Out-of-Band Invitation

The defining feature of an OOB invitation is its independence from the communication channel used for its delivery. The invitation itself is a portable data object (e.g., a URL, QR code, or NFC payload) that can be transmitted via email, SMS, a physical printout, or any other medium. This separates the invitation transport from the subsequent encrypted DIDComm messaging channel that is established.

An OOB invitation contains the cryptographic material necessary to bootstrap a secure connection. It typically includes:

• The inviter's public DID or a newly generated peer DID.
• A DIDComm service endpoint (the URL for future messages).
• A one-time-use invitation key for the initial encrypted response. This allows the recipient to immediately begin a DID Exchange or Connection protocol flow to establish mutual authentication.

OOB invitations are a core component of Self-Sovereign Identity (SSI) architectures. They enable entities controlled by W3C Decentralized Identifiers (DIDs) to discover and connect without relying on a central directory or pre-existing relationship. This is critical for verifiable credential issuance, peer-to-peer agent communication, and secure interactions in decentralized ecosystems.

While standardized within Aries RFC 0434, the OOB invitation pattern is protocol-agnostic. It serves as a universal "on-ramp" that can initiate various subsequent interaction protocols. After the connection is established, the parties can seamlessly proceed to protocols like:

• Present Proof for credential verification.
• Issue Credential for credential issuance.
• Basic Message for general communication.

OOB invitations facilitate a trust-on-first-use model with cryptographic guarantees. The security derives from:

• Verifiable authenticity of the invitation contents via DIDs.
• Confidentiality of the subsequent channel using the invitation key.
• Resistance to replay attacks through one-time-use keys and protocol nonces. The trust in the initial connection is based on the security of the OOB delivery channel (e.g., trusting a QR code scanned in person).

A common real-world implementation is a QR code displayed at an airport kiosk for digital health credential verification. The QR code encodes an OOB invitation containing the verifier's DID and endpoint. A traveler's wallet app scans the code, establishes a secure DIDComm channel, and then receives a presentation request for their vaccination credential, all without pre-registration or app-specific integrations.

OOB invitations use mobile deep links to trigger wallet applications directly from a browser or another app. When a user clicks a wc:// URI, the mobile OS attempts to open the registered wallet app, passing the full invitation payload. This requires the wallet to declare support for the wc URL scheme in its app manifest. It enables a seamless "click to connect" flow, bypassing the need for manual QR code handling.

For transmission over channels that may not support raw binary data or special URI characters, the connection payload is often Base64-encoded. This encoding converts binary data into an ASCII string, making it safe for inclusion in URLs, JSON bodies, or text messages. The wallet receiving the invitation must decode the Base64 string to retrieve the original URI or JSON-RPC endpoint and symmetric key needed to establish the connection.

At its core, an OOB invitation contains a JSON-RPC payload specifying how to connect to a relay server. The encoded data includes:

• relay.protocol: The communication protocol (e.g., waku or irn).
• relay.data: The relay server URL.
• symKey: The symmetric key for end-to-end encryption.
• peerMeta: Metadata about the dApp (name, URL, description). This structured data is serialized, often URL-encoded, and embedded within the invitation URI.

Different mobile operating systems have specific mechanisms for OOB handoffs:

• iOS: Uses Universal Links (for HTTPS) or Custom URL Schemes (e.g., wc://). AirDrop can transmit the invitation as a text file.
• Android: Uses Android App Links or Intent Filters for custom URI schemes. Nearby Share can be used for proximity-based transfer. These mechanisms ensure the invitation is delivered to the correct wallet application on the user's device.

OOB invitations maintain security through:

• End-to-End Encryption: The symKey in the invitation establishes a secure channel via the relay.
• Topic Uniqueness: Each session uses a unique, unguessable topic to prevent collision attacks.
• Relay Authentication: The invitation specifies a trusted relay server, though the connection payload itself is encrypted. The primary risk is invitation interception during transmission, mitigated by using secure channels (e.g., HTTPS links, direct device-to-device transfer).

An Out-of-Band (OOB) Invitation is a foundational mechanism in decentralized identity and communication protocols, such as those defined by the Decentralized Identity Foundation (DIF). Its primary purpose is to bootstrap a peer-to-peer connection for secure message exchange without relying on a public ledger for discovery. This is achieved by sharing invitation details—like a DIDComm endpoint URL and a public DID—via QR codes, email, or messaging apps.

A standard OOB invitation contains several key pieces of data necessary for connection establishment:

• @type: Specifies the protocol, e.g., https://didcomm.org/out-of-band/2.0/invitation.
• id: A unique identifier for the invitation.
• from: The Decentralized Identifier (DID) of the inviter.
• body: A human-readable message.
• goal_code & goal: Define the purpose of the connection (e.g., issue-vc).
• services: Contains the recipient's service endpoint for receiving messages, often using the DIDComm transport protocol.

The typical flow using an OOB invitation involves a clear, multi-step handshake:

1. Invitation Creation: Alice's wallet generates an invitation payload with her DID and a service endpoint.
2. Out-of-Band Transmission: Alice shares the invitation as a QR code for Bob to scan.
3. Connection Request: Bob's wallet uses the details to send a DIDComm connection-request message directly to Alice's endpoint.
4. Response & Setup: Alice responds with a connection-response, and both parties establish a cryptographic channel for all future communications, such as credential presentations.

Using an OOB channel offers significant privacy and efficiency benefits over on-chain alternatives:

• Privacy-Preserving: Connection attempts and metadata are not broadcast on a public ledger, protecting the parties' social graph.
• Reduced On-Chain Footprint: Eliminates the need for writing connection states to a blockchain, saving gas fees and increasing scalability.
• User-Centric: The QR code method provides a familiar, intuitive user experience for initiating digital relationships.
• Interoperability: Serves as a standard entry point for various SSI (Self-Sovereign Identity) protocols, enabling wallets from different vendors to connect.

OOB invitations are a critical enabler for real-world Verifiable Credential (VC) ecosystems:

• Credential Issuance: A university invites a student to receive a digital diploma.
• Selective Disclosure: A user scans a QR code from a verifier's website to present proof-of-age without revealing their full identity.
• Agent-to-Agent Setup: Establishing secure messaging channels between Identity Agents or Edge Agents in enterprise SSI architectures.
• IoT Device Pairing: Provisioning a new device by scanning a code to establish a secure management channel.