Integrate with the wallet

You can test the Paradym wallet against your own implementation. If you need an issuer and or verifier to test with, you can test with the Paradym Platform, to test the more experimental Beta flows you can use the Playground.

The following standards and specifications are used (among others which are referenced through the specifications listed below):

• OpenID for Verifiable Credential Issuance 1.0 
• OpenID for Verifiable Presentations 1.0 
• High Assurance Interoperability Profile 1.0 
• SD-JWT VC - Draft 14  or ISO 18013-5 mDOC  - As the credential format
• DCQL  - For the credential query language
• X.509 Certificates  or Decentralized Identifiers .

Trust

While the EU trust ecosystem is still being developed, trust within the Paradym Wallet is handled by static lists of trusted entities bundled directly into the Wallet. This provides a simple model for testing, but is of course not scalable. The Paradym Wallet will integrate with the EUDI trust ecosystem once it is live, as well as other emerging trust ecosystems as they become available.

Registering your organization in the Paradym Wallet

You can get your organization registered as a trusted entity within the Paradym Wallet. To do so, send an enquiry to ana@animo.id. If approved, we will ask you to send over the following information:

• The root X.509 certificate, DID or OpenID4VCI issuer that will be used when interacting with the wallet.
• The name, URL and an image of your organization
• The use case and reason for integrating with the Paradym Wallet.

Remote/Online Integration

The basis for remote integration with the Paradym Wallet is the High Assurance Interoperability Profile  (HAIP).

The Paradym Wallet supports all features and requirements from HAIP, with a few exceptions listed below.

Issuance

All HAIP requirements should be followed, with the following exceptions:

• The Paradym Wallet does not support sending Wallet or Key attestations yet. For the credential request only the jwt proof type without key_attestations_required is supported.
• Automatic credential refresh is currently only supported for the PID when issued from within the app. The wallet will use a new instance each time, but keep using the latest instance. In a future update the wallet will try to refresh credential, and otherwise warn the user that unlinkability cannot be guaranteed.
• The current release does not support signer issuer metadata, but support for this will land in the next wallet release.
• The Paradym Wallet expects status list tokens referenced in SD-JWT VC credentials to be signed using the same key. HAIP allows a different key to be used, but doesn’t specify how this can be achieved. Once the EU Trust List is live and integrated into the Paradym Wallet, this will be supported for EU-based interactions.
• The Paradym Wallet uses the credential and issuer display from the OpenID4VCI Metadata and SD-JWT VC Type Metadata for rendering of the credential. The current release does not use the claim or localization metadata yet, but this will used in the next release.

Verification

All HAIP requirements should be followed, there’s no exceptions. There are some useful notes to consider:

• The Paradym Wallet does not take revocation status into account yet when selecting credentials for a presentation request. Expired credentials are shown as such in the wallet, but can still be shared. This means that the user might present a revoked or expired credential.
• Credential selection is not supported yet. The first credential that matches will be used in the presentation, it is recommended to make your query as explicit as possible (e.g. including Trusted Authorities) to prevent an invalid credential from being shared.
• If a requested credential was not found, the wallet will show whether
• The Paradym Wallet supports presenting credentials using OpenID4VP over the W3C Digital Credentials API (as defined in HAIP), but this only works on Android due to limitations in the DC API for iOS. Presenting credentials using DC API based on 18013-7 Annex C is not supported yet.

Proximity/In-Person Integration

The Paradym Wallet only supports proximity presentation for mDoc based credentials based on the ISO 18013-5 specification.

You can test easily test the proximity presentation on any laptop or desktop in Chrome using the [ISO 18013-5 Web Proximity Reader] from the French playground. For more info see EUDIW Unfold.

There following exceptions should be considered:

• The Paradym Wallet does not support mDoc reader authentication yet, which means that the entity requesting the credentials will always show up as unknown and unverified. We will add support for this in a future version.

Credential Formats

The Paradym Wallet supports the SD-JWT VC and ISO 18013-5 mDoc credential formats based on the requirements from HAIP.

This section outlines some considerations for the supported credential formats in the Paradym Wallet.

SD-JWT VC

• The Paradym Wallet does not support the SVR rendering method yet from the SD-JWT VC Type Metadata.
• The current release of the Paradym Wallet resolves and leverages VCT Type Metadata, but does not resolve and merge the extends chain yet. This will be supported in the next Paradym Wallet release.
• Due to the previous point, the current release of the Paradym Wallet does not support DCQL queries for extended vct values (e.g. requesting the base PID vct also matches the extended German-specific vct value). This will be supported in the next release as well.

ISO 18013-5 mDocs

• The Paradym Wallet does not recognize a status list included in an ISO 18013-5 (as specified in the second revision draft of 18013-5), but it also won’t reject mdocs that include it