Skip to main content

System Attributes

System attributes are essential metadata elements embedded within each credential in the Wallet. These attributes define key aspects of the credential, such as its classification, identity verification level, type, and specific metadata details unique to each credential type. Each credential carries its own set of system attributes. These attributes enable the wallet to interpret, categorize, and apply the credentials within the user's digital identity in a structured and secure manner.

The primary purposes of system attributes are as follows:

  1. Identification and Classification: System attributes allow the Walletto categorize credentials, helping both users and the wallet’s system identify the type, source, and purpose of each credential. This categorization helps the wallet display and organize user information clearly.

  2. Security and Trust Level: Some attributes convey the level of verification (e.g., trust level) associated with the credential, which directly impacts the type of access and interactions available within the wallet. This enables the system to assess the reliability and security associated with each credential.

  3. Standardization and Interoperability: By incorporating schema names, versions, and namespaces, system attributes ensure that each credential follows standardized formats, enhancing compatibility across different platforms and organizations. This consistency supports compliance with regulatory standards and industry best practices.

  4. Credential-Specific Data: Each credential type has unique data points—such as email for contact credentials or document ID for identity credentials—managed as part of the credential’s system attributes. This specific data enables tailored interactions and unique use cases for each credential type.

Below, we will delve into each system attribute individually, discussing its purpose and functionality within the Walletthat implements the One37 SDK.

Attributes

Attribute: _category

The _category attribute is a core classification element used in each credential within the One37 Wallet, providing context to the nature and intended use of the credential. By categorizing credentials, the wallet enables a structured, organized view for users, making it easier to identify and distinguish between various types of information stored within their digital identity.

Purpose of _category:

  1. Organizational Clarity: The _category attribute helps classify credentials into meaningful groups, allowing both the wallet and users to quickly understand the type and purpose of each credential at a glance.
  2. Segmentation for Security and Access: Grouping credentials by category allows the wallet to apply category-specific security measures and access rules. For example, credentials categorized under "Identity" might have stricter access controls compared to those under "ContactInformation."
  3. Improved User Experience: With categories like "ContactInformation" or "Identity," the wallet can present credentials in a logical, user-friendly format, making it easier for users to manage and utilize their credentials within the app.

Example Categories:

  • ContactInformation: This category is typically used for credentials that contain contact details, such as a verified email address. These credentials are generally associated with basic identity verification and may support actions like account recovery or multi-factor authentication (MFA).

    "_category": "ContactInformation"  // Example: Verified email credential

  • Workplace: Credentials within this category relate to work or professional contexts, such as employee badges or access keys to workplace applications. This category might also include attributes related to entitlements or permissions for access to specific resources within the workplace.

    "_category": "Workplace"  // Example: Account Access Key for a subscription service

  • Identity: The Identity category includes credentials that provide a high level of identity verification, such as government-issued IDs like driver’s licenses. Credentials in this category generally require more stringent verification steps, contributing to a higher Identity Assurance Level (IAL) within the wallet.

    "_category": "Identity"  // Example: Driver's License credential

Summary

The _category attribute is a foundational system attribute in the Wallet, driving the organization, accessibility, and security protocols for each credential. By grouping credentials under specific categories, the wallet achieves a structured digital identity management system, offering both security and ease of use to users.

Attribute: _label

The _label attribute serves as the display name for each credential in the Wallet, providing users with a clear and concise identifier for the type of credential. It is primarily used in the user interface to present an easily recognizable title for each credential, improving the usability and visual organization within the wallet.

Purpose of _label:

  1. User-Friendly Display: _label provides a readable name for each credential, allowing users to quickly identify what each credential represents without needing to examine the underlying details or technical names.
  2. Enhanced Navigation: With a clear label, the wallet can present credentials in a list or grid view, enabling users to quickly locate specific credentials based on their purpose, such as "Verified Email" or "Driver's License."
  3. Personalized Information: In some cases, _label can include personal identifiers, like a subscription name ("Subscription - Sam"), which makes it easier for users to recognize credentials that may relate to different contexts or accounts.

Example Label:

  • Driver's License: For an official government ID, such as a driver’s license, the _label would typically be set to "Driver's License", providing users with an immediately recognizable title for this important identity document.

