Credentials (Access Control)

By default, a consumer can access a resource if they have 1 datatoken. Credentials allow the publisher to optionally specify more fine-grained permissions.

Consider a medical data use case, where only a credentialed EU researcher can legally access a given dataset. Ocean supports this as follows: a consumer can only access the resource if they have 1 datatoken and one of the specified "allow" credentials.

Address based example:

{
  "credentials": {
    "allow": [
      {
        "type": "address",
        "values": ["0x123", "0x456"]
      }
    ],
    "deny": [
      {
        "type": "address",
        "values": ["0x2222", "0x333"]
      }
    ]
  }
}

Policy based

This example allows to check for specific credential attributes (assuming policies are defined in verifier component).

https://docs.oss.walt.id/verifier/api/vc-oid4vc#example-verification-request-3-applying-policies-to-specific-credentials

{
  "credentials": {
    "allow": [
      { "type": "verifiableCredential",
        "requestCredentials": [
        "VerifiableId",
        "ProofOfResidence",
        {
          "credential": "OpenBadgeCredential",
          "policies": [
            "signature",
            {
              "policy": "3.test",
              "args": {
                "type": "object"
              }
            }
          ]
        }
      ]}
    ]
  }
}