What is the Verifier Universal Interface (VUI)?

Originally funded by eSSIF-Lab, a project funded by the European Commission within the Next Generation Internet (NGI) Program, the Verifier Universal Interface (VUI) initiative aims to build a set of standard APIs to enable interoperability between ID Wallets and Verifier components. After months of hard work and collaboration, the VUI work has been successfully donated to DIF with the goal of furthering its evolution and reach to the international community.

As different technology providers build SSI solutions, it becomes critical to ensure interoperability between these solutions. Available standards for SSI still have important gaps, leading us to an ecosystem of full-stack providers whose approach to interoperability is building proprietary plug-ins for each one of the other available solutions. This approach to interoperability is not scalable, the underlying problem being that building standards takes time. For this reason a practical and focused approach was proposed to enable scalable interoperability in the SSI community: a role-centric approach to standardization at the API level.

The VUI working group, led by GATACA and composed of 12 SSI organizations, identified a minimum set of 6 APIs to offer an end-to-end credential verification flow.

  1. DID resolution
  2. Status resolution
  3. Data agreements
  4. Presentation exchange
  5. Issuer resolution
  6. Schema resolution

Since both DID Registry & Status resolution APIs have advanced pre-defined work, VUI set out to build a team to work on the remaining interfaces.

In just one year, the working group has been able to define APIs for Data Agreements, Presentation Exchange, and Issuer Resolution.

It is important to note that the delivery for the Presentation Exchange API was an extension of the existing work based on WACI. As for the remaining API, Schema resolution, future work of VUI will involve its definition as it is only one without a definition proposal or an existing normative reference.

Results

The results of these efforts include API specifications built on ReSpec, API swaggers, and an open-source library that organizations can use to easily implement these APIs. Below are some details of each Working Package.

Data Agreements

In current SSI architectures, there is little to no support for data agreements, also known as consent management, on the usage of Verifiable Credentials. On one hand, there was some groundwork done by Kantara on a generic Consent Receipts specification that could apply to any digital service, yet in the context of SSI frameworks, the only progress made were proprietary implementations of consent mechanisms, such as GATACA's Verifiable Consent; but no proposal had received major adherence. Due to the standardization gap, the Automated Data Agreement (ADA) project was created under the EssifLab organization and led by iGrant.io and builds upon Kantara Consent Receipts to allow data privacy mechanisms to be enforced in the framework of Hyperledger Aries. Given the strong alignment with the Consent Management API defined at VUI, both teams decided to join forces into one single initiative.

Now, the VUI Data Agreement sub-ReSpec proposes a specific Data Model to manage data agreements, built upon both Automated Data Agreements and Kantara Consent Receipts. It also defines a basic protocol and the mechanisms to embed it inside a Presentation Exchange, which could be supported by multiple exchange standards.

Presentation Exchange

There are multiple known and adopted technology solutions or standards focused on the presentation exchange between a wallet and a verifier, the DIF Presentation Exchange (PE) data model being the most widely accepted. This is because DIF PE is compatible with multiple exchange protocols such as WACI, CHAPI, DID Comm, and DID Siop, making it scalable. To avoid further siloing the standards market by developing another PE data model from scratch, the VUI group believed supporting a successful, pre-existing data model was the best approach and decided to develop an extension of the groundwork done at DIF PE. Our core work consisted of proposing new extension features including:

  • Linkage to the data agreement (as mentioned before)

  • Mutual authentication (right now, it's performed at the exchange layer protocol), and

  • Mechanisms to improve the link between the credential subject and the person managing the wallet.

Issuer resolution

Who should be trusted as an issuer? This is a common, yet challenging question often asked in the online authentication space. In the past, many technology providers have attempted to provide generic solutions such as hardcoded lists in configuration files, API services, Domain name consultations, or Blockchain/DLT registries. In the SSI world, however, it's the Verifier who has the final decision on who he/she will trust to supply valid, verifiable data.

One of the most mature trust frameworks for Issuers has been defined at the EBSI/ESSIF project by the European Commission, which includes a trusted issuer registry designed with a complex governance protocol to determine who can issue which credentials and who can vouch for those issuers.

With this in mind, the VUI team is taking it one step further by designing a generic, platform-agnostic issuer registry approach that is portable across any governance platform. The goal is to offer a generic adaptation compatible not only with EBSI/ESSIF trusted registries, but also with any other trust framework, where the Verifier will just have to build a generic query interface, similar to the Universal DID Resolver, to retrieve the issuers from any platform, and manage them at his preference.

References

The following section provides access links to VUI documentation which includes: ReSpec specifications, API swaggers, and VUI core library.

ReSpecs- The primary documentation for the VUI working group consisted of one main ReSpec and 3 sub-ReSpec for each respective API.

Verifiable Universal Interface: https://identity.foundation/vui/

Data Agreements: https://identity.foundation/vui/dataAgreements

Presentation Exchange: https://identity.foundation/vui/presentationExchange

Issuer Resolution: https://identity.foundation/vui/issuerResolution

API Swaggers - Since the Presentation Exchange and Data Agreements APIs are intrinsically related, the VUI working group has consolidated them into one swagger. The Issuer Resolution swagger link can be found below.

Presentation Exchange & Data Agreements: My New API

Issuer resolution: My New API

VUI-core library - Consists of an open-source library that implements the above-mentioned APIs. While they do not obtain the complete functionality of a verifier, they offer the core implementation of these APIs.

https://github.com/gataca-io/vui-core

Next steps

The VUI initiative has been steadily gaining international traction. In addition to having been donated to the DIF, it was recently mentioned in a report published by the European Commission (DG Connect) and the Canadian Innovation, Science and Economic Development Canada, (ISED), as a key global interoperability approach to explore.

Moving forward VUI can help the SSI community successfully achieve interoperability between Verifiers and Wallets, a necessary step towards mass adoption. DIF's vast community and SSI expertise is precisely what VUI needs to make a tangible global impact.

Participating in VUI

The group is always looking for new organizations that can contribute and further these efforts. For more information on how to join, reach out at vui@groups.io or just subscribe to the communication list to keep updated on the latest news by sending an email to vui+subscribe@groups.io.