    "_label": "Driver's License"  // Example: Display label for a driver's license credential

Summary

The _label attribute is a straightforward but essential system attribute in the One37 Wallet, designed to improve the user experience by providing clear, user-friendly names for credentials. By displaying intuitive labels, the wallet simplifies credential management, helping users easily navigate and identify their digital assets.

Attribute: _namespace

The _namespace attribute categorizes credentials within the Wallet by defining their context and domain. This classification allows the wallet to manage credentials with similar functions or contexts together, facilitating streamlined organization, retrieval, and security management.

Purpose of _namespace:

  1. Credential Organization: _namespace assigns each credential to a specific domain, grouping similar types of credentials (e.g., contact information, access permissions, identity documents) under a structured hierarchy. This allows the wallet to categorize credentials in a way that’s logical and meaningful to both users and the system.

  2. Contextual Filtering: By organizing credentials under namespaces, the wallet can filter or present relevant credentials in certain contexts, such as displaying only identity documents or contact-related credentials based on the user's task.

  3. Security and Access Management: Different namespaces can be used to apply specific access permissions or security protocols based on credential type. This is essential when handling sensitive information like identity cards versus less sensitive data like contact information.

Example Namespaces:

  • personal.contact.verifiedemail: This namespace represents contact-related credentials, specifically a verified email address. The "personal.contact" context indicates that this is personal contact information, while "verifiedemail" specifies that it pertains to an email address that has been verified.

    "_namespace": "personal.contact.verifiedemail"  // Example: Namespace for a verified email credential

  • com.stream.account.access: For credentials related to account access, such as subscription or login keys for a specific service (e.g., Stream+), this namespace is organized as "com.stream.account.access". The "com.stream" context specifies the company or service, and "account.access" indicates that the credential grants account access.

    "_namespace": "com.stream.account.access"  // Example: Namespace for an account access credential

  • personal.biographic.identitycard: This namespace is used for biographic identification credentials, such as a driver’s license or national ID card. The "personal.biographic" portion categorizes it under personal identification, while "identitycard" further defines it as an ID card.

    "_namespace": "personal.biographic.identitycard"  // Example: Namespace for an identity card credential

Summary

The _namespace attribute plays a vital role in credential management within the Wallet, providing a structured approach to grouping credentials by domain and context. By categorizing each credential into a specific namespace, the wallet can deliver more efficient organization, enhanced security, and contextual relevance.

Yes, I’ll document both the purpose of _schemaname and its practical usage in the app, ensuring it's clear how the app leverages this attribute to manage credentials.

Attribute: _schemaname

The _schemaname attribute specifies the data structure or type of a credential within the Wallet, defining how the app should process, display, and validate the credential. Each schema name uniquely identifies a type of credential and follows a standard format, which the app uses to determine the appropriate actions and layout for that credential.

Purpose of _schemaname:

  1. Data Structuring: The _schemaname attribute dictates a standardized data structure for each credential type, ensuring consistency across the wallet and allowing the app to handle credentials uniformly. This standardization helps the app present information accurately across different credential types, such as email verification or identity documents.

  2. Credential Identification and Validation: By using _schemaname, the app can immediately recognize the type of data in a credential and apply the appropriate logic, whether displaying it to the user or using it for authorization. For instance, if the schema name is "com.one37id.email", the app knows to expect and display email-related data.

  3. Compatibility Across Systems: Since each schema name represents a structured data type, the wallet maintains compatibility across various domains. The app can interpret these structured data types consistently, facilitating integration with third-party services or verifying credentials across different One37-supported platforms.

Using _schemaname in the App

In the Walletapp, _schemaname is critical for determining the behavior and layout of each credential. Here's how the app utilizes _schemaname for practical functionality:

  • Display Layout: The app uses _schemaname to decide which UI components to render. For example, when the schema name is "com.one37id.email", the app will show fields specifically for email credentials, such as the email address and verification status.

  • Credential Actions: Based on _schemaname, the app knows what actions to offer for a credential. With a schema like "com.stream.authorization", which signifies account access credentials, the app might display options to view permissions or revoke access.

  • Data Processing and Validation: When a credential is scanned or retrieved, the app references _schemaname to apply validation checks appropriate for that schema type. For instance, "com.one37id.identitycard" credentials would trigger ID-specific checks, such as verifying document numbers and expiry dates.

Example Schema Names in Use:

  • com.one37id.email: This schema name is used for email verification credentials, where the app will display the email address, verification status, and allow actions like re-verification.

