Wallet User Experience
- The context is giving users control over the identifiers that they use
- The primary context is the user's mobile smartphone. A secondary context is the user on a laptop computer connected to the internet.
- The operating assumption is that the user has contacted the RP with a browser and that the identity security code is a separate native or web application that will be referred to below as the Wallet.
- For convenience of this list a wallet can include references other wallets.
- Nothing in these requirements should be construed to require that all of the wallet code is resident on a device in the user's physical possession.
The following are the required success criteria for both the user and the RP in establishing and maintaining an enduring relationship. Wallets supporting ephemeral relationships are possible and may be addressed in a subsequent list as needed. The high level goal is to minimize the cognitive load on the user. The success metric of this effort is (1) the percentage of users that successfully create and maintain their own usefull identifiers under their own control and (2) the number of RPs that accept SIOP identifiers.
- RPs will have the means to test if they meet the criteria for giving users control of their own identifiers.
- RPs will provide a well-known endpoint displaying their acceptance criteria for wallets. (the need for this is TBD)
- SIOP will provide a well-known endpoint API for determining their identifier functionality that contains no user personal information and minimal correlation information.
- A user of common ability will be able to install one or more wallets and create zero or more identifiers on each wallet.
- The user can add or remove wallets at any time.
- The RP can display for the user's selection on the user's browser a small number of choices that are created entirely by browser code and information from the DOM provided by the user's browser.
- Upon selection of one of those options, the user will be able to access a wallet previously provisioned with an identifier or a wallet with a list of other wallets.
- The user will have full and effective control of the selection of an identifier that meets the RP criteria.
- If such a identifier does not exist, the user be given simple and effective instructions on creating such an identifier that does meet the criteria.
- Working together the user, the device, the browser, the wallet and the RP will establish means for the user to easily restore connectivity to the RP using the user selected identifier.
- A specification meeting these criteria will be published.
- That specification may well require new means of support from the device and browser provisioned on that device.