The website sends the verification function to the user device. The user device then returns a proof that it knows an input that the verification function accepts.
The verification function should include a digital signature check.
This is generally possible already with SSI based credentials, including standards created by W3C.
Or attribute-based credentials. Basically, you're challenged and get a one-time, challenger-specific credential for exactly the requested attribute(s) from a credential provider. Eg. government (municipality, province, national) can become a credential provider.
Exactly. Yivi isn’t new having been renamed from IRMA (https://privacybydesign.foundation/en/). Nevertheless, adoption outside the Netherlands remains almost non-existent.
Except for the additional download requirement for a user, the friction is pretty low once it’s setup and you have created some attributes.
The project would benefit from a rebranding review, standardization, an enterprise-capable infrastructure to promote and support alternative service providers, and a review of clients. The current Yivi mobile app hasn’t changed much over the years and when I last used it I still needed a PIN instead Face ID.
The website sends the verification function to the user device. The user device then returns a proof that it knows an input that the verification function accepts.
The verification function should include a digital signature check.
This is generally possible already with SSI based credentials, including standards created by W3C.