    "_schemaname": "com.one37id.email"

  • com.stream.authorization: Used for account access credentials. The app uses this schema name to present details like user permissions, account identifiers, and account access actions.

    "_schemaname": "com.stream.authorization"

  • com.one37id.identitycard: This schema name applies to credentials like government-issued IDs. The app will use this schema to show ID-specific data fields and verification details, making it possible for users to view and verify their identity documents.

    "_schemaname": "com.one37id.identitycard"

Practical Summary for Developers

The _schemaname attribute helps the Wallet app manage credentials efficiently by defining specific behaviors and display settings for each type. It enables the app to determine the layout, actions, and validation rules based on the credential type, ensuring a streamlined user experience across various credential types. By using _schemaname, developers can integrate new credential types seamlessly, making the app adaptable to a broad range of identity use cases.

Attribute: _schemaversion

The _schemaversion attribute indicates the version of the credential's schema used in the Walletapp. This attribute allows the app to identify which schema version is in use, enabling it to apply the correct logic, validations, and data structures according to that version. Versioning ensures compatibility across updates, allowing for controlled changes and improvements in how credentials are structured and managed.

Purpose of _schemaversion:

  1. Backward Compatibility: By specifying the version of the schema, _schemaversion allows the app to support older credentials even as the schema evolves. If the app encounters an older version, it can adjust its data handling methods accordingly to ensure that all credentials remain usable.

  2. Schema Upgrades: When new features or changes are introduced in a credential schema, _schemaversion indicates which version-specific logic the app should apply. This can include new fields, validation checks, or layout modifications introduced in a later schema version.

  3. Data Consistency: Ensuring that each credential follows a specific schema version provides consistency in how data is presented and processed. This helps avoid errors, as the app can recognize which fields and formats to expect based on the version specified.

Using _schemaversion in the App

In the Walletapp, _schemaversion is primarily used to adapt the behavior of the app depending on the version of the schema associated with each credential. Here’s how _schemaversion functions in practice:

  • Conditional Logic: The app can checks _schemaversion to determine which layout or validation rules to apply. For example, if version 1.0 is detected, the app might present a simpler set of fields, while version 2.0 might include additional fields and validation steps.

  • Migration Handling: If a schema update requires new fields or changes to data structure, the app may prompt the user to upgrade their credential to the latest schema version. The _schemaversion field allows the app to detect when an update is necessary.

  • Consistency Across Updates: As new schema versions are released, _schemaversion ensures that the app maintains consistent behavior with previously stored credentials. This enables the app to recognize and appropriately handle credentials that were created with an earlier schema.

Example Use Case for _schemaversion

  • Schema Version 1.0: Suppose the app encounters a credential with _schemaversion "1.0". The app would then reference the fields and layout associated with version 1.0, avoiding any fields or features that were introduced in later versions.

    "_schemaversion": "1.0"

In this scenario, the app only presents fields and actions that are compatible with schema version 1.0.

Practical Summary for Developers

The _schemaversion attribute is essential for maintaining stability and ensuring forward and backward compatibility as the Walletapp evolves. By referencing _schemaversion, the app can dynamically adjust to changes in schema structure and preserve a seamless experience for users across different credential types and schema updates. Developers can use _schemaversion to manage schema transitions, ensuring that users retain access to their credentials and benefit from updates without data inconsistencies.

Attribute: _trustlevel

The _trustlevel attribute represents the trustworthiness level associated with a credential. This level determines the confidence in the authenticity and verification of the credential, which impacts the level of access and privileges granted to the user within the Walletapp. Each credential’s _trustlevel helps the app dynamically assess the degree of assurance for identity verification, directly influencing the user’s Identity Assurance Level (IAL) within the app.

Purpose of _trustlevel:

  1. Access Control: The _trustlevel determines which features or sensitive actions the user can access. For example, a higher trust level allows users to perform more secure operations like financial transactions or accessing confidential data.

  2. User Authentication: _trustlevel provides a measure of identity assurance, giving the app insight into how thoroughly a user’s identity has been verified. Credentials with higher _trustlevel values offer greater reliability in establishing the user’s identity.

  3. Trust Level-Based Permissions: The app can use the _trustlevel attribute to enforce varying permissions based on the credential’s trustworthiness. For example, an email credential with _trustlevel: 1 might grant access to basic features, while a government-issued ID credential with _trustlevel: 2 enables higher access levels.

