentialId": "<unique-id-of-vc>",
    "issuerId": "{ISSUER_ID}",
    "dasUserId": "{DAS_USER_ID}",
    "issuanceDate": "ISO 8601 format"
  }
}

Response

{
  "@type": "https://adiassociation.org/credential/1.0/remove-metadata-response",
  "@id": "<uuid-remove-metadata-response>",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "<uuid-remove-metadata-12345>",
    "message": "e.g. comment or reason of failed request"
  }
}

1.2. Digital Address Protocol

This protocol is used during the user onboarding process to create a new & unique Digital Address for the user.

Title	Description
Protocol Name & Version	`digital-address`, `1.0`
Protocol Code	ADIA-DA
Motivation	The Digital Address is a special ADIA identifier issued to an individual by a certified Digital Address Issuer after Know Your Customer (KYC) processes have been followed. Digital Address creation is requested by User’s Agent in the cloud or elsewhere and fulfilled by the Issuer’s Agent. Before creating the Digital Address, the Issuer Agents verifies the trust anchor uniqueness with ADIA Global Directory.

1.2.1. Implemented By

ARD Agent
DAS Agent
Issuer Agent
SP Agent
Cloud Agent

1.2.2. Sub/Co-protocols

This protocol uses following existing protocols -

/directory/1.0/enroll-entity - as a co-protocol to enroll an entity as User
/connection/1.0/request - as a co-protocol to establish a DID-based connection

1.2.3. Protocol Commands

1.2.3.1. create-digital-address (ADIA-DA-001)

This protocol creates a unique Digital Address for the user and kicks-in the enroll-entity co-protocol. This protocol supports multiple goal codes based on the entity looked up:

This protocol supports multiple goal codes based on the entity looked up:

adia.digital-address.user : To create a Digital Address for a User
adia.digital-address.entity : To create a Digital Address for an Entity

Agents may implement additional actions based on the goal codes.

1. Digital Address for User

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/create-digital-address",
  "@id": "862be87d-2095-4cd3-87e8-23df6ad77f10",
  "goal-code": "adia.digital-address.user",
  "attributes": {
    "dasUserId": "DAS_USER_ID"
  }
}

Response

{
  "@type": "https://adiassociation.org/digital-address/1.0/create-digital-address-response",
  "@id": "6264d6ce-ca95-4262-9f2c-76e11eabc741",
  "status": "{ OK | FAILED | PENDING }",
  "goal-code": "adia.digital-address.user",
  "~thread": {
    "thid": "862be87d-2095-4cd3-87e8-23df6ad77f10",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "digitalAddress": "{USER_DA}",
    "dasUserId": "{DAS_USER_ID}",
    "homeDASId": "{HomeDAS_ID}"
  }
}

2. Digital Address for an Entity

Note: Use the appropriate entityType and entityId as defined in the Enum values

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/create-digital-address",
  "@id": "862be87d-2095-4cd3-87e8-23df6ad77f10",
  "goal-code": "adia.digital-address.entity",
  "attributes": {
    "entityType": "{ ISSUER | SERVICEPROVIDER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | SP_ID| DAS_ID | ARD_ID }"
  }
}

Response

{
  "@type": "https://adiassociation.org/digital-address/1.0/create-digital-address-response",
  "@id": "6264d6ce-ca95-4262-9f2c-76e11eabc741",
  "status": "{ OK | FAILED | PENDING }",
  "goal-code": "adia.digital-address.entity",
  "~thread": {
    "thid": "862be87d-2095-4cd3-87e8-23df6ad77f10",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "digitalAddress": " {ISSUER_DA | SP_DA| DAS_DA | ARD_DA}",
    "entityType": "{ISSUER | SERVICEPROVIDER | DAS | ARD}",
    "entityId": "{ISSUER_ID | SP_ID| DAS_ID | ARD_ID}"
  }
}

1.2.3.2. verify-user (ADIA-DA-002)

This protocol sends the User’s attributes to the original issuer of the Digital Address to verify the users. A DAS agent receives the attributes from the extracted ID document and requests this verification from the Issuer’s agent.

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/verify-user",
  "@id": "862be87d-2095-4cd3-87e8-23df6ad77f10",
  "attributes": {
    "firstName":"UTF8 encoded firstname of the User according to the ID document (all uppercase)",
    "lastName":"UTF8 encoded last name of the User according to the ID document (all uppercase)",
    "birthDate":"Date of birth of the User according to the ID document. Encoding MUST be full-date as specified by [[!RFC3339]]",
    "countryOfResidence":"Country of residence of the User according to the ID document. Encoding MUST be ALPHA-2 country code as specified by [[!ISO3166]]",
    "sourceType":"Type of the ID document. This is specified by ADIA Governance for each country",
    "identifier":"Government Issued National Identifier - SSN, Resident ID, Aadhaar ID, etc."
  }
}

Response

{
  "@type": "https://adiassociation.org/digital-address/1.0/verify-user",
  "@id": "6264d6ce-ca95-4262-9f2c-76e11eabc741",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "862be87d-2095-4cd3-87e8-23df6ad77f10",
    "message": "e.g. comment or reason of failed request"
  }
}

1.2.3.3. revoke-digital-address (ADIA-DA-003)

This protocol revokes/removes a Digital Address and kicks-in the remove-entity co-protocol. This protocol supports multiple goal codes based on the entity looked up:

adia.digital-address.user : To revoke the Digital Address of a User
adia.digital-address.entity : To revoke the Digital Address of an Entity

Agents may implement additional actions based on the goal codes.

Note: Use the appropriate goal-code and entityType as defined in the Enum values

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/revoke-digital-address",
  "@id": "8a6d40d4-39f5-4a22-9f45-3fcb008e0d62",
  "goal-code": "adia.digital-address.{ ard | das| issuer| service-provider | user }",
  "attributes": {
    "digitalAddress": "{ARD_DA | DAS_DA | ISSUER_DA | SP_DA | USER_DA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/digital-address/1.0/revoke-digital-address-response",
  "@id": "6264d6ce-ca95-4262-9f2c-76e11eabc741",
  "status": "{ OK | FAILED | PENDING }",
  "goal-code": "adia.digital-address.{ ard | das | issuer | service-provider | user }",
  "~thread": {
    "thid": "8a6d40d4-39f5-4a22-9f45-3fcb008e0d62",
    "message": "e.g. comment or reason of failed request"
  }
}

1.2.3.4. resolve-digital-address (ADIA-DA-004)

This protocol resolves a digital address (DA) to it’s corresponding DID. The resolution returns a full DIDDoc in Json format so that the requester can request for a DID-based connection or generate an invitation to connect.

