JAOPP Self-hosted Crypto Account Ownership Credential (SCAC) Spec
Version: 0.5.0 (Draft) Target: Prototype for JAOPP (Japan Open Privacy Platform) Standard: ISO/IEC 18013-5 (mDoc)
1. Introduction
This specification defines the "Self-hosted Crypto Account Ownership Credential" (SCAC) used within the JAOPP ecosystem. SCAC allows a user to prove they own a specific cryptocurrency wallet address (Un-hosted Wallet) while maintaining a link to their verified identity, without necessarily revealing their real name to the public blockchain.
2. Data Structure (mDoc namespaces)
Based on ISO 18013-5, the SCAC uses the org.jaopp.scac namespace.
Namespace: org.jaopp.scac
| Element Identifier | Type | Description |
|---|---|---|
wallet_address | tstr | Mandatory. Public key or address of the crypto wallet (e.g., "0x..."). |
blockchain | tstr | Mandatory. Name of the network (e.g., "Ethereum", "Bitcoin"). |
chain_id | tstr | Recommended. Network identifier (e.g., "1" for Ethereum Mainnet, "137" for Polygon). |
verification_method | tstr | Method used to link ID to wallet (e.g., "jpki", "passport_nfc"). |
verified_at | tfmt | Date and time the ownership was verified. |
assurance_level | tstr | Level of identity verification (e.g., "high", "substantial"). |
issuer_id | tstr | Identifier of the SCAC issuer. |
3. Holder Binding
SCAC MUST use Holder Binding. The DeviceSigned structure from ISO 18013-5 ensures that the credential cannot be used without the private key stored in the holder's device HSM.
4. Verification Flow
- Issuer: Verifies user's identity (via JPKI) and wallet ownership (via signature).
- Issuance: Issuer signs the SCAC and sends it to the user's wallet.
- Presentation: User selects specific fields (e.g., wallet_address and assurance_level) to share with a VASP or Verifier.
- Verifier: Validates the Issuer's signature and the Device Binding.