Posted by Rohey Livne – Group Product Supervisor
In in the present day’s interconnected world, managing digital identification is important. Android goals to help open requirements that guarantee seamless interoperability with varied identification suppliers and providers. As a part of this aim, we’re excited to announce that Android, by way of Credential Supervisor’s DigitalCredential API, now natively helps OpenID4VP and OpenID4VCI for digital credential presentation and issuance respectively.
What are digital credentials?
Digital credentials are cryptographically verifiable paperwork. The commonest rising use case for digital credentials is identification paperwork comparable to driver’s licenses, passports, or nationwide ID playing cards. Within the coming years, it’s anticipated that Android builders will develop progressive functions of this expertise for a wider vary of non-public credentials that customers might want to current digitally, together with schooling certifications, insurance coverage insurance policies, memberships, permits, and extra.
Digital credentials could be offered by any put in Android app. These apps are generally known as “credential holders”; usually digital pockets apps comparable to Google Pockets or Samsung Pockets.
Different apps not essentially regarded as “wallets” may additionally have a use for exposing a digital credential. For instance an airline app may need to provide their customers’ air miles reward program membership as a digital credential to be introduced to different apps or web sites.
Digital credentials could be introduced by the person to every other app or web site on the identical system, and Android additionally helps securely presenting Digital Credentials between gadgets utilizing the identical business customary protocols utilized by passkeys (CTAP), by establishing encrypted communication tunnels.
Customers can retailer a number of credentials throughout a number of apps on their system. By leveraging OpenID4VP requests from web sites utilizing the W3C Digital Credential API, or from native apps utilizing Android Credential Supervisor API, a person can choose what credential to current from throughout all obtainable credentials throughout all put in digital pockets apps.
How digital credentials work
Presentation
To current the credential, the verifier sends an OpenID4VP request to the Digital Credential API, which then prompts the person to pick a credential throughout all of the credentials that may fulfill this request. Word that the person is deciding on a credential, not a digital pockets app:
As soon as the person chooses a credential to proceed with, Android platform redirects the unique OpenID4VP request to the digital pockets app that holds the chosen credential to finish the presentation again to the verifier. When the digital pockets app receives the OpenID4VP request from Android, it could actually additionally carry out any further due-diligence steps it must carry out previous to releasing the credential to the verifier.
Issuance
Android additionally permits builders to challenge their very own Digital Credentials to a person’s digital pockets app. This course of could be carried out utilizing an OpenID4VCI request, which prompts the person to decide on the digital pockets app that they need to retailer the credential in. Alternatively, the issuance may very well be carried out instantly from inside the digital pockets app (some apps won’t even have an express person going through issuance step in the event that they retailer credentials primarily based on their affiliation to a signed-in person account).
Over time, the person can repeat this course of to challenge a number of credentials throughout a number of digital pockets apps:
Word: To make sure that at presentation time Android can appropriately checklist all of the credentials that digital pockets apps maintain, digital wallets should register their credentials’ metadata with Credential Supervisor. Credential Supervisor makes use of this metadata to match credentials throughout obtainable digital pockets apps to the verifier’s request, in order that it could actually solely current a listing of legitimate credentials that may fulfill the request for the person to pick from.
Early adopters
As Google Pockets introduced yesterday, quickly customers will have the ability to use digital credentials to get well Amazon accounts, entry on-line well being providers with CVS and MyChart by Epic, and confirm profiles or identification on platforms like Uber and Bumble.
These use instances will make the most of customers’ digital credentials saved in any digital pockets app customers have on their Android system. To that finish, we’re additionally comfortable to share that each Samsung Pockets and 1Password will maintain customers’ digital credentials as digital wallets and help OpenID requirements by way of Android’s Credential Supervisor API.
Study extra
Credential Supervisor API lets each Android app implement credential verification or present credentials on the Android platform.
Try our new digital credential documentation on the way to develop into a credential verifier, making the most of customers’ current digital credentials utilizing Jetpack Credential Supervisor, or to develop into a digital pockets app holding your personal credentials for different apps or web sites to confirm.