1. Resolve an Entity

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/resolve-digital-address",
  "@id": "6a2571a8-1746-4a0b-bdce-4c59c60fb4f9",
  "attributes": {
    "entityType": "{ISSUER | SERVICEPROVIDER | DAS | ARD | USER}", // Optional - only if looking for specific types
    "digitalAddress": "digital address of the user or entity"
  }
}

Note: Response may be different depending upon the entityType provided in the attributes of the request.

a. Response (User)

{
  "@type": "https://adiassociation.org/digital-address/1.0/resolve-digital-address-response",
  "@id": "6264d6ce-ca95-4262-9f2c-76e11eabc741",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "6a2571a8-1746-4a0b-bdce-4c59c60fb4f9",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "entityId": "DID of the entity",
    "entityType": "{USER}",
    "homeDASId": "{HomeDAS_ID}",
    "didDocJson": " {DIDDoc-ARD| DIDDoc-DAS | DIDDoc-ISSUER| DIDDoc-SP| DIDDoc-USER}"
  }
}

b. Response (Entities)

{
  "@type": "https://adiassociation.org/digital-address/1.0/resolve-digital-address-response",
  "@id": "6264d6ce-ca95-4262-9f2c-76e11eabc741",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "6a2571a8-1746-4a0b-bdce-4c59c60fb4f9",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "entityId": "DID of the entity",
    "entityType": "{ISSUER | SERVICEPROVIDER | DAS | ARD}",
    "homeDASId": "{HomeDAS_ID}",   // Applicable to Issuers and Service Providers
    "homeARDId": " {homeARD_ID}",
    "didDocJson": "{DIDDoc-ARD| DIDDoc-DAS | DIDDoc-ISSUER| DIDDoc-SP}"
  }
}

1.2.3.5. provision-agent (ADIA-DA-005)

This protocol creates a DID for the user in Cloud Agent and kicks-in the create-digital-address co-protocol.

This protocol supports multiple goal codes based on the entity looked up:

adia.trust-anchor.user : To provision an agent of a User
adia.trust-anchor.entity : To provision an agent for an Entity

Agents may implement additional actions based on the goal codes.

Request

{
  "@type": "https://adiassociation.org/digital-address/1.0/provision-agent",
  "@id": "d4707d7c-c169-42f0-98e3-d0557d5ac746",
  "goal-code": "adia.agent.{ issuer | service-provider | user }",
  "attributes": {
    "hida": " {HIDA}",
    "entityId": "{DAS_USER_ID | ISSUER_ID | SP_ID}",
    "entityType": "{ USER | ISSUER | SERVICEPROVIDER }"
  }
}

Note: Response may be different depending upon the goal-code

a. Response (Issuer or Service Provider)

{
  "@type": "https://adiassociation.org/digital-address/1.0/provision-agent-response",
  "@id": "fab45767-2dd2-4124-b185-24821d5b8f8c",
  "status": "{ OK | FAILED | PENDING }",
  "goal-code": "adia.agent.{ ard | das | issuer | service-provider | user }",
  "~thread": {
    "thid": "d4707d7c-c169-42f0-98e3-d0557d5ac746",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "entityId": "{ISSUER_ID | SP_ID}",
    "entityType": " {ISSUER | SERVICEPROVIDER }",
    "homeDASId": " {HomeDAS_ID} ",
    "didDocJson": " {DIDDoc-ISSUER | DIDDoc-SP}"
  }
}

b. Response (User)

{
  "@type": "https://adiassociation.org/digital-address/1.0/provision-agent-response",
  "@id": "fab45767-2dd2-4124-b185-24821d5b8f8c",
  "status": "{ OK | FAILED | PENDING }",
  "goal-code": "adia.agent.{ ard | das | issuer | service-provider | user }",
  "~thread": {
    "thid": "d4707d7c-c169-42f0-98e3-d0557d5ac746",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "dasUserId": "{DAS_USER_ID}",
    "homeDASId": " {HomeDAS_ID} ",
    "didDocJson": " {DIDDoc-USER}"
  }
}

1.3. Directory Protocol

Directory protocol used to interact with global & regional directories of ADIA.

Title	Description
Protocol Name & Version	`directory`, `1.0`
Protocol Code	ADIA-DR
Motivation	The Directory Protocol defines protocol commands and messages to interact with the Directories in ADIA ecosystem. These directories differ in their privacy preserving features. ADIA Global Directory is a non-hashed public registry of Issuers, Service Providers, DAS and ADIA Regional Directories whereas a each of the DAS and Regional Directories maintain hashed attributes of Users and do not disclose any User information. Agents making entries or searching these directories implement specific messages instead of generic `entity` messages for easier processing of requests.

1.3.1. Implemented By

AGD Agent
ARD Agent
DAS Agent
Issuer Agent

1.3.2. Roles

DAS: Enrolls/disenrolls and searches entities
ARD: Enrolls/disenrolls TA for users
AGD: Enrolls/disenrolls entities across the ecosystem

1.3.3. Sub/Co-protocols

This protocol uses following existing protocols -

/connection/1.0/request - as a subprotocol to establish a DID-based connection

1.3.4. Protocol Commands

1.3.4.1. lookup-trust-anchor (ADIA-DR-001)

This protocol message enables looking up an entity in a specific directory with its HIDA. Responses differ in the level of detail based on the type of entity.

