Ain’t No Party Like a Relying Party: Verifiable Digital Credential Edition

By /

Listen to this Post

Featured Image

Details:

  • Speakers:
  • Stefan Schuber – Managing Director, JP Morgan Chase & Co.
  • Ben Flatgard – Executive Director, JP Morgan Chase & Co.
  • Ryan Galluzzo – Digital Identity Program Lead, NIST
  • George Fletcher – Identity Standards Architect & Founder, Practical Identity LLC
  • Date & Time: Tuesday, June 3 · 2:30 PM–3:20 PM
  • Location: Mandalay Bay H
  • URL: https://lnkd.in/gDjkgda5

Verifiable digital credentials (VCs) are transforming digital identity, but relying parties (RPs) face challenges in integrating them into compliance frameworks. This session explores RP perspectives from financial and regulatory experts.

You Should Know:

1. Understanding Verifiable Credentials (VCs)

VCs are cryptographically signed digital attestations (e.g., diplomas, licenses). Key standards:
– W3C VC Data Model
– OpenID for Verifiable Credentials (OIDC4VC)
– ISO/IEC 18013-5 (Mobile Driver’s Licenses)

Linux Command to Verify a VC (Using OpenSSL):

openssl x509 -in credential.jwt -text -noout  Inspect JWT-based VC

2. Trust Chain Validation

RPs must verify:

  • Issuer Identity (DID Resolution)
  • Credential Integrity (Digital Signatures)
  • Revocation Status (Check CRLs or OAuth2 Token Introspection)

Example (Linux):

curl -X GET https://issuer.example.com/.well-known/did.json | jq '.verificationMethod'  Fetch Issuer DID Doc

3. NIST Compliance & RP Integration

NIST SP 800-63-3 guides VC adoption. Key steps:

1. Credential Schema Validation

2. Proof-of-Possession (PoP) Check

3. Audit Logging

Windows PowerShell (Check Certificate Revocation):

Test-Certificate -CertPath "C:\creds\vc.pfx" -RevocationMode Online

4. Financial Sector Use Case (JPMorgan Chase)

Banks use VCs for:

  • KYC/AML Compliance
  • Secure Customer Onboarding

AWS CLI (IAM Policy for VC-Based Access):

aws iam create-policy --policy-name VCAccess --policy-document file://vc-trust-policy.json

5. OpenID & FIDO Alliance Standards

  • FIDO2 + OIDC4VC = Passwordless Auth
  • SIOPv2 (Self-Issued OpenID Provider)

Linux (FIDO2 Key Setup):

sudo pamu2fcfg -o pam://localhost -i pam://localhost > ~/.config/Yubico/u2f_keys

What Undercode Say:

Verifiable credentials are the future of decentralized identity, but RPs need robust validation frameworks. Key takeaways:
– Use OpenSSL/JQ for VC Parsing
– Enforce NIST SP 800-63-3
– Leverage FIDO2 for Phishing-Resistant Auth
– Monitor Revocation via OCSP/CRL

Prediction: By 2026, 60% of enterprises will adopt VCs for workforce authentication, reducing phishing by 40%.

Expected Output:

{
"session": "Ain’t No Party Like a Relying Party: Verifiable Digital Credential Edition",
"standards": ["W3C VC", "OIDC4VC", "FIDO2"],
"commands": {
"Linux": ["openssl", "curl", "jq", "pamu2fcfg"],
"Windows": ["Test-Certificate"],
"AWS": ["aws iam create-policy"]
},
"url": "https://lnkd.in/gDjkgda5"
}

IT/Security Reporter URL:

Reported By: Deanhsaxe Identiverse – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: