AI 扩展计划 / Playbooks

AI Digital Identity Wallet / Verifiable Credentials / Trust Playbook

核心判断:

701 行AI_DIGITAL_IDENTITY_WALLET_VERIFIABLE_CREDENTIALS_TRUST_PLAYBOOK.md

AI Digital Identity Wallet / Verifiable Credentials / Trust Architecture Playbook

定位: 面向 CBAP+、高级 AI PM、Identity Product Architect、Enterprise Architect、Fraud Risk、KYC/KYB Operations、Privacy、Compliance、AI Governance 和 Customer Onboarding Lead, 把 digital identity wallet、verifiable credentials、DID、passkeys、relying-party policy、selective disclosure、revocation/status、fraud controls、agent delegation 和 evidence 设计成可落地、可治理、可审计的 AI identity trust operating system。适用范围: retail onboarding、KYC refresh、KYB onboarding、benefit/eligibility verification、age-gated or license-gated product、account recovery、agentic customer assistant、employee copilot、financial crime operations、credential-based customer servicing、wallet-based document collection。核心产出: executive framing、trust taxonomy、issuer/claim acceptance policy、wallet UX control、decision gates、RACI、implementation roadmap、evidence pack、QA/eval scenarios、metrics、anti-patterns、tabletop scripts 和 portfolio artifacts。

核心判断:

Digital identity wallets reduce repeated proof collection only when the relying party has a governed way to decide which verified claims can be trusted, for what purpose, under what assurance, with what AI boundary and with what evidence.

0. Disclaimer

本文是学习、作品集、架构训练和内部治理讨论材料, 不构成法律意见、合规结论、KYC/KYB 充分性判断、身份核验认证、隐私影响评估结论、模型验证报告、欺诈处置指令、消费者通知建议或供应商推荐。

正式项目必须由 Legal、Compliance、Privacy、Financial Crime、Fraud Risk、Identity and Access Management、Information Security、Data Governance、Model Risk、Customer Experience、Operations、Accessibility、Product Owner、Architecture、Vendor Management、Internal Audit 和管理层结合机构类型、产品风险、司法辖区、客户分层、渠道、证明等级、凭证来源、认证方式、vendor performance、数据驻留和内部政策确认。

边界原则:

Verifiable credential 是 evidence input, 不是自动合规结论。
Wallet presentation 是 customer-mediated disclosure, 不是无限授权。
Passkey / WebAuthn 是 authentication signal, 不是完整 proofing。
AI inference 是 low-assurance signal, 不是 verified claim。
DID/VC 可以使用 ledger、web、peer、federated、registry 或其他 pattern; blockchain 不是必要条件。
KYC/KYB、身份核验、凭证可接受性、保留期限、拒绝/复核和客户通知的具体要求取决于 institution、product、jurisdiction、policy 和 legal/compliance interpretation。

1. Executive Framing

高管通常会听到这样的项目叙事:

Use digital identity wallets to make onboarding instant.
Use verifiable credentials to remove KYC friction.
Let AI agents collect and verify customer documents.

这些说法如果没有 trust architecture, 会把身份风险隐藏到更深层:

签名有效的凭证来自不被本产品接受的 issuer。
客户钱包展示了过多 PII, 机构承担不必要保留和泄露风险。
AI 把客户自述、模型推断和 issuer-attested claims 混为一谈。
Passkey 登录被误解成“真实身份已核验”。
Revoked/stale credential 由于未做 status/freshness check 被接受。
Agent 代表客户提交材料, 但没有 action-bound consent 和撤销能力。
投诉发生后, 团队无法重放客户同意了什么、AI 用了什么、政策为什么接受/拒绝。

Executive one-liner:

Wallet-based identity is a relying-party risk decision architecture, not a document upload replacement.

1.1 Board / Steering Committee Questions

我们接受哪些 issuers、credentials、assurance levels, 为什么?
哪些 claims 可以用 selective disclosure 取代 full document collection?
AI 系统是否明确区分 verified claims、customer-declared data、authentication signals 和 inferred attributes?
失效、撤销、issuer incident、wallet recovery 和 agent delegation 失败时, 系统如何降级?
是否能用证据证明 customer consent、minimal disclosure、policy decision、human review 和 final communication?

2. Source Anchors

Anchor	Official link	本 playbook 使用方式
NIST SP 800-63-4 Digital Identity Guidelines	https://pages.nist.gov/800-63-4/	用 IAL / AAL / FAL、subscriber-controlled wallets、passkeys、fraud requirements、customer experience 和 continuous evaluation 组织 identity assurance gates
NIST Digital Identity Guidelines	https://www.nist.gov/identity-access-management/digital-identity-guidelines	用 NIST digital identity guidance 作为 identity proofing、authentication、federation、安全、隐私和 customer experience 的官方锚点
NIST Digital Identity Guidelines project page	https://www.nist.gov/identity-access-management/projects/nist-special-publication-800-63-digital-identity-guidelines	用项目说明连接 identity proofing、authentication、federation、安全、隐私和客户体验
W3C Verifiable Credentials Data Model 2.0	https://www.w3.org/TR/vc-data-model-2.0/	用 issuer / holder / verifier、claims、presentations、status、evidence、privacy 和 verifier policy 设计 credential lifecycle
W3C DID Core	https://www.w3.org/TR/did-core/	用 DID controller、DID document、verification methods、resolution、key rotation、revocation 和 correlation risk 设计 identifier controls
W3C Web Authentication Level 3	https://www.w3.org/TR/webauthn-3/	用 RP-scoped public-key credentials、authenticator consent、attestation、passkeys 和 holder authentication signals 设计 step-up
NIST AI RMF	https://www.nist.gov/itl/ai-risk-management-framework	用 Govern / Map / Measure / Manage 组织 AI 对 identity claims 的风险、eval、monitoring 和 incident response
ISO/IEC 42001 overview	https://www.iso.org/standard/42001	用 AI management system、roles、operations、performance evaluation、internal audit 和 continual improvement 建立 operating model

Source-to-control pattern:

source anchor -> control objective -> product decision -> policy rule
  -> workflow requirement -> evidence artifact -> owner -> monitoring metric

3. Trust Taxonomy

3.1 Ecosystem Roles

Role	Product meaning	Control question
Issuer	签发 credential 的政府、银行、企业、学校、registry、license authority 或内部系统	是否被本产品的 trust framework 接受?
Holder	持有并展示 credential 的客户、员工、企业代表、agent-controlled account 或 device wallet	holder 是否有权展示, 是否理解 disclosure?
Subject	claim 所指向的人、企业、账户、设备、许可证、角色或关系	subject 与 holder 是否一致或被授权代理?
Verifier / RP	接收 presentation 并决定是否依赖的机构或系统	policy 如何判断可接受性和用途边界?
Trust registry	记录 accepted issuers、schemas、assurance、status endpoints、policy metadata	谁治理, 多久更新, 如何处理 issuer incident?
Wallet provider	提供 credential storage、presentation UX、backup/recovery 的应用或平台	是否满足安全、隐私、可访问性和证据要求?
AI system	解释、预填、总结、路由、检测不一致或辅助决策的模型/agent	是否被限制在 grounded, non-authoritative role?

3.2 Information Classes

Class	Examples	Allowed use
Verified credential claim	age-over-18, verified address, business registration, license status	RP policy input after verification and acceptance
Customer-declared data	expected activity, job title, business description	application data, may require evidence
Authentication signal	passkey assertion, session assurance, device binding	holder/session risk and step-up context
Relying-party observed fact	account tenure, prior case, transaction history	risk/context under policy
AI-inferred attribute	likely income band, likely business owner, age estimate, vulnerability signal	low-stakes support/routing only unless separately governed
Fraud/risk signal	device risk, velocity, graph anomaly, issuer incident	review/routing and risk controls

3.3 Assurance Vocabulary

Term	Practical use
Cryptographic validity	proof verifies against issuer/controller material
Issuer trust	issuer is accepted for claim type and purpose
Proofing assurance	how strongly subject was proofed before issuance
Holder binding	presentation is connected to authorized holder/session
Authentication context	current user/session/authenticator strength
Claim freshness	claim is recent enough for product policy
Status result	credential not revoked/suspended/expired per status method
RP acceptance	relying party accepts claim for this specific purpose

4. Reference Architecture

issuer and trust registry
  -> credential issuance / lifecycle / status
  -> holder wallet and recovery
  -> RP presentation request
  -> consent and selective disclosure UX
  -> authentication / passkey / holder binding
  -> credential verification service
  -> DID resolver / key and status services
  -> issuer trust and assurance mapping
  -> relying-party policy engine
  -> fraud and risk orchestration
  -> AI assistant / agent workflow
  -> human review / exception / complaint
  -> evidence ledger / monitoring / governance

Architecture capabilities:

Capability	What it must do
Trust registry management	accepted issuer、schema、assurance、status endpoint、incident state、jurisdiction mapping
Presentation request service	请求最小 claims, 绑定 purpose、RP、retention、risk tier、nonce
Wallet UX layer	展示 verifier、claims、purpose、fallback、receipt、accessibility
Verification service	deterministic proof/status/schema/holder-binding verification
RP policy engine	判断 verified claim 是否可用于当前产品和风险场景
Authentication/step-up	passkey/WebAuthn/session/device signals for sensitive disclosure
Fraud orchestration	credential replay、wallet takeover、synthetic identity、issuer anomaly
AI guardrail layer	只消费 accepted claims and evidence; 不生成 identity conclusions
Evidence ledger	consent、VP、verification、status、policy、AI、human、final message
Governance layer	NIST AI RMF / ISO 42001-aligned controls, monitoring, audit, improvement

5. Decision Gates

Gate 0: Use Case Eligibility

Question	Pass condition
Is identity evidence used for access, eligibility, onboarding, KYC/KYB, recovery or regulated workflow?	Use case risk tier documented
Can a wallet credential reduce repeated collection without increasing privacy/fraud risk?	Minimum claim set defined
Are non-wallet fallback and accessibility paths required?	Approved fallback route exists
Is AI involved in collecting, interpreting, summarizing or acting on identity evidence?	AI boundary and evidence controls documented

Gate 1: Claim and Issuer Acceptance

Question	Pass condition
What exact claims are needed?	`required_claims` and `optional_claims` listed
Which issuers are accepted?	issuer allowlist/trust registry entry
What assurance level is required?	proofing/authentication/federation mapping defined
Which credential formats/profiles are accepted?	format and schema version approved
Is blockchain/ledger dependency present?	technology dependency and privacy/correlation review completed

Question	Pass condition
Does the customer see verifier, purpose, requested claims and retention?	UI copy and consent receipt versioned
Is selective disclosure supported?	full-document collection avoided where possible
Does the journey support passkey/step-up for sensitive disclosure?	auth context policy defined
Can customers use fallback or assisted route?	operational and accessibility path tested
Can customers retrieve or challenge disclosure history?	receipt and support route available

Gate 3: Verification and RP Policy

Question	Pass condition
Is proof verification deterministic, not LLM-based?	verifier service test passed
Are status and freshness checked?	status/freshness evidence captured
Is issuer trust separated from proof validity?	RP policy engine reason codes
Are AI-inferred attributes excluded from identity proofing decisions?	data policy and eval pass
Does exception routing exist for ambiguous or conflicting claims?	review queue and decision record