1. User TA Lookup

Request

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-user-ta",
  "@id": "30e67f18-25b7-474b-aebf-7ab721a719ee",
  "attributes": {
    "hida": "{HIDA}",
    "issuerId": "{ISSUER_ID}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-user-ta-response",
  "@id": "ad60dd33-7a89-4c8e-91e2-e24f27681910",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "30e67f18-25b7-474b-aebf-7ab721a719ee",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "taUserIssuer": "{TA_USER_ISSUER}",
    "homeDASId": "{HomeDAS_ID}"
  }
}

2. ARD TA Lookup Request

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-ard-ta",
  "@id": "30e67f18-25b7-474b-aebf-7ab721a719ee",
  "attributes": {
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-ard-ta-response",
  "@id": "ad60dd33-7a89-4c8e-91e2-e24f27681910",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "30e67f18-25b7-474b-aebf-7ab721a719ee",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "taARDAGD": "{TA_ARD_AGD}"
  }
}

3. DAS TA Lookup Request

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-das-ta",
  "@id": "30e67f18-25b7-474b-aebf-7ab721a719ee",
  "attributes": {
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-das-ta-response",
  "@id": "ad60dd33-7a89-4c8e-91e2-e24f27681910",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "30e67f18-25b7-474b-aebf-7ab721a719ee",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "taDASARD": "{TA_DAS_ARD}",
    "homeARDId": "{homeARD_ID}"
  }
}

4. Issuers TA Lookup Request

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-issuer-ta",
  "@id": "30e67f18-25b7-474b-aebf-7ab721a719ee",
  "attributes": {
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-issuer-ta-response",
  "@id": "ad60dd33-7a89-4c8e-91e2-e24f27681910",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "30e67f18-25b7-474b-aebf-7ab721a719ee",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "taIssuerDAS": "{TA_ISSUER_DAS}",
    "homeDASId": "{HomeDAS_ID}"
  }
}

5. Service Provider TA Lookup Request

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-sp-ta",
  "@id": "30e67f18-25b7-474b-aebf-7ab721a719ee",
  "attributes": {
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/lookup-sp-ta-response",
  "@id": "ad60dd33-7a89-4c8e-91e2-e24f27681910",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "30e67f18-25b7-474b-aebf-7ab721a719ee",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "taServiceProviderDAS": "{TA_SP_DAS}",
    "homeDASId": "{HomeDAS_ID}"
  }
}

1.3.4.2. enroll-entity (ADIA-DR-002)

This protocol message enables a responsible entity to register/ enroll a sub-entity in the ecosystem. In ADIA,

Users, Issuers and Service Providers can be enrolled only by a DAS
A DAS can be enrolled only by an ARD
An ARD can be enrolled only by an AGD

1. Enroll a User

Request

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-user",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "dasUserId": "{DAS_USER_ID}",
    "homeDASId": "{HomeDAS_ID}",
    "taUserIssuer": "{TA_USER_ISSUER}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-user-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

2. Enroll a Regional Directory

Request

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "ARD",
    "ardId": "{ ARD_ID }",
    "taARDAGD": "{TA_ARD_AGD}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

3. Enroll a DAS

Request

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "DAS",
    "dasId": "{DAS_ID}",
    "homeARDId": "{homeARD_ID}",
    "taDASARD": "{TA_DAS_ARD}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

4. Enroll an Issuer

Request

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "ISSUER",
    "issuerId": "{ISSUER_ID}",
    "homeDASId": "{HomeDAS_ID}",
    "taIssuerDAS": "{TA_ISSUER_DAS}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

4. Enroll an Service Provider

Request

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "SERVICEPROVIDER",
    "serviceProviderId": "{SP_ID}",
    "homeDASId": "{HomeDAS_ID}",
    "taServiceProviderDAS": "{TA_SP_DAS}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/enroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

1.3.4.3. disenroll-entity (ADIA-DR-003)

This protocol message enables a responsible entity to deregister/ disenroll a sub-entity in the ecosystem. In ADIA,

Users, Issuers and Service Providers can be disenrolled only by a DAS
A DAS can be disenrolled only by an ARD
An ARD can be disenrolled only by an AGD

Agents may implement additional actions based on the goal codes.

1. Disenroll a User

Request

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-user",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "dasUserId": "{DAS_USER_ID}",
    "homeDASId": "{HomeDAS_ID}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-user-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

2. DisEnroll a Regional Directory

Request

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "ARD",
    "ardId": "{ ARD_ID }",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

3. DisEnroll a DAS

Request

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "DAS",
    "dasId": "{DAS_ID}",
    "homeARDId": "{homeARD_ID}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

4. DisEnroll an Issuer

Request

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "ISSUER",
    "issuerId": "{ISSUER_ID}",
    "homeDASId": "{HomeDAS_ID}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

4. DisEnroll an Service Provider

Request

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "SERVICEPROVIDER",
    "serviceProviderId": "{SP_ID}",
    "homeDASId": "{HomeDAS_ID}",
    "hida": "{HIDA}"
  }
}

Response

{
  "@type": "https://adiassociation.org/directory/1.0/disenroll-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
    "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
    "message": "e.g. comment or reason of failed request"
  }
}

1.3.4.4. search-entity (ADIA-DR-004)

A generic entity search across the system for an entity or User with a known Digital Address or a DID. Searching for entities may result in single or multi-match results depending on the query criteria. Single matched results are represented in the body of the response. Multi-matched results are returned as a list of objects.

Agents in a DAS, ARD or AGD may implement additional strategies for routing and caching minimum entity information to prevent frequent searches across the ecosystem.

1. Search an Entity

Note: Parameters used for searching result in an "AND" operation. Avoid queries that may result in broad recursive searches.

Request

{
  "@type": "https://adiassociation.org/directory/1.0/search-entity",
  "@id": "79054b64-f520-4e10-817d-476085cbe3ac",
  "attributes": {
    "entityType": "{ ISSUER | SERVICEPROVIDER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | SP_ID| DAS_ID | ARD_ID }",
    "digitalAddress": "{ISSUER_DA | SP_DA| DAS_DA | ARD_DA}", // optional
    "name": "Name of the entity",                             // optional
    "status": "{ACTIVE | INACTIVE }"                          // optional
  }
}

Response (Exact Match)

{
  "@type": "https://adiassociation.org/directory/1.0/search-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
      "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
      "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "entityType": "{ ISSUER | SERVICEPROVIDER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | SP_ID| DAS_ID | ARD_ID }",
    "digitalAddress": "{ISSUER_DA | SP_DA| DAS_DA | ARD_DA}",
    "name": "Name of the entity",
    "homeDASId": "{HomeDAS_ID}",    // For Issuers, SPs and users
    "homeDASDA": "{DAS_DA}",        // For Issuers, SPs and users
    "homeDASName": "Name of DAS",   // For Issuers, SPs and users
    "homeARDId": "{HomeARD_ID}",    // For DAS
    "homeARDDA": "{ARD_DA}",        // For DAS
    "homeARDName": "Name of the ARD", // For DAS
    "status": "{ACTIVE | INACTIVE }",
    "createdDate": "ISO 8601 Date format"
  }
}

