Credential Handler API (CHAPI)

CHAPI decouples credential management from specific wallet applications. Users can choose any compatible digital wallet (e.g., browser extension, mobile app) that implements the API to store their credentials. This prevents vendor lock-in and promotes user sovereignty over their digital identity assets.

• Standard Interface: Wallets expose a common credentialHandler polyfill.
• User Choice: The browser prompts the user to select their preferred wallet when a site requests a credential.

The core interaction where a relying party (RP) requests a specific credential from a user's wallet. The flow is initiated via navigator.credentials.get() with a Verifiable Presentation Request.

• Request: RP specifies the credential type (e.g., VerifiableCredential, UniversityDegreeCredential) and any required constraints.
• User Mediation: The browser/wallet UI prompts the user to review and consent to sharing.
• Response: The wallet returns a Verifiable Presentation containing the requested credentials.

The process for an issuer (e.g., a university, government agency) to push a newly minted credential directly into a user's chosen wallet. This is initiated via navigator.credentials.store().

• Issuance: The issuer creates a signed Verifiable Credential.
• Direct Deposit: The credential is offered to the user's wallet via CHAPI, bypassing the need for downloads or manual imports.
• User Control: The user's wallet receives, validates, and stores the credential locally.

CHAPI is designed to work seamlessly with Decentralized Identifiers (DIDs) and the W3C Verifiable Credentials Data Model. Credentials are typically bound to a user's DID, and presentations prove control of the corresponding private key.

• DID Resolution: Wallets may resolve DIDs to fetch public keys for verification.
• Cryptographic Proofs: Supports Linked Data Proofs (e.g., Ed25519Signature2020) and JSON Web Tokens (JWTs) as credential formats.

CHAPI enables user-centric identity patterns across the web:

• Login: Replace passwords with a credential proving membership or age.
• KYC/AML: Share a verified credential from a bank instead of resubmitting documents.
• Education: Store and present digital diplomas to employers or other institutions.
• Healthcare: Securely manage and present vaccination records or insurance details.

Real Implementation: The Digital Credentials Consortium universities use CHAPI for issuing and verifying academic credentials.

CHAPI implements a user-agent (wallet) mediated flow, preventing websites from directly accessing credential data without explicit user consent. This shifts the security model from server-side data silos to client-side data sovereignty. The user's wallet acts as a secure intermediary, ensuring credentials are only shared when the user intentionally approves a request, minimizing data leakage and unsanctioned tracking.

A core privacy feature enabled by wallets using CHAPI is selective disclosure. Instead of presenting an entire credential (e.g., a driver's license with full name, address, and ID number), the wallet can cryptographically prove only the required claim (e.g., "age > 21"). This minimizes the personal data exposed to verifiers, adhering to the principle of least privilege and reducing the impact of potential data breaches on the verifier's side.

CHAPI is designed to handle Verifiable Credentials, which are cryptographically signed by the issuer. The wallet and verifier can independently verify the credential's authenticity (signature), integrity (that it hasn't been tampered with), and issuer status. This prevents the use of forged or revoked credentials, moving beyond insecure methods like screen-scraping PDFs or checking easily copied data.

The API defines a standardized credentialhandler origin, creating a trusted channel between the website and the wallet. This helps mitigate phishing attacks where a malicious site impersonates a legitimate credential request. The wallet's UI is rendered in a browser-controlled context, making it harder for a relying party to spoof the consent interface and trick users into releasing credentials.

The security of the overall system is contingent on the security of the user's credential wallet. This introduces considerations such as:

• Secure storage of private keys and credential data (e.g., using hardware security modules or secure enclaves).
• Wallet authentication (PIN, biometrics) to prevent unauthorized access.
• Auditability of consent logs and sharing history within the wallet. The wallet becomes a critical piece of the user's security infrastructure.

When a wallet creates a Verifiable Presentation for a verifier, it can employ advanced cryptographic techniques to enhance privacy. These include:

• Zero-Knowledge Proofs (ZKPs) to prove statements about credentials without revealing the underlying data.
• Unlinkable presentations using techniques like blinded signatures or DID rotation to prevent verifiers from correlating multiple interactions back to the same user or wallet identifier.

A Relying Party (RP), also known as a Verifier, is a website or service that requests and verifies a user's credentials via CHAPI. Its role in the flow is to:

• Request specific credentials (e.g., a proof of age or membership) using the get() method.
• Cryptographically verify the received credential's signature and status.
• Grant access or services based on the validated claims, enabling passwordless login and attribute-based authorization.

An Issuer is an authoritative entity that creates and signs Verifiable Credentials for a subject (holder). In the trust model enabled by CHAPI, issuers are critical because they:

• Attest to specific claims about the holder (e.g., a university issuing a diploma).
• Digitally sign the VC using cryptographic keys linked to their Decentralized Identifier (DID).
• Publish their public DID Document so any verifier can cryptographically confirm the credential's origin and integrity.

Self-Sovereign Identity (SSI) is a model for digital identity where individuals or organizations have exclusive ownership and control over their credentials without relying on centralized authorities. CHAPI is a key enabling technology for SSI on the web, as it provides the standardized browser API that allows:

• User-centric data flow: Credentials are stored in a user's wallet, not a central database.
• Minimal disclosure: Users can share only the specific claims needed.
• Interoperability: A wallet implementing CHAPI can work with any compliant website.

A primary application of CHAPI is replacing traditional username/password logins with passwordless authentication. A website (Relying Party) can request a Verifiable Presentation that proves the user controls a specific DID or holds a required credential.

• Flow: User clicks "Sign in with Wallet," the site calls credentials.get(), the user's wallet pops up to consent and sign, and the site receives a verifiable proof.
• Benefits: Eliminates phishing risks for passwords, reduces friction, and improves user privacy.
• Example Protocols: CHAPI is often used to implement Sign In with Ethereum (SIWE) or OpenID Connect for Verifiable Credentials (OIDC4VC).