Consuming and verifying credentials in GOV.UK Wallet
GOV.UK Wallet will allow GOV.UK One Login users to store and present digital versions of government-issued documents on their phones.
Government departments will issue cryptographically verifiable credentials to a user’s GOV.UK Wallet. The user’s credentials are linked to their GOV.UK One Login account and to their personal device, and cannot be moved to another device.
GOV.UK Wallet will help:
- government departments and certain other public sector organisations consume and verify credentials or attributes
- organisations outside of government use verified information passed to them by a digital verification service (DVS), certified under the UK digital identity and attributes trust framework and on the digital identity and attribute services register (DVS register)
This technical documentation will be updated as new information and features are available. We welcome feedback from partners and industry on our documentation - find out how to contact us.
Supported formats and protocols
GOV.UK Wallet will support multiple credential formats to represent government documents. These documents can be:
- mdoc-based credentials for the digital driving licence
- verifiable credentials (VCs) following the W3C Verifiable Credential Data Model 2.0 without selective disclosure support
It will also support multiple protocols for users to share credentials and attributes, such as:
- OpenID for Verifiable Presentation (OID4VP) for online sharing, using remote flows to verify mdoc and VC-based credentials
- ISO/IEC 18013-5 for in-person interactions, using proximity flows to verify mdoc-based credentials
GOV.UK Wallet will first enable supervised proximity flow for verification in line with ISO/IEC 18013-5. In the future, we’ll add remote flows, and more details about OID4VP profiles.
Data flows
Data flow between credential issuers, holders and verifiers
GOV.UK Wallet is built in 3 parts to connect government departments (credential issuers), users (credential holders) and verifiers requesting data (credential verifiers).
1. Government department issuers
Government departments (issuers) issue digital and verifiable versions of physical documents (credentials) to a user’s GOV.UK Wallet. For example, a government department could issue a credential containing a user’s date of birth that proves their age.
2. GOV.UK Wallet
The credential’s rightful holder (the user the credential refers to) uses GOV.UK Wallet to store, manage and present their credentials online and in person. For example, a user could store a credential containing their date of birth, and present information from it when they need to prove their age.
3. Verifier services
Government departments and certain public sector organisations will be able to verify and use credentials and attributes held in GOV.UK Wallet.
Outside of government, DVS providers will be able to access GOV.UK Wallet and verify information it holds at a user’s request. To be able to do this, a DVS must be:
- certified against the trust framework
- added to the DVS register
For example, a business (known as a relying party) selling age-restricted products could use a certified and registered DVS to request and digitally verify a customer’s age based on attributes held in credentials in their GOV.UK Wallet.
Trusted list
GOV.UK Wallet will put mechanisms in place to make sure personal data from users is shared only with trusted parties. This will mitigate the risk of malicious apps or services accessing credential data without the user’s knowledge.
GOV.UK Wallet will use trusted lists to identify consumers of credentials. Where data is shared with parties outside of government, GOV.UK Wallet will only release credentials and attributes to a digital verification service (DVS) which is certified against the trust framework and appears on the DVS register.
Further details on this functionality will be added in future.