Skip to main content

Managing Credentials

Within a tbDEX network, Verifiable Credentials (VC) play a critical role in establishing trust and ensuring regulatory compliance during transactions.

VCs are digital proofs that may be required by PFIs in order to verify your customers. So, your application will serve as an agent who presents a customer's credentials to a PFI as part of the transaction flow.

INFORMATION

One of the most common credentials required during transactions via tbDEX are ones used to adhere to Know Your Customer (KYC) regulations. Learn how to request a Known Customer Credential that your customers can use with PFIs.

Storing Credentials

As part of a customer's profile, your application can choose to store credentials that have been issued to them.

Signed VCs are converted into a JSON Web Token (JWT), which is a compact, URL-safe means of representing claims to be transferred between two parties. JWT format is used to encode the credentials, making them both secure and easily transmissible.

Storing your customers' credentials in this format is sufficient for use on a tbDEX network.

INFORMATION

Customer credentials are tied to their DID. Wallets will have to create a DID for customers that don't have one yet.

Required Claims

PFI Offerings contain a requiredClaims section that provides a definition of the credentials that must be presented as part of the RFQ message.

You can obtain the requiredClaims from an Offering via:

No snippet found for javascript

In the following example of a requiredClaims section of an Offering, the PFI has specified that the customer must provide a VC of type SanctionsCredential:

{
    'id': '6bdaec32-e511-489d-b2fd-27a051bd819b',
    'input_descriptors': [
      {
        'id': '65752b5a-a454-4605-85de-7f159b22ce01',
        'purpose': 'We need to know if you are a sanctioned individual',
        'constraints': {
          'fields': [
            {
              'path': [ '$.type[*]' ],
              'filter': {
                'type': 'string',
                'const': 'SanctionsCredential'
              }
            }
          ]
        }
      }
    ]
}

Obtain Eligible Offerings

With a network of multiple PFIs, there will likely be several Offerings that match your customer's desired currency pairing. You can narrow these options down even further by filtering for the ones where the customer's existing VCs satisfy the Offering's requirements:

No snippet found for javascript

Here, we skip offerings where the customer's VCs do not satisfy the Offering's requirements. However, your application may choose to include these in the matched Offerings and still present them to the customer, indicating that they'd need to obtain the necessary credentials to satisfy the Offering's requirements.

Your application could even apply for certain credentials on behalf of the customer, or issue credentials that you have the credibility to do so.

Select Credentials that Satisfy Requirements

Once your customer selects the Offering they'd like to request a quote for, you'll need to choose the credentials needed for the RFQ.

In the section above, we checked across all of the customer's VCs to see if they meet the PFI's specified combined criteria. However, you'll only want to select the ones that are actually required.

To do so, pass the customer's credentials and the requiredClaims section of the Offering to selectCredentials():

No snippet found for javascript

The selectedCredentials will be a part of the RFQ that you create on behalf of your customer.