SCSVS-AUTH-3
S4.3 Decentralized Identity
Control Objective
Implement decentralized identity solutions to ensure secure and reliable identity verification and management while maintaining user privacy.
S4.3.A Decentralized Identifiers (DIDs)
SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SCWE |
S4.3.A1 |
Verify that the smart contract for handling DIDs adheres to the latest standards and best practices for decentralized identity management. |
|
β |
β |
|
S4.3.A2 |
Ensure that the DID management contract includes mechanisms to prevent unauthorized modifications and ensure the integrity of DID records. |
|
β |
β |
|
S4.3.A3 |
Check that DID documents managed by the smart contract are securely stored and can be retrieved in a decentralized manner. |
|
β |
β |
|
S4.3.A4 |
Verify that the smart contract supports reliable DID resolution and includes mechanisms for handling conflicts and updates. |
|
β |
β |
|
S4.3.A5 |
Ensure that the smart contract maintains the privacy and confidentiality of DID-related information throughout its lifecycle. |
|
β |
β |
|
S4.3.B Verifiable Credentials
SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SCWE |
S4.3.B1 |
Verify that the smart contract manages verifiable credentials in a way that ensures their authenticity and integrity through cryptographic proofs. |
|
β |
β |
|
S4.3.B2 |
Ensure that the issuance process of verifiable credentials by the smart contract includes proper identity verification and validation procedures. |
|
β |
β |
|
S4.3.B3 |
Check that the smart contract supports cryptographic proofs to verify the validity of credentials without disclosing sensitive information. |
|
β |
β |
|
S4.3.B4 |
Verify that the smart contract includes a secure process for revoking verifiable credentials when necessary. |
|
β |
β |
|
S4.3.B5 |
Ensure that the smart contractβs handling of verifiable credentials complies with relevant standards and best practices for secure credential management. |
|
β |
β |
|