II Alias Credential Improvements

The proposal upgrade 133801 of Internet Identity adds a new field to the Alias Credentials issued by Internet Identity for the VC Issuer (VCI) and Relying Party (RP). The name of the field is derivationOrigin, and it contains the URL that was used to derive the VCI/RP user’s principal which is provided in the sub field of the token. For improved security, it is recommended that VCI and RP check that this URL has the expected value.

Rust Library ic-verifiable-credentials published

A new library was published on crates.io to help ICP canisters to issue and verify credentials: ic-verifiable-credentials.

Issuers can use this library to issue credentials and verify the id alias credential received from the identity provider.

Relying parties can use this library to verify the credentials received.

Action Items

The recommendation for all relying parties and issuers written in Rust is to upgrade the ic-verifiable-credentials library to v1.0.0, published on crates.io.

The recommendation for all relying parties and issuers written in other languages is to validate the newly introduced derivationOrigin field in the Alias Credential.

Don’t hesitate to reply with your comments if you have any feedback. Thanks!