The Mobile Summit is a series of weekly workshops organized to address issues specific to mobile agents and wallets.
Summit meetings are Tuesdays 8-10am US/Mountain
Meetings
2021 Nov 16 -11-16 Aries Summit Session - QR/ InvitationsInvitations
2021 Nov 23 -11-23 Aries Summit Session - Mobile InfrastructureInfrastructure
2021 Nov 30 - Credential User Experience
further meetings will be organized.
-11-30 Aries Summit Session - Credential UX Part 1
2021-12-07 Aries Summit Session - Credential UX Part 2
2021-12-14 Aries Summit Session - General UX / Summit Wrap-up
Outcome & Work Items
RFC 496 - Transition to OOB and DID Exchange From 2021-11-16 Session
- To do: Chase wallet vendors, share findings, and update RFC Stephen Curran
How are we really going to do deep-links? From 2021-11-16 Session
- Options: Custom, associated domains, community managed domain
- To Do: Writeup of proposed option: James Ebert Clecio Varjao Sam Curren
Handling HTTP on mobile, since mobile OS's require an exemption to use HTTP. DIDComm over HTTPS results in double encryption. From 2021-11-16 Session
- To Do: PR to RFC 0025 Transports to make HTTPS a SHOULD since the UX to request an exemption is a Bad Thing Jason Leach
Auto-approval of presentation requests. From 2021-12-07 Session
- Can be risky, e.g. auto-presenting could lead to interaction-less login
- One aspect: bulk approval (present series of proofs with one user action to approve)
- Another aspect: policy approval (conditions by which an approval or other user action can be automated)
- Care needed on: anti-patterns, security vs. convenience, following SSI principles, fiduciary responsibility when agents work on behalf of users
- To Do:
- Needs bulk presentation request (Present Proof) (mostly done)
- Needs policy to recommend bulk actions
- Policy approval is complex and needs more investigation
Machine-Readable Governance and UX. From 2021-12-07 Session
- Introduces new types of user interactions
- Has many types of governance: root of trust, identifying participants, etc.
- Mike is working on test applications of Machine Readable Governance
Credential UX
- Theming can be facilitated using overlay bundles and SVG
- Review Horatio's work on SVG credential display: https://github.com/hyperledger/aries-rfcs/pull/694/files?short_path=c91c22b#diff-c91c22b4e711690c9d2dc4c3830300ba7a1e7fa0af70e100922f13aa43c87a6e
- Horatio and Sebastien to work on Bifold and Lissi for compatible display
- To Do: Stephen Curran to work on an overlay layer type
- risk: may give organizations too much control on the look and feel of a credential
UX of Invitations
- Development of Machine Readable Governance
- Development of language around trust
- To Do: Need Proposed Initial Attempt as an Aries RFC - Sam Curren
Mobile Verifiers
- Inversion of QR scanning flow where verifier scans holder's QR code
- Other mechanisms other than QR Code (e.g.: BLE)
- Todo: Summary of existing state for BLE
- Todo: Summary of existing state for NFC
- Todo: Document use cases and UX flows
Device Backup/Recovery
- Define interop format for backup
- Not everything can be backed up. Some credentials may only be usable in the device/wallet it was issued to
- Define a backup service protocol
Error Handling and Reporting
- We don't currently have enough published community knowledge to organize the conversation very well.
- Errors need to be communicated at both a technical level and a human level
- Context for errors is important - don't imply that background errors relate to a different foreground operation.
- ToDo: Need a focused convention of agent developers to share the errors they handle and how, with a goal of capturing community knowledge and best practices.
Original Topics List
- Mobile Infrastructure (2)
- Mobile Verifiers
- Device Recovery (Backup/Restore/Sync/Rotation to new keys)
- Secure Element usage
- SDK / Embedding Agents into existing Mobile Apps
- Credential UX (3)
- SVG Cred Display
- Auto-approval of presentation requests (e.g.: trusted verifier, trusted preset, etc ...)
- Credential Theming (e.g. Icon, Colors, Description)
- Revocation implications for Mobile
- Consequences of Machine Readable Governance on UX
- Other User Experience (UX) (4)
- UX of Invitations
- Exposing errors / details to users & power users (404 and 503 like errors)
- Unsupported DID Method
- Glossary - naming conventions - how to hide technicalities in front of user
- QR / Invitations (1)
- Security
- DID method specific
- Immutability of schema and JSON-LD security issues
- Biometrics/PIN unlock (overlap with UX)
- Protocols
- DIF Credential Manifest attachment (followup from Issue Credential v2 json-ld attachment in AIPv2).
- DIDComm v2 (and related)
- DIDComm v2
- WACI