Annotated steel thread flow for calling out all signing, verification, and key management. This document is focused on
the signing and verification of objects. For Steel Thread, this means: Credentials and Credential Manifest request
objects.
Setup
We assume there are two parties:
Alice, using a wallet, applying for a credential
An issuer via the SSI Service, processing credential applications and issuing credentials
Each party has a single DID. Alice and the SSI Service each have a
single [did:key](https://w3c-ccg.github.io/did-method-key/) DID. Alice stores her DID’s private key in her wallet. The
SSI Service stores its private key in the service key store database.
Actors
For simplicity the DWN is abstracted from the description and diagrams below, since it plays no role in issuing or
verifying credentials or credential manifest objects.
Alice and the Issuer are also abstracted from the diagram. Instead focusing on the software handling signing and
verification — Alice’s Wallet and the SSI Service.
Flow Annotation
Alice creates a DID, stored in her wallet, didW
The issuer creates a DID, stored in the SSI Service, didI
[CM is a JWT] The Credential Manifest CM is created and signed by the Issuer, with didI
Alice fetches CM and…
Validates the signature using didI
Verifies it is a valid and well-formed Credential Manifest
[CA is a JWT] Alice forms a response to CM, Credential Application CA
Alice signs CA using didW
Alice submits CA to the SSI Service
The SSI Service processes CA...
Validates the signature using didW
Verifies it is a valid and well-formed Credential Application
Validates it complies with CM
[VC is a VC-JWT] The SSI Service creates Verifiable Credentials, VC, signed
with didI
[CR is a JWT] The SSI Service creates a Credential Response, CR, signed with didI
Alice receives CR containing VC and…
Validates the signature of the CR using didI
Verifies CR and VC are well-formed
Verifies the signature(s) of VC using didI
Possible other validity checks, such as making sure the Credential is for Alice and has expected data