Response (Multi-Match)

{
  "@type": "https://adiassociation.org/directory/1.0/search-entity-response",
  "@id": "9cc1108b-2445-4a48-b66f-2f6a1b414a50",
  "goal-code": "adia.search-entity.ard",
  "status": "{OK | FAILED | PENDING}",
  "~thread": {
      "thid": "79054b64-f520-4e10-817d-476085cbe3ac",
      "message": "e.g. comment or reason of failed request"
  },
  "results": [
    {
      "entityType": "{ ISSUER | SERVICEPROVIDER | DAS | ARD }",
      "entityId": "{ ISSUER_ID | SP_ID| DAS_ID | ARD_ID }",
      "digitalAddress": "{ISSUER_DA | SP_DA| DAS_DA | ARD_DA}",
      "name": "Name of the entity",
      "homeDASId": "{HomeDAS_ID}",    // For Issuers, SPs and users
      "homeDASDA": "{DAS_DA}",        // For Issuers, SPs and users
      "homeDASName": "Name of DAS",   // For Issuers, SPs and users
      "homeARDId": "{HomeARD_ID}",    // For DAS
      "homeARDDA": "{ARD_DA}",        // For DAS
      "homeARDName": "Name of the ARD", // For DAS
      "status": "{ACTIVE | INACTIVE }",
      "createdDate": "ISO 8601 Date format"
    },
    {
      "entityType": "{ ISSUER | SERVICEPROVIDER | DAS | ARD }",
      "entityId": "{ ISSUER_ID | SP_ID| DAS_ID | ARD_ID }",
      "digitalAddress": "{ISSUER_DA | SP_DA| DAS_DA | ARD_DA}",
      "name": "Name of the entity",
      "homeDASId": "{HomeDAS_ID}",    // For Issuers, SPs and users
      "homeDASDA": "{DAS_DA}",        // For Issuers, SPs and users
      "homeDASName": "Name of DAS",   // For Issuers, SPs and users
      "homeARDId": "{HomeARD_ID}",    // For DAS
      "homeARDDA": "{ARD_DA}",        // For DAS
      "homeARDName": "Name of the ARD", // For DAS
      "status": "{ACTIVE | INACTIVE }",
      "createdDate": "ISO 8601 Date format"
    }
  ]
}

1.4. Credential Schema Protocol

Formalizes messages used to publish Credential Schemas, and further operations on it such as update, search and archival.

Title	Description
Protocol Name & Version	`credential-schema`, `1.0`
Motivation	Need a standard way to manage publishing and other activities of Verifiable Credential Schemas in the ADIA Ecosystem. There are other operations related to access control on the Schemas, which may be baked into this protocol, as and when needed.

1.4.1. Implemented By

Issuer Agent
DAS Agent
ARD Agent

1.4.2. Roles

Issuer - Defines and publishes custom Credential Schema.
DAS - Defines and publishes Credential Schema applicable for all Issuers in the DAS.
ARD - Defines and publishes custom Credential Schema for entities in a region.
AGD - Defines and publishes custom Credential Schema for all entities in the ecosystem.
SP - Search and define rulesets based on an applicable Credential Schema within its region.

1.4.3. Protocol Commands

1.4.3.1. publish (ADIA-CS-001)

Request

{
  "@type": "https://adiassociation.org/credential-schema/1.0/publish",
  "@id": "<uuid-public-schema-12345>",
  "attributes": {
    "entityType": "{ ISSUER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | DAS_ID | ARD_ID }",
    "digitalAddress": "{ENTITY_DA}",
    "schemaDetails": {
      "name": "Person",
      "description": "<description of schema>",
      "version": "1.0",
      "schemaAttributes": [{
        "id": 1,
        "name": "First Name",
        "title": "FName",
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 0
      },
      {
        "id": 2,
        "name": "Last Name",
        "title": "LName",
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 1
      }]
    }
  }
}

Response

{
  "@type": "https://adiassociation.org/credential-schema/1.0/publish-response",
  "@id": "<uuid-public-cred-response>",
  "status": "{ OK | FAILED | PENDING }",
  "comment": "Schema Published",
  "~thread": {
    "thid": "<uuid-public-schema-12345>",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "schemaId": "abcd123456",
    "published": true,
    "publishedBy": "{ ISSUER_ID | DAS_ID | ARD_ID }",
    "publishedDate": "ISO 8601 format",
    "schemaLedgerId": "<Ledger id of the schema from DLT>",
  }
}

1.4.3.2. update (ADIA-CS-002)

Request

{
  "@type": "https://adiassociation.org/credential-schema/1.0/update",
  "@id": "<uuid-update-schema-12345>",
  "attributes": {
    "entityType": "{ ISSUER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | DAS_ID | ARD_ID }",
    "digitalAddress": "{ENTITY_DA}",
    "schemaDetails": {
      "schemaId": "abcd123456",
      "description": "<description of schema>",
      "version": "1.1",
      "schemaAttributes": [{
        "id": 3,
        "name": "Email ID",
        "title": "Email",
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 3
      }]
    }
  }
}

Response

{
  "@type": "https://adiassociation.org/credential-schema/1.0/update-response",
  "@id": "<uuid-update-schema-response>",
  "status": "{ OK | FAILED | PENDING }",
  "comment": "Schema updated",
  "~thread": {
    "thid": "<uuid-update-schema-12345>",
    "message": "e.g. comment or reason of failed request"
  },
  "result": {
    "schemaId": "abcd123456",
    "published": true,
    "publishedBy": "{ ISSUER_ID | DAS_ID | ARD_ID }",
    "publishedDate": "ISO 8601 format",
    "schemaLedgerId": "<Ledger id of the schema from DLT>",
  }
}

1.4.3.3. search (ADIA-CS-003)

