Merge pull request #298 from docknetwork/AgneCaunt-patch-1

AgneCaunt · web-flow · commit 1876b15dfdc1 · 2024-10-21T19:22:40.000+03:00
Update biometric-plugin.md
diff --git a/docs/biometric-plugin.md b/docs/biometric-plugin.md
@@ -1,8 +1,10 @@
-# Purpose
+# Biometric Plugin
+
+## Purpose
 
 The biometrics plugin provides a way to perform credential verification using the user's biometric data. It is useful to guarantee that only the biometric holder can perform the verification.
 
-# How to trigger a biometric verification
+## How to trigger a biometric verification
 
 To trigger a biometric verification, you need to use a verification template that asks for the biometric attributes. Check the following example:
 
@@ -51,8 +53,10 @@ The presence of the following fields should trigger the biometric check:
 }
 ```
 
-# How to enable the biometric plugin in the wallet
+## How to enable the biometric plugin in the wallet
+
 To enable the biometric plugin in a white-label wallet, you need to edit the following file src/wallet-sdk-configs.ts and add your configuration:
+
 ```typescript
 import { BiometricsPluginConfigs } from "@docknetwork/wallet-sdk-react-native/lib/default-biometrics-plugin";
 export const biometricsPluginConfigs: BiometricsPluginConfigs = {
@@ -71,29 +75,44 @@ export const biometricsPluginConfigs: BiometricsPluginConfigs = {
 
 ```
 
+## Credential expiration
 
-# Credential expiration
 Credential expiration allows the biometric service provider to specify a maximum length to the validity of a biometric check credential. If the verifier wants to force a refresh of the biometric check more frequently, the verifier can check the credential creation timestamp during verification to ensure it’s within their business rules.
 
-# Credential types
+## Credential types
+
 This plugin uses two types of credentials to perform the biometric verification:
 
-- Enrollment Credential: This optional credential contains the biometric data of the user. The biometric data is stored in the credential subject field and will be used to perform the biometric match.
-- Biometric Match Credential: This credential is issued by the biometric plugin after the biometric match. It contains the biometric ID, the issuer, and the creation date. The verifier can use this credential to check if the biometric match was performed recently and by the same issuer, and it will not contain any biometric data.
+* Enrollment Credential: This optional credential contains the biometric data of the user. The biometric data is stored in the credential subject field and will be used to perform the biometric match.
+* Biometric Match Credential: This credential is issued by the biometric plugin after the biometric match. It contains the biometric ID, the issuer, and the creation date. The verifier can use this credential to check if the biometric match was performed recently and by the same issuer, and it will not contain any biometric data.
+
+## How to bind a biometric to a credential
 
-# How to bind a biometric to a credential
 Before issuing a credential, the issuer may request to verify the biometric check credential. If a valid credential does not exist, the wallet will trigger the biometric plugin to confirm the biometric and issue a credential.
 
-The biometric check credential needs a unique binding ID that can only be generated by that specific user. The issuer can then include in the primary credential the biometric ID and biometric issuer as attributes that bind that credential to that holder's biometric.
+The biometric check credential needs a unique binding ID that can only be generated by that specific user. The issuer can then include in the primary credential, the biometric ID and biometric issuer as attributes that bind that credential to that holder's biometric.
 
 At the time of verification, the verifier can request the biometric check credential along with the primary credential. If the biometric check credential is recent enough, from the same issuer, and contains the same biometric ID, then the verifier can know it is the same holder presenting the credential.
 
-The biometric ID should not contain the user's actual biometric information. When enrolling a holder in the biometric service, it might be useful to issue an enrollment credential containing the biometric template, the generated biometric ID, and any other needed information to identify a returning user. This credential can be verified to get the user's information before checking their biometric. By storing this information with the holder, it avoids the biometric service having to store that PII outside of the control of the holder. The holder should only share a biometric enrollment credential with the biometric service that issued it.
+The biometric ID should not contain the user's actual biometric information. When enrolling a holder in the biometric service, it might be useful to issue an enrolment credential containing the biometric template, the generated biometric ID and any other needed information to identify a returning user. This credential can be verified to get the user's information before checking their biometric. By storing this information with the holder, it avoids the biometric service having to store that PII outside of the control of the holder. The holder should only share a biometric enrollment credential with the biometric service that issued it.
+
+## Using the Biometric Service Plugin
+
+* Create a [Dock API key](../../dock-certs/creating-api-keys-and-webhook-endpoints.md)
+* Wrap the Dock API in your mobile API (which is usually protected with an app username / password)
+* When a specific install does a biometric check, call your mobile API to issue a biometric credential
+  * The biometric binding nested attributes in the primary credential should include the ecosystem and biometric issuer alongside the biometric ID
+  * Your mobile API calls the Dock API to do issuance to the DID
+    * In order to use the ecosystem definition of the credentials, the Dock API should be used to query the ecosystem that is found in the credential for the “\*biometric check” schema
+    * Mobile API should include the DID that the credential is pushed to
+    * This allows the biometric check credential to be managed in the ecosystem where other participants can rely on it and VPI can be enforced
+* Biometric Service Plugin monitors credentials received. When a new biometric check credential is received, old ones can be deleted from wallet storage.
+* If biometric data should not leave the device, then the biometric service provider plugin can do a local verification of the biometric enrollment credential using the credential SDK. The biometric enrollment credential is managed independent from the ecosystem, as it should only be verified by the biometric provider.
 
-# Adding a custom biometric provider
-Adding a custom biometric provider will require the development of the plugin following the interface defined at packages/react-native/lib/default-biometrics-plugin.ts. The plugin should implement the following methods:
+## Adding a custom biometric provider
 
-- hasProofOfBiometrics: Checks if the verification template is asking for biometric attributes.
-- enrollBiometrics: Enrolls the biometric data.
-- matchBiometrics: Performs the biometric match and if it is valid, returns a biometric match credential. It will try to reuse an existing biometric match credential if it is still valid, otherwise it will remove the expired credential and issue a new one.
+Adding a custom biometric provider will require the development of the plugin following the interface defined at [packages/react-native/lib/default-biometrics-plugin.ts](https://github.com/docknetwork/react-native-sdk/blob/master/packages/react-native/lib/default-biometrics-plugin.ts). The plugin should implement the following methods:
 
+* hasProofOfBiometrics: Checks if the verification template is asking for biometric attributes.
+* enrollBiometrics: Enrolls the biometric data.
+* matchBiometrics: Performs the biometric match and if it is valid, returns a biometric match credential. It will try to reuse an existing biometric match credential if it is still valid, otherwise it will remove the expired credential and issue a new one.
diff --git a/docs/ecosystem-tools.md b/docs/ecosystem-tools.md
@@ -1,12 +1,14 @@
 # Ecosystem Tools
+
 You can find the implementation of ecosystem tools in the following location:
 
-File Path: packages/core/src/ecosystem-tools.ts
+File Path: [packages/core/src/ecosystem-tools.ts](https://github.com/docknetwork/react-native-sdk/blob/5dfbcb197b848802478d2f7a697286a8c3c28823/packages/core/src/ecosystem-tools.ts#L4)
+
 ## Usage Example
+
 Below is an example demonstrating how to use getEcosystems to retrieve ecosystem information based on an issuer's DID.
 
-Importing the Function
-First, ensure you import getEcosystems from the SDK:
+Importing the Function First, ensure you import getEcosystems from the SDK:
 
 ```js
 import {getEcosystems} from '@docknetwork/wallet-sdk-core/src/ecosystem-tools';
@@ -26,6 +28,7 @@ fetchEcosystemDetails();
 ```
 
 ## Expected Output
+
 When you run the above code, you should expect an output similar to this:
 
 ```json
@@ -37,10 +40,11 @@ When you run the above code, you should expect an output similar to this:
     }
 }
 ```
+
 This JSON output contains the details of the ecosystems associated with the given issuerDID.
 
 ## Integration Tests
+
 For more examples and usage, please refer to the integration test at:
 
-Test File Path: integration-tests/ecosystem-tools.test.ts
-This test file provides comprehensive examples on how to interact with ecosystem tools effectively.
+Test File Path: https://github.com/docknetwork/react-native-sdk/blob/master/integration-tests/ecosystem-tools.test.ts This test file provides comprehensive examples on how to interact with ecosystem tools effectively.
