Review by Gurpreet Kaur #2
Description
Opening questions
- I have read the document for Wallet Building Block v1.0.0-rc
- I have read the Release Notes for Wallet Building Block v1.0.0-rc
- I agree to follow the GovStack Code of Conduct
Are these features and the model conceptually complete?
The features and Issuer-Holder-Verifier model give a strong base for a Digital Credentials Wallet. They clearly cover the key roles and how credentials are shared.
To improve, the spec, mention the need for trust frameworks and legal recognition — so that credentials work not just technically, but are also legally accepted across countries and systems.
Are there any concepts from those listed that you would like to provide feedback on?
Yes, the terminology is generally clear and well-aligned with standards. "Low Tech Wallet" is a valuable feature that's rarely seen, yet essential.
Are there any concepts that are important, but not considered, on this list?
Yes, a few important terms can be included:
- Zero-Knowledge Proof
- Key Rotation
- Trust List: A maintained list of trusted issuers and verifiers.
From the functionalities listed, would you like to provide feedback on their completeness?
The Wallet Building Block covers key digital functions. Its inclusion of consent capture, handling revoked/expired credentials, and complaint submission is particularly noteworthy and often overlooked.
Are there any functionalities related to Digital Credentials Wallet that are not considered here?
Some extra features to consider:
- Backup and Restore capabilities to enable users to recover credentials if they lose their device.
- Multi-device or Multi-wallet Synchronization : Synchronization across multiple devices or wallets to keep credentials consistent and provide a smooth user experience on different platforms (like mobile and desktop).
- Biometric authentication (like fingerprint or facial recognition) to improve security and make access easier.
Out of the requirements listed, would you like to provide feedback on the completeness of the description of the requirements, or on the requirement level assigned?
The privacy and security requirements are clear and well-prioritized. However, it would help to explain why certain requirements are marked as MUST, SHOULD, or OPTIONAL. For example, if Unobservability is OPTIONAL, a rationale explaining the trade-offs would strengthen understanding.
Are there any requirements that are necessary to Digital Credentials Wallet that are not considered here?
Some extra to consider:
- Internationalization
- Auditability
Out of the requirements listed, would you like to provide feedback on the completeness of the description of the requirements, or on the requirement level assigned?
The functional requirements cover key needs, but could be improved with clear examples. Each should also explain why it's labeled as MUST, SHOULD, or MAY.
Are there any requirements that are necessary to Digital Credentials Wallet that are not considered here?
Requirements for interoperability with other wallet solutions can be added.
Out of the data schemas provided, would you like to provide feedback on the completeness and formats of the schema definitions? Please go into as much detail as you can
The data schemas provided align well with major industry standards. Optional vs. required fields should be explicitly marked in the schema definitions to help implementers understand minimal compliance versus extended capabilities.
Are there any data structures that are necessary to Digital Credentials Wallet that are not considered here?
Additional data structures for audit logs, user preferences, and backup/restore information could be useful.
Out of the API endpoints, available verbs and schemas provided, would you like to provide feedback on the completeness of them? Please go into as much detail as you can
Try to give API versioning strategy, deployment guidance and security considerations.
Are there any data structures that are necessary to Digital Credentials Wallet that are not considered here?
Endpoints for wallet backup and recovery would be beneficial.
Out of the available workflows, would you like to provide feedback on the completeness of them? Please go into as much detail as you can
The workflows are well illustrated and cover the main credential issuance and presentation scenarios.
Are there extra workflows that are necessary to Digital Credentials Wallet that are not considered here?
Some can be added are
- Credential revocation and status update
- Credential backup and recovery
- Multi-device credential synchronization