Request

{
  "@type": "https://adiassociation.org/credential-schema/1.0/search",
  "@id": "<uuid-search-schema-12345>",
  "attributes": {
    "entityType": "{ ISSUER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | DAS_ID | ARD_ID }",
    "digitalAddress": "{ENTITY_DA}",
    "schemaDetails": {
      "name": "Person",
      "description": "<description of schema>",
      "version": "1.0"
    }
  }
}

Response

{
  "@type": "https://adiassociation.org/credential-schema/1.0/search-response",
  "@id": "<uuid-search-schema-response>",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "<uuid-search-schema-12345>",
    "message": "e.g. comment or reason of failed request"
  },
  "searchResult": [{
    "name": "Person",
    "description": "<description of schema>",
    "version": "1.0",
    "schemaAttributes": [{
        "id": 1,
        "name": "First Name",
        "title": "FName",
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 0
      },
      {
        "id": 2,
        "name": "Last Name",
        "title": "LName",
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 1
      }]
    },
    {
    "name": "Customer",
    "description": "<description of schema>",
    "version": "2.0",
    "schemaAttributes": [{
        "id": 1,
        "name": "Customer Name",
        "title": "CName",
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 0
      },
      {
        "id": 2,
        "name": "Customer Email",
        "title": "Email"
        "datatype": "string",
        "description": "<some description>",
        "orderValue": 1
      }]
    }]
}

1.4.3.4. archive (ADIA-CS-004)

Request

{
  "@type": "https://adiassociation.org/credential-schema/1.0/archive",
  "@id": "<uuid-archive-schema-12345>",
  "attributes": {
    "entityType": "{ ISSUER | DAS | ARD }",
    "entityId": "{ ISSUER_ID | DAS_ID | ARD_ID }",
    "digitalAddress": "{ENTITY_DA}",
    "schemaId": "abcd123456"
  }
}

Response

{
  "@type": "https://adiassociation.org/credential-schema/1.0/archive-response",
  "@id": "<uuid-archive-cred-response>",
  "status": "{ OK | FAILED | PENDING }",
  "comment": "Schema abcd123456 Archived",
  "~thread": {
    "thid": "uuid-archive-schema-12345",
    "message": "e.g. comment or reason of failed request"
  }
}

1.5. Credential Protocol

Defines the ADIA-specific protocol extensions to the Aries issue-credential (v1.0) protocol RFC. These companion protocols are used during issuance, revocation & expiration of the Verifiable Credentials.

Title	Description
Credential	`credential`, `1.0`
Motivation	In addition to the Aries `1.0/issue-credential` protocol, there are several ADIA-specific operations related to the VC that are required to be supported in the ADIA Spec. E.g. Save VC metadata. This extention protocol defines those ADIA-specific operations.

1.5.1. Implemented By

Issuer Agent
Cloud Agent
Service Provider Agent

1.5.2. Roles

Issuer - Issues, Revokes & Expires VC & Stores the VC in VC Store
User - Requests, Proposes, Receives the VC
SP - Requests Proof Presentation to User

1.5.3. Sub/Co-protocols

This protocol uses following standard Aries protocol messages defined in Aries-RFC 0036-issue-credential

/didcomm.org/1.0/issue-credential - as a main protocol to issue a Verifiable Credential

1.5.4. States

States for Issuer

signature-requested
signed-vc-received
vc-stored
done

States for User (Cloud Agent)

signed-vc-sent
vc-metadata-saved
vc-metadata-updated
vc-metadata-removed
vc-expired
done

1.5.5. Protocol Commands

Following are the companion protocols to the standard issue-credential (v1.0) protocol.

1.5.5.1. request-signature (ADIA-CR-001)

Request - From Issuer to Cloud Agent

{
  "@type": "https://adiassociation.org/credential/1.0/request-signature",
  "@id": "<uuid-request-signature-12345>",
  "comment": "some comment",
  "attributes": {
    "credentials~attach": [{            // Bas64 encoded credential issued
      "@id": "libindy-cred-0",
      "mime-type": "application/json",
      "data": {
        "base64": "eyJzY2hlbWFfaWQiOiJkaWQ6ZHR4Ono...(clipped)...hIZG85V2JBYUVhcmlFTTI4In0="
      }
    }]
  }
}

Description of fields:

credentialsAttach field contains the data of the VC which is being issued. The actual VC data has been base64-encoded in to /data/base64 field.

Response - ACK from Cloud Agent

A quick respose from the Cloud Agent is just an ACK which notifies that the signature request has been received successfully.

{
  "@type": "https://didcomm.org/credential/1.0/request-signature-ack",
  "@id": "<uuid-request-signature-ack-12345>",
  "status": "OK",
  "~thread": {
    "thid": "<uuid-request-signature-12345>",
    "signature_request_received": true
  }
}

1.5.5.2. send-signed-vc (ADIA-CR-002)

Request - From Cloud Agent to Issuer

{
  "@type": "https://adiassociation.org/credential/1.0/send-signed-vc",
  "@id": "<uuid-send-signed-vc-12345>",
  "attributes": {
    "credentials~attach": [{
      "@id": "libindy-cred-0",
      "mime-type": "application/json",
      "data": {
          "base64": "eyJzY2hlbWFfaWQiOiJkaWQ6ZHR4Ono...(clipped)...hIZG85V2JBYUVhcmlFTTI4In0="
      },
      "signature": "59aTycBb22Tc48daQd8U149ePebKXX3BfXAWV1aj7g2wfqpjWhBymn8WiHfkfjbCaKMscSplitjyMupNn19Oxup3V"
    }]
  }
}

Response - ACK from Issuer Agent

A quick respose from the Issuer Agent is just an ACK which notifies that the signed VC has been received successfully.

{
  "@type": "https://adiassociation.org/credential/1.0/send-signed-vc-ack",
  "@id": "<uuid-send-signed-vc-ack>",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "<uuid-send-signed-vc-12345>",
    "message": "e.g. comment or reason of failed request"
    "signed_vc_received": true,
  }
}

1.5.5.3. revoke-vc (ADIA-CR-003)

An Issuing agent may revoke an issued VC and sends a notification to the Cloud Agent to notify the user of the revocation.

Note: For the purpose of Auditing, credential metadata records are immutable and any changes or update is a new metadata audit-trail record appended with a last update time.