Using _trustlevel in the App

In the Wallet app, _trustlevel serves as a foundational attribute for setting permissions and configuring user access according to the verified status of their credentials. Here’s how the app can utilizes _trustlevel:

  • Identifying IAL: The app reviews the _trustlevel to determine the user’s overall Identity Assurance Level (IAL). Credentials with higher _trustlevel values, such as 2 or 3, contribute to higher IALs, enhancing the security and trustworthiness of the user profile.

  • Feature Access Control: The app checks _trustlevel before enabling access to certain features. For instance, users with a driver’s license credential set at _trustlevel: 2 may access high-security areas of the app that require verified identity credentials.

  • Dynamic Interface Adjustments: Based on the _trustlevel, the app may adjust its interface, displaying only the options available to the user’s current trust level. For instance, if a user has a credential with _trustlevel: 1, the app might hide or restrict access to high-security features.

Example Use Case for _trustlevel

  • Trust Level 2 (Moderate Assurance): When a credential, such as a verified driver’s license, has _trustlevel: 2, the app interprets this as moderate assurance. Consequently, it may enable secure actions such as account recovery or document sharing that require higher verification.

    "_trustlevel": 2

In this case, the app uses the moderate _trustlevel to permit actions that align with medium-security requirements, offering more access than a basic credential but restricting high-security features.

Practical Summary for Developers

The _trustlevel attribute provides a scalable mechanism for developers to control app features and enforce security protocols based on the verification status of each credential. By consistently referencing _trustlevel, developers can fine-tune the app’s behavior, ensuring that users have access to appropriate levels of functionality and security. This attribute is essential for building a flexible identity management framework, enabling trust-based access control, enhancing security, and offering a customized user experience.

Attribute: _type

The _type attribute represents the specific type of credential, such as an email, account access key, or driver’s license. This attribute is crucial for the app to identify the nature of each credential and to apply functionality, display elements, or security measures based on its type. By categorizing credentials, the app can present tailored content, actions, and controls that align with each credential’s function and relevance to the user.

Purpose of _type:

  1. Categorization of Credentials: The _type attribute classifies the credential, making it easy for the app to recognize what kind of data it holds and how to utilize it within different app contexts. For instance, _type: "Email" distinguishes an email credential from other types like AccountAccessKey or DriversLicense.

  2. Context-Specific Functionality: By identifying the credential type, the app can apply specialized behavior, such as managing login permissions for an AccountAccessKey or verifying identity for a DriversLicense.

  3. UI Personalization: The _type attribute allows the app to customize its user interface based on the credential type, displaying relevant icons, labels, or prompts specific to each credential type.

Using _type in the App

In the Wallet app, the _type attribute can be used to drive functionality and design choices. Here’s how the app can leverages _type:

  • Icon Display: The app can use _type to display appropriate icons that visually represent each credential. For instance, if _type: "Email" is detected, the app might show an envelope icon, while a credential of _type: "DriversLicense" could display a driver’s license icon. This helps users quickly recognize the credential type at a glance.

  • Action-Based Rendering: Based on the _type, the app dynamically adjusts the available actions. For example, an AccountAccessKey credential might allow the user to manage account permissions, while a DriversLicense credential could enable identity verification for high-security tasks.

  • Access Control and Permissions: Certain features or sections of the app might be restricted to specific credential types. For example, only credentials of _type: "DriversLicense" or other identity cards may allow users to access areas requiring verified identity, enhancing security by enforcing type-based access.

Example Use Case for _type

  • Email Credential: When a credential is of _type: "Email", the app recognizes it as an email credential, enabling basic verification and associated actions. The app might show an envelope icon and only allow actions like email verification without enabling access to high-security functions.

    "_type": "Email"

Practical Summary for Developers

The _type attribute provides a flexible mechanism to tailor app functionality and the user interface based on each credential’s role. By leveraging _type, developers can:

  • Customize Icons and UI Elements: Dynamically adjust icons or visual elements to enhance user recognition of each credential type.
  • Implement Type-Based Actions: Define specific actions and controls available for each credential type, ensuring that the user’s options are relevant and secure.
  • Enforce Security Protocols: Apply type-based restrictions for access to sensitive features, enhancing the app’s security model.
X

Graph View