New package: @dcx-protocol/verifier

[bnonni]

Summary

• DIF defines the actors in PEX as: Holder and Verifier https://identity.foundation/presentation-exchange/
• The combined concepts of PEX and Credential Manifests yields
  • Verifier defines VC requirements in manifest
  • Holder submits application with VCs
  • Verifier verifies VCs and
• so the three actors are: Holder, Verifier, Issuer
  • Holders === Dcx Applicants
  • Verifiers === Dcx Verifier
  • Issuers = Dcx Issuers
• DCX is a direct implementation of the DIF PEX specification
• To fully align with the DIF PEX spec, we need to implement a new package: @dcx-protocol/verifier
• Much of the code within the current issuer package could be ported over to the new verifier

PEX Diagram - Holder to Verifier

PEX Diagram - Issuer to Holder

Considerations

• Running a DCX server is equivalent to running a verifier
• If the DCX server also issues credentials, it would double as the verifier and the issuer
• Consider what it looks like to have both a verifier and an issuer package
• verifier houses the essential software pieces for doing the following:
  • defining presentation definitions in credential manifests
  • processing presentation submissions in credential applications (verifying VCs)
  • requesting VCs or VC data from 3rd party issuers
  • creating credential responses with VCs in them
• issuer houses the essential software to do the following:
  • signing and issuing VCs
  • creating credential responses
• defining verifier and separating it from issuer provides a cleaner level of abstraction and design
• users could deploy separate verifier and issuer servers
• users could also deploy one server using both the verifier and issuer packages if desired

TODO

• create @dcx-protocol/verifier
• define the requirements for each package
• review @dcx-protocol/issuer and determine which parts of its code are meant to be part of verifier
• move those parts to the new verifier package
• re-design and implement the issuer package if needed