Request

{
  "@type": "https://adiassociation.org/credential/1.0/revoke-vc",
  "@id": "<uuid-revoke-vc-12345>",
  "attributes": {
    "schema_id": "did:key:z6MkpD8tURngJVkoiU9fXQWVRC1LPGJ67pWUTQkBfnPZnVRw:Verified Person:1.5",
    "credential_id": "rngJVkoiU9fXQWVRC1LPGJ67pWUTQkBfnPZnVR",
    "dasUserId": "{DAS_USER_ID}"
  }
}

Response

{
  "@type": "https://adiassociation.org/credential/1.0/revoke-vc-notification-ack",
  "@id": "<uuid-revoke-vc-notification-ack-12345>",
  "status": "{ OK | FAILED | PENDING }",
  "~thread": {
    "thid": "<uuid-revoke-vc-12345>",
    "message": "e.g. comment or reason of failed request"
  }
}

1.5.5.4. expire-vc (ADIA-CR-004)

The DAS Agent updates the expiration status & expirate date of VC and sends a notification to the Cloud Agent & to the Issuer Agent.

Note: For the purpose of Auditing, credential metadata records are immutable and any changes or update is a new metadata audit-trail record appended with a last update time.

Request

{
  "@type": "https://adiassociation.org/credential/1.0/expire-vc",
  "@id": "<uuid-expire-vc-12345>",
  "comment": "VC expired, please remove from VC Store",
  "attributes": {
    "schema_id": "did:key:z6MkpD8tURngJVkoiU9fXQWVRC1LPGJ67pWUTQkBfnPZnVRw:Verified Person:1.5",
    "credential_id": "rngJVkoiU9fXQWVRC1LPGJ67pWUTQkBfnPZnVR",
    "dasUserId": "{DAS_USER_ID}",
    "expirationDate": "ISO 8601 format"
  }
}

Response

The Cloud Agent and Issuer Agent sends back an ACK to the expiration notification.

{
  "@type": "https://adiassociation.org/credential/1.0/expire-vc-notification-ack",
  "@id": "<uuid-expire-vc-notification-ack-12345>",
  "status": "{ OK | FAILED | PENDING }",
  "comment": "VC Removed",
  "~thread": {
    "thid": "<uuid-expire-vc-12345>",
    "message": "e.g. comment or reason of failed request"
  }
}

1.5.6. Standard Protocol Commands

Following standard messages are used as defined in the Aries RFC 0036: Issue Credential Protocol 1.0.

1.5.6.1. propose-credential (Aries-RFC-0036-1)

A sample payload of the propose-credential message may look like this.

{
  "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/propose-credential",
  "@id": "<uuid-of-propose-message>",
  "comment": "some comment",
  "credential_proposal": "<json-ld object of the credential proposal>",
  "schema_id": "Schema ID string",
  "cred_def_id": "Credential Definition ID string"
}

1.5.6.2. offer-credential (Aries-RFC-0036-2)

A sample payload of the offer-credential message may look like this.

{
  "@id": "c34b2ba6-e111-4486-b726-7c432472732f",
  "@type": "https://didcomm.org/issue-credential/1.0/offer-credential",
  "connection_id": "06c5bd5a-db8d-4377-8d36-710ca3bfcdb2",
  "comment": "some comment",
  "credential_preview": {    // preview object of the credential attributes being issued
    "@id": null,
    "@type": "https://didcomm.org/issue-credential/1.0/credential-preview",
    "attributes": [{
      "name": "firstName",
      "mime-type": "application/json",
      "value": "Edward"
    }, {
      "name": "lastName",
      "mime-type": "application/json",
      "value": "Cullen"
    }, {
      "name": "yearOfBirth",
      "mime-type": "application/json",
      "value": "1994"
    }, {
      "name": "diagnosisMethods",
      "mime-type": "application/json",
      "value": "Mouth Swab"
    }, {
      "name": "diagnosisFacility",
      "mime-type": "application/json",
      "value": "cvsNY"
    }]
  },
  "offers~attach": [{
    "@id": "libindy-cred-offer-0",
    "mime-type": "application/json",
    "data": {
      // Base64 encoding of the credential offer - It contains schema details
      "base64": "eyJzY2hlbWFfaWQiOiJkaWQ6ZHR4Ono2TWtoV1...(clipped)...YW19uIC0gKlIjo9uIC0gKiTm9uZSJ9"
    }
  }]
}

1.5.6.3. request-credential (Aries-RFC-0036-3)

A sample payload of the request-credential message may look like this.

{
  "@id": "c34b2ba6-e111-4486-b726-7c432472732f",
  "@type": "https://didcomm.org/issue-credential/1.0/request-credential",
  "~thread": {
    "thid": "c34b2ba6-e111-4486-b726-7c432472732f",
    "sender_order": 0,
    "received_orders": {}
  },
  "comment": "some comment",
  "requests~attach": [{                // Credential Request by Recipient against the offer sent by Sender
    "@id": "libindy-cred-request-0",
    "mime-type": "application/json",
    "data": {
      "base64": "eyJDcmVkZW50aWFsUmVxSnNvbiI6eyJwcm92ZXJfZGlkIjoi...(clipped)...9uIC0gKG5vdCBrbm93biB0byBpc3N1ZXIpIn0="
    }
  }]
}

1.5.6.4. issue-credential (Aries-RFC-0036-4)

A sample payload of the issue-credential message may look like this.

{
  "@id": "49f40b8e-5be6-4837-ba65-63a805d90046",
  "@type": "https://didcomm.org/issue-credential/1.0/issue-credential",
  "~thread": {
    "thid": "c34b2ba6-e111-4486-b726-7c432472732f",
    "sender_order": 0,
    "received_orders": {}
  },
  "comment": "some comment",
  "credentials~attach": [{
    "@id": "libindy-cred-0",
    "mime-type": "application/json",
    "data": {
      // Bas64 encoded credential issued by Sender
      "base64": "eyJzY2hlbWFfaWQiOiJkaWQ6ZHR4Ono2...(clipped)...Wnp2MWhIZG85V2JBYUVhcmlFTTI4In0="
    }
  }]
}

1.6. Verification Protocol

Defines ADIA-specific protocol extensions which are basically a companion to the Aries 1.0/present-proof protocol RFC. It also describes steps for Proof Presentation by a User to the Service Provider.