Gate 4: Fraud and Abuse

Question	Pass condition
Can the system detect replay and audience mismatch?	nonce, challenge, audience binding
Are wallet recovery and device change events monitored?	risk rule and dashboard
Are issuer incidents and key rotation handled?	issuer incident runbook
Are synthetic identity and credential package inconsistencies reviewed?	fraud review route
Does AI avoid revealing fraud rules?	customer communication guardrail

Gate 5: Evidence, Complaints and Lifecycle

Question	Pass condition
Can a case replay consent, presentation, verification, policy and final decision?	evidence pack complete
Are retention and access separated by data sensitivity?	data governance approval
Can complaint operations link to credential and AI traces?	complaint schema updated
Are credential refresh/revocation lifecycle events monitored after onboarding?	lifecycle control defined
Is CAPA linked to issuer, wallet, AI, policy or ops defect?	RCA taxonomy and backlog owner

6. Required Artifacts

Artifact	What it proves
Use Case Boundary Card	明确产品、客户、渠道、risk tier、AI role 和 decision impact
Claim Minimization Matrix	证明只请求业务目的所需 claim
Issuer Trust Registry	证明哪些 issuer/schema/assurance 被接受
Credential Acceptance Policy	证明 verified claim 如何变成 RP-accepted claim
Wallet UX Consent Pack	证明客户理解披露对象、目的、字段、保留和 fallback
Authentication Context Policy	证明 passkey/WebAuthn/session/device signals 的用途边界
AI Identity Data Policy	证明 verified、declared、observed、inferred、risk signals 被分开治理
Fraud Threat Model	覆盖 replay、wallet takeover、fake issuer、issuer compromise、synthetic identity
Agent Delegation Matrix	证明 agent 代表谁、做什么、用哪些 claims、何时撤销
Evidence Bundle Schema	证明每个 reliance decision 可重放
QA/Eval Scenario Suite	覆盖 verification、status、selective disclosure、AI misuse、fraud and accessibility
Operating Model RACI	明确 Product、IAM、Fraud、Legal、Compliance、Privacy、Model Risk 和 Ops 责任

6.1 Claim Minimization Matrix

Business purpose	Bad request	Better request
Age-gated access	full DOB and ID number	`age_over_18 = true` from accepted issuer
Residency eligibility	full address and document image	jurisdiction/state residency claim
Professional eligibility	full license document	license status, license type, issuing jurisdiction
Business onboarding	all incorporation documents	legal entity existence, authorized representative, beneficial ownership evidence per policy
Account ownership	bank statement PDF	account ownership credential or verified account signal

6.2 AI Identity Data Policy

Data class	AI may do	AI must not do
Verified claims accepted by RP policy	prefill, summarize, explain next steps	expand beyond claim semantics
Verified but not accepted claims	explain gap, route exception	treat as accepted
Customer-declared data	compare to verified evidence, request support	label as verified
AI-inferred attributes	soft support, risk review signal	use for proofing/eligibility without approval
Fraud signals	summarize for reviewer	disclose sensitive rules to customer
Authentication signals	route step-up, session context	claim real-world identity is proven

7. RACI / Operating Model

Activity	Accountable	Responsible	Consulted	Informed
Use case risk tier	Product Owner	AI PM / Senior BA	Compliance, Fraud, Privacy, Model Risk	Steering Committee
Claim minimization	Privacy / Data Governance	Product / BA	Legal, Compliance, CX	Operations
Issuer trust registry	Identity Governance	IAM / Architecture	Legal, Compliance, Fraud, Vendor Mgmt	Product
Credential verification service	Architecture	IAM / Platform Engineering	Security, Privacy, Product	Operations
RP policy engine	Business Risk Owner	Product / Rules Platform	Compliance, Fraud, Legal	Audit
Wallet UX consent	Product Owner	CX / Design / BA	Privacy, Legal, Accessibility	Operations
Passkey / authentication context	IAM Owner	Security / IAM Engineering	Fraud, CX, Product	Risk Committee
AI guardrails and evals	Model Risk / AI Governance	AI PM / ML Platform	Compliance, Product, Security	Audit
Fraud threat model	Fraud Risk	Fraud Analytics / Security	IAM, Product, Legal	Executive Risk
KYC/KYB interpretation	Compliance / Financial Crime	KYC/KYB Ops	Legal, Product, Data	Senior Management
Evidence ledger	Architecture	Platform / Data Engineering	Audit, Privacy, Compliance	Operations
Complaint linkage	Complaint Operations	Case Management / Data	Product, Compliance, Model Risk	Audit
Independent assurance	Internal Audit	Audit Team	Risk, Legal, Technology	Board Committee

Governance cadence:

Cadence	Forum	Output
Weekly	Pilot exception and fraud review	blocked credentials, false rejects, review backlog
Monthly	Identity wallet performance review	completion, status failures, issuer issues, complaints
Monthly	AI identity guardrail review	inference misuse, hallucinated identity claims, eval defects
Quarterly	Trust registry and RP policy review	issuer changes, assurance mapping, jurisdiction/product updates
Quarterly	Fraud and model risk committee	synthetic identity, wallet takeover, replay, drift, CAPA
Semiannual	Tabletop exercise	issuer compromise, wallet outage, agent overreach, status service failure
Annual	AI management system / internal audit review	policy effectiveness, evidence completeness, control maturity

8. Implementation Roadmap

Days 1-30: Strategy and Control Baseline

Day range	Work	Artifact
1-3	Select one high-value journey: retail onboarding, KYB refresh, age-gated feature, account recovery	Use Case Boundary Card
4-7	Define exact claims and business purposes	Claim Minimization Matrix
8-11	Identify accepted issuers, schemas, assurance and formats	Issuer Trust Registry v1
12-15	Map identity inputs into verified/declared/observed/inferred/risk/auth classes	AI Identity Data Policy
16-20	Define RP acceptance rules, status/freshness and exception paths	Credential Acceptance Policy
21-24	Design wallet UX consent, selective disclosure and fallback	Wallet UX Consent Pack
25-27	Threat model replay, wallet takeover, issuer compromise, AI misuse	Fraud Threat Model
28-30	Define evidence schema and metrics	Evidence Bundle and Dashboard Spec

Days 31-60: Controlled Pilot

Day range	Work	Artifact
31-35	Build deterministic verification integration and status checks	Verification Test Report
36-40	Configure RP policy engine and reason codes	Policy Decision Log
41-45	Implement passkey/step-up and holder-binding controls	Authentication Context Report
46-50	Create AI guardrails for identity claims and inferences	AI Eval Suite
51-55	Train operations on credential exceptions and evidence	Ops Playbook and Training Record
56-60	Launch limited pilot with manual review sampling	Pilot Control Report

Days 61-90: Scale and Assurance

Day range	Work	Artifact
61-65	Analyze false rejects, false accepts, fallback, complaints	Outcome Review
66-70	Tune issuer/policy/fraud thresholds	Trust Policy Change Record
71-75	Integrate complaint linkage and CAPA	Complaint Learning Loop
76-80	Run issuer outage/status failure/agent overreach tabletop	Tabletop Decision Log
81-85	Complete model risk, privacy and compliance review	Governance Review Pack
86-90	Decide scale, restrict, redesign or retire	Go/No-Go Decision Record

9. Evidence Pack

Minimum evidence fields:

Field	Purpose
`case_id`	onboarding / KYC / KYB / recovery reference
`use_case_id`	product and workflow
`customer_or_business_ref`	controlled reference, not raw PII in generic logs
`presentation_request_id`	RP request
`verifier_id` / `rp_id`	relying party
`purpose`	why claims were requested
`requested_claims`	claim list and optional/required flag
`disclosed_claims`	actual claim set shared
`consent_receipt_id`	customer/employee approval
`wallet_provider_ref`	wallet/provider metadata where permitted
`credential_schema_id`	profile and version
`issuer_id`	issuer/controller
`issuer_trust_policy_id`	trust registry snapshot
`verification_result`	cryptographic/schema/holder proof
`status_result`	revocation/suspension/expiration/freshness
`auth_context`	passkey/WebAuthn/session/device signals
`fraud_risk_result`	risk score and reason codes
`rp_policy_decision`	accept, reject claim, review, fallback
`ai_run_id`	any AI assistance used
`ai_input_classes`	verified / declared / inferred / risk / auth
`human_decision`	reviewer action and rationale
`customer_final_message_id`	final-channel capture
`complaint_id`	linked complaint if any
`retention_rule`	records policy
`capa_id`	improvement action if defect

Evidence rules:

Store raw credential artifacts and curated decision summaries separately.
Never log full wallet secrets, private keys or access tokens.
Hash or tokenize sensitive identifiers in observability systems.
Capture what the customer actually saw before disclosure.
Record status check time and policy version, not just final pass/fail.
Mark AI-inferred fields explicitly in evidence and reviewer UI.
Treat missing evidence as a control defect, not a documentation issue.

10. QA / Eval Scenario Suite

Scenario	Expected behavior
Valid credential from unaccepted issuer	proof verifies, RP policy rejects or routes exception
Accepted issuer but revoked credential	status check blocks acceptance
Expired address credential	request refresh or alternate proof
Wallet requests full DOB for age gate	minimization defect; use age-over-X claim
AI infers customer is over 18 from profile	blocked for eligibility; request verified claim
Passkey-authenticated session with no proofed identity	allowed for login context, not proofing
Holder presents credential for another subject	holder-binding or review route triggers
Issuer status endpoint outage	apply documented fail/hold/review policy
Credential package inconsistent with customer-declared data	route to review with clear evidence summary
Agent attempts disclosure beyond customer approval	deny by action hash/scope
Wallet recovery followed by high-risk application	step-up and fraud review
Customer using screen reader cannot approve disclosure	accessibility defect and assisted fallback
Complaint says AI rejected identity unfairly	link AI run, credential trace, policy reason and final message

AI-specific eval checks:

Model does not say “identity verified” when only authentication succeeded.
Model does not turn inferred attribute into verified claim.
Model does not ignore revoked/stale status.
Model explains missing evidence without giving legal/compliance conclusions.
Model summarizes reviewer package using source-linked facts.
Model avoids revealing sensitive fraud rules.

11. Checklists

11.1 Release Checklist

Check	Passing evidence
Use case risk tier assigned	risk assessment record
Claim minimization approved	minimization matrix
Accepted issuers defined	trust registry snapshot
Credential formats/schema approved	profile review
Verification service tested	proof/status/schema test
RP policy reason codes configured	decision log
Wallet UX consent reviewed	UI copy and receipt
Fallback and accessibility tested	assisted journey evidence
AI inference restrictions enforced	eval report
Fraud threat model completed	threat matrix
Evidence bundle complete	test case replay
Complaint linkage tested	complaint simulation
Operations trained	training and QA record

11.2 Wallet UX Checklist

Check	Passing evidence
Verifier identity visible	UI screenshot/spec
Purpose clear and specific	content approval
Required vs optional claims separated	presentation request
Selective disclosure supported	disclosed claim audit
Retention and use explained	consent receipt
AI training/use statement clear	data use disclosure per policy
Passkey/step-up for sensitive disclosure	auth event
Fallback route available	assisted route test
Accessibility manually tested	screen reader/keyboard evidence

11.3 Relying-Party Policy Checklist

Check	Passing evidence
Issuer is accepted for claim type	trust registry
Schema is current	schema version
Assurance level meets risk	policy rule
Status checked	status event
Freshness window passed	freshness decision
Holder binding sufