1d. M2M service provision with Verifiable Credentials

This subsection shows how 1a, 1b, and 1c change when using Verifiable Credentials (VCs). With VCs, the execution becomes a single, standard flow; the only difference across variants is who issues the DataRights Credential and how the Machine Service Consumer (MSC) obtains it before calling the Service Provider (SP).

General prerequisites (VC):

  • The Machine Service Consumer (MSC) can hold credentials and create a Verifiable Presentation (VP) upon request;

  • The Service Provider (SP) can request and verify VPs (signatures, keys, issuer trust, credential schema, credential status/revocation, and validity window);

  • Parties have been issued ParticipantCredentials issued by the Participant Registry during onboarding (evidence of iSHARE adherence);

  • Parties can verify each other's credentials upon request (to verify iSHARE adherence, revocation status, and trusted issuer lists when applicable).

These credential verification checks (revocation status and whether the credential was issued by a trusted credential issuer) are assumed in every step, even if not explicitly described in the diagrams.

General Execution Flow

  1. Service Consumer requests service from Service Provider;

  2. Service Provider requests Verifiable Presentation (VP) from Service Consumer;

  3. Service Consumer sends the VP with all requested credentials to the Service Provider;

  4. Service Provider Verifies VP (iSHARE adherence, signature, keys, issuer trust, schema, revocation status, validation window);

  5. Service Provider provides service results to Service Consumer.

Steps 1-3 may be combined if the SC includes a VP (with all the required credentials) in the initial request.

1a. M2M service provision (SC = EP)

No third-party delegation is needed. The Service Consumer (SC) is also the Entitled Party (EP) and already has the right.

Sequence Diagram

1b. M2M service provision with the EP as the delegation info PIP

The Entitled Party expresses delegation by issuing a DataRights Credential (VC) to the SC/MSC as a prerequisite.

Sequence Diagram

1c. M2M service provision with the AR as the delegation info PIP

The Authorisation Registry stores the delegation information of the Entitled Party. The Service Consumer first discovers the Authorisation Registry (following Authorisation Registry discovery logic) & requests a DataRights Credential.

Sequence Diagram

Previous1c. M2M service provision with the AR storing delegation infoNextM2M service provision including an app

Last updated