Title	Description
Protocol Name & Version	`verification`, `1.0`
Motivation	In addition to the Aries `present-proof` (v1.0) protocol, there are several ADIA-specific operations that are required to be supported in the ADIA Ecosystem during the Proof Presentation. E.g. Lookup VC metadata, Retrieve VC from Issuer’s VC Store. This extention protocol defines those ADIA-specific Verification operations.

1.6.1. Implemented By

SP Agent
Cloud Agent
Issuer Agent

1.6.2. Roles

Service Provider - Requests a proof of VC possession
User - Responds to the proof presentation requests
Issuer - Retrieves VCs from VC Store based on User’s requests

1.6.3. Sub/Co-protocols

This protocol uses following standard Aries protocol messages defined in Aries-RFC 0037-present-proof

/connection/1.0/request - as a subprotocol to establish a DID-based connection
/didcomm.org/1.0/present-proof - as a main protocol to request for & verify a Credential proof.

1.6.4. States

States for Service Provider

request-sent (standard)
proposal-received (standard)
request-received (standard)
presentation-received (standard)
verification-successful
verification-failed
done

States for User (Cloud Agent)

request-received (standard)
proposal-sent (standard)
consent-requested
consent-received
vc-request-sent
vc-received
presentation-sent (standard)
reject-sent (standard)
done

States for Issuer

vc-request-received
vc-sent
done

1.6.5. Protocol Commands

Following are the companion protocols to the standard proof-presentation (v1.0) protocol.
The connection between the SP Agent and User’s Cloud Agent is already established using the standard DIDComm connection protocol.

Request

User consent is obtained using DAA.

{
  "@type": "https://adiassociation.org/verification/1.0/request-consent",
  "@id": "<uuid-request-consent-12345>",
  "comment": "some comment",
  "adia": {
    "attributes": {
      "schemaId": "<unique-identifier-of-the-vc-schema>",
      "credentialId": "<unique-identifier-of-the-vc>",
      "issuerId": "{ISSUER_ID}",
      "requestedAttributes": "{ALL | ARRAY_OF_SPECIFIC_ATTRBUTES}"
    }
  }
}

Response - ACK

{
    "@type": "https://adiassociation.org/verification/1.0/request-consent-ack",
    "@id": "<uuid-request-consent-ack-12345>",
    "status": "{ OK | FAILED | PENDING }",
    "~thread": {
      "thid": "<uuid-request-consent-12345>",
      "message": "e.g. comment or reason of failed request"
    }
}

The consent is submitted to the previous request-consent message.

Request - From DAA to Cloud Agent

The User’s consent is obtained using the DAA and submitted to the Cloud Agent

{
    "@type": "https://adiassociation.org/verification/1.0/submit-consent",
    "@id": "<uuid-submit-consent-12345>",
    "adia": {
      "attributes": {
        "consent": "{ APPROVE | REJECT }"
      }
    },
    "comment": "some comment",
    "~thread": {
      "thid": "<uuid-request-consent-response-12345>",      //Thread of the previous message where consent was requested.
      "message": "e.g. comment or reason of failed request"
    }
}

1.6.5.3. request-vc (ADIA-VP-003)

Request

After obtaining the user’s consent, Cloud Agent requests the original VC to the Issuer.

{
  "@type": "https://adiassociation.org/verification/1.0/request-vc",
  "@id": "<uuid-request-vc-12345>",
  "adia": {
    "attributes": {
      "schemaId": "<unique-identifier-of-the-vc-schema>",
      "credentialId": "<unique-identifier-of-the-vc>",
      "userId": "{DAS_USER_ID}"
    }
  }
}

Response - ACK

{
    "@type": "https://adiassociation.org/verification/1.0/request-vc-ack",
    "@id": "<uuid-request-vc-ack-12345>",
    "status": "{ OK | FAILED | PENDING }",
    "~thread": {
      "thid": "uuid-request-vc-12345",
      "message": "e.g. comment or reason of failed request"
    }
}

Response - with the original VC

{
  "@type": "https://adiassociation.org/verification/1.0/request-vc-response",
  "@id": "<uuid-request-vc-response-12345>",
  "adia": {
    "attributes": {
      "credentialsAttach": [{            // The original VC retrieved from the VC Store
          "@id": "libindy-cred-0",
          "mime-type": "application/json",
          "data": {
              "base64": "eyJzY2hlbWFfaWQiOiJkaWQ6ZHR4Ono...(clipped)...hIZG85V2JBYUVhcmlFTTI4In0="
          },
          "signature": "59nTycBn22T648daQW8U149eP9bKXX3BoXAWV1aj7R2wfqpjWYBymn8WTHfkfDbCaMscSpitjyRAupon19Nxui3V"
        }]
    }
  },
  "~thread": {
    "thid": "uuid-request-vc-12345",
    "message": "e.g. comment or reason of failed request"
  }
}

1.6.5.4. verify-vc-claims (ADIA-VP-004)

A local function to be implemented by the SP Agent to verify each claim in the presentation along with all the keys & signatures.

1.6.6. Standard Protocol Commands

Following standard messages are used as defined in the Aries RFC 0037: Present Proof Protocol 1.0.

1.6.6.1. propose-presentation (Aries-RFC-0037-1)

A sample payload of the propose-presentation message may look like this.

{
  "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/propose-presentation",
  "@id": "<uuid-propose-presentation>",
  "comment": "some comment",
  "presentation_proposal": "<json-ld object of the proposed presentation>"
}

1.6.6.2. request-presentation (Aries-RFC-0037-2)

A sample payload of the request-presentation message may look like this.

{
  "@id": "04f37b27-07dd-4bfe-b3d0-8a21777f91ea",
  "@type": "https://didcomm.org/present-proof/1.0/request-presentation",
  "comment": "some comment",
  "request_presentations~attach": [{
    "@id": "request-presentation-0",
    "mime-type": "application/json",
    "data": {
      "base64": "eyJuYW1lIjoidmVyaWZ5RGlhZ25vc2lzUmVjb3JkI ... (clipped) ... pEaWFnbm9zaXNSZWNvcmRDdnM6MS4wIn1dfX19"
      }
  }],
  "~thread": {
    "thid": "04f37b27-07dd-4bfe-b3d0-8a21777f91ea",
    "sender_order": 0,
    "received_orders": {}
  }
}

From the above presentation-request payload, when the data/base64 value is decoded, it may look something like:

{
  "name": "verifyDiagnosisRecord",
  "version": "3.0",
  "nonce": "1234",
  "requested_attributes": {
    "attribute": {
      "names": [
        "firstName",
        "diagnosisMethods"
      ],
      "restrictions": [
        {
          "schema_id": "did:dtx:z6MknKF7ddVhLKtpob4g1Qw22wF2cHAyyEtfaXQMnHRBaEms:DiagnosisRecordCvs:1.0"
        }
      ]
    }
  },
  "requested_predicates": {
    "predicate": {
      "p_type": "<",
      "p_value": "2000",
      "name": "yearOfBirth",
      "restrictions": [
        {
          "schema_id": "did:dtx:z6MknKF7ddVhLKtpob4g1Qw22wF2cHAyyEtfaXQMnHRBaEms:DiagnosisRecordCvs:1.0"
        }
      ]
    }
  }
}

1.6.6.3. presentation (Aries-RFC-0037-3)

A sample payload of the presentation message may look like this.

{
  "@id": "7158a81a-66ff-493d-9470-3b40d887ffdc",
  "@type": "https://didcomm.org/present-proof/1.0/presentation",
  "presentations~attach": [
    {
      "@id": "libindy-presentation-0",
      "mime-type": "application/json",
      "data": {
        "base64": "eyJwcm9vZiI6eyJwcm9vZnMiOnsiYXR0cmlidXRlIjp7In ... (clipped) ... ZzOjEuMDpEaWFnbm9zaXNSZWNvcmRDVlMifV19"
      }
    }
  ],
  "~thread": {
    "thid": "04f37b27-07dd-4bfe-b3d0-8a21777f91ea",
    "sender_order": 0,
    "received_orders": {}
  }
}

2. Enumerations

2.1. Entity Names

AGD
DAS
ISSUER
SERVICEPROVIDER
USER

2.2. Goal Codes

2.2.1. HIDA

adia.hida.ard
adia.hida.das
adia.hida.issuer
adia.hida.service-provider

2.2.2. Digital Address

adia.digital-address.user
adia.digital-address.ard
adia.digital-address.das
adia.digital-address.issuer
adia.digital-address.service-provider
adia.digital-address.entity

2.2.3. Provisioning Agent

adia.agent.user
adia.agent.ard
adia.agent.das
adia.agent.issuer
adia.agent.service-provider

2.3. Acknowledgments

2.3.1. Contributors

Suresh Batchu, suresh@digitaltrust.net
Sam Curren, sam@indicio.tech

2.3.2. Reviewers

Rolf Lindemann, rolf@noknok.com
Ken Ebert, ken@indicio.tech

If a credit is missing from the credit list below, please log a ticket at GitHub to be recognized in future updates.

Accountable Digital Identity Association (ADIA) Protocols

Editor’s Draft, 14 July 2022

Abstract

1. ADIA Protocols

1.1. ADIA Functions

1.1.1. HIDA Functions

1.1.1.1. User HIDA (ADIA-FN-001)

1.1.1.2. Entity HIDA (ADIA-FN-002)

1.1.2. Credential Metadata Functions

1.1.2.1. save-metadata (ADIA-FN-003)

1.1.2.2. search-metadata (ADIA-FN-004)

1.1.2.3. remove-metadata (ADIA-FN-005)

1.2. Digital Address Protocol

1.2.1. Implemented By

1.2.2. Sub/Co-protocols

1.2.3. Protocol Commands

1.2.3.1. create-digital-address (ADIA-DA-001)

1.2.3.2. verify-user (ADIA-DA-002)

1.2.3.3. revoke-digital-address (ADIA-DA-003)

1.2.3.4. resolve-digital-address (ADIA-DA-004)

1.2.3.5. provision-agent (ADIA-DA-005)

1.3. Directory Protocol

1.3.1. Implemented By

1.3.2. Roles

1.3.3. Sub/Co-protocols

1.3.4. Protocol Commands

1.3.4.1. lookup-trust-anchor (ADIA-DR-001)

1.3.4.2. enroll-entity (ADIA-DR-002)

1.3.4.3. disenroll-entity (ADIA-DR-003)

1.3.4.4. search-entity (ADIA-DR-004)

1.4. Credential Schema Protocol

1.4.1. Implemented By

1.4.2. Roles

1.4.3. Protocol Commands

1.4.3.1. publish (ADIA-CS-001)

1.4.3.2. update (ADIA-CS-002)

1.4.3.3. search (ADIA-CS-003)

1.4.3.4. archive (ADIA-CS-004)

1.5. Credential Protocol

1.5.1. Implemented By

1.5.2. Roles

1.5.3. Sub/Co-protocols

1.5.4. States

1.5.5. Protocol Commands

1.5.5.1. request-signature (ADIA-CR-001)

1.5.5.2. send-signed-vc (ADIA-CR-002)

1.5.5.3. revoke-vc (ADIA-CR-003)

1.5.5.4. expire-vc (ADIA-CR-004)

1.5.6. Standard Protocol Commands

1.5.6.1. propose-credential (Aries-RFC-0036-1)

1.5.6.2. offer-credential (Aries-RFC-0036-2)

1.5.6.3. request-credential (Aries-RFC-0036-3)

1.5.6.4. issue-credential (Aries-RFC-0036-4)

1.6. Verification Protocol

1.6.1. Implemented By

1.6.2. Roles

1.6.3. Sub/Co-protocols

1.6.4. States

1.6.5. Protocol Commands

1.6.5.1. request-consent (ADIA-VP-001)

1.6.5.2. submit-consent (ADIA-VP-002)

1.6.5.3. request-vc (ADIA-VP-003)

1.6.5.4. verify-vc-claims (ADIA-VP-004)

1.6.6. Standard Protocol Commands

1.6.6.1. propose-presentation (Aries-RFC-0037-1)

1.6.6.2. request-presentation (Aries-RFC-0037-2)

1.6.6.3. presentation (Aries-RFC-0037-3)

2. Enumerations

2.1. Entity Names

2.2. Goal Codes

2.2.1. HIDA

2.2.2. Digital Address

2.2.3. Provisioning Agent

2.3. Acknowledgments

2.3.1. Contributors

2.3.2. Reviewers