Protocols

BaseID implements four communication protocols that enable credentials to be issued, presented, and verified between parties.

Protocol Overview

Protocol	Purpose	Crate	Specification
OID4VCI	Credential issuance (issuer to wallet)	baseid-oid4vci	OpenID4VCI
OID4VP	Credential presentation (wallet to verifier)	baseid-oid4vp	OpenID4VP
SIOPv2	DID-based authentication	baseid-siop	SIOPv2
DIDComm v2	Encrypted peer-to-peer messaging	baseid-didcomm	DIDComm v2

OID4VCI — Credential Issuance

OpenID for Verifiable Credential Issuance defines how a wallet obtains credentials from an issuer. The flow is:

1. Wallet discovers the issuer’s metadata
2. Wallet requests authorization (pre-authorized or authorization code)
3. Wallet requests the credential with a proof of key possession
4. Issuer returns the signed credential

OID4VP — Credential Presentation

OpenID for Verifiable Presentations defines how a wallet presents credentials to a verifier:

1. Verifier creates a presentation request specifying required credentials
2. Wallet matches credentials and creates a Verifiable Presentation
3. Wallet submits the presentation to the verifier
4. Verifier validates signatures and extracts claims

SIOPv2 — Authentication

Self-Issued OpenID Provider v2 enables DID-based authentication without credentials. The user proves control of a DID by signing an ID token.

DIDComm v2 — Messaging

DIDComm v2 provides encrypted, authenticated messaging between DIDs. It supports:

• End-to-end encryption
• Message routing through mediators
• Asynchronous communication
• Transport-agnostic (HTTP, WebSocket, Bluetooth)

Protocol Selection

Use Case	Protocol
Issue a credential to a wallet	OID4VCI
Verify a credential	OID4VP
Log in with a DID	SIOPv2
Send encrypted messages between parties	DIDComm v2