2021 Aries Mobile Summit

The Mobile Summit is a series of weekly workshops organized to address issues specific to mobile agents and wallets.

Meetings

RFC 496 - Transition to OOB and DID Exchange From 2021-11-16 Session

How are we really going to do deep-links? From 2021-11-16 Session

Handling HTTP on mobile, since mobile OS's require an exemption to use HTTP. DIDComm over HTTPS results in double encryption. From 2021-11-16 Session

To Do: PR to RFC 0025 Transports to make HTTPS a SHOULD since the UX to request an exemption is a Bad Thing Jason Leach

Auto-approval of presentation requests. From 2021-12-07 Session

Can be risky, e.g. auto-presenting could lead to interaction-less login
One aspect: bulk approval (present series of proofs with one user action to approve)
Another aspect: policy approval (conditions by which an approval or other user action can be automated)
- Care needed on: anti-patterns, security vs. convenience, following SSI principles, fiduciary responsibility when agents work on behalf of users
To Do:
- Needs bulk presentation request (Present Proof) (mostly done)
- Needs policy to recommend bulk actions
- Policy approval is complex and needs more investigation

Machine-Readable Governance and UX. From 2021-12-07 Session

Credential UX

Theming can be facilitated using overlay bundles and SVG
Review Horatio's work on SVG credential display: https://github.com/hyperledger/aries-rfcs/pull/694/files?short_path=c91c22b#diff-c91c22b4e711690c9d2dc4c3830300ba7a1e7fa0af70e100922f13aa43c87a6e
Horatio and Sebastien to work on Bifold and Lissi for compatible display
To Do: Stephen Curran to work on an overlay layer type
risk: may give organizations too much control on the look and feel of a credential

UX of Invitations

Mobile Verifiers

Device Backup/Recovery

Define interop format for backup
- Not everything can be backed up. Some credentials may only be usable in the device/wallet it was issued to
Define a backup service protocol

Error Handling and Reporting

We don't currently have enough published community knowledge to organize the conversation very well.
Errors need to be communicated at both a technical level and a human level
Context for errors is important - don't imply that background errors relate to a different foreground operation.
ToDo: Need a focused convention of agent developers to share the errors they handle and how, with a goal of capturing community knowledge and best practices.

Mobile Infrastructure (2)
- Mobile Verifiers
- Device Recovery (Backup/Restore/Sync/Rotation to new keys)
- Secure Element usage
- SDK / Embedding Agents into existing Mobile Apps
Credential UX (3)
- SVG Cred Display
- Auto-approval of presentation requests (e.g.: trusted verifier, trusted preset, etc ...)
- Credential Theming (e.g. Icon, Colors, Description)
- Revocation implications for Mobile
- Consequences of Machine Readable Governance on UX
Other User Experience (UX) (4)
- UX of Invitations
- Exposing errors / details to users & power users (404 and 503 like errors)
  - Unsupported DID Method
- Glossary - naming conventions - how to hide technicalities in front of user
QR / Invitations (1)
- How are we really going to do deep-links?
- RFC 496 - Transition to OOB and DID Exchange
- RFC 700 - sending out-of-band as query parameters and enable redirect back.
- HTTP Mobile exemptions
Security
- DID method specific
- Immutability of schema and JSON-LD security issues
- Biometrics/PIN unlock (overlap with UX)
Protocols
- DIF Credential Manifest attachment (followup from Issue Credential v2 json-ld attachment in AIPv2).
- DIDComm v2 (and related)
  - DIDComm v2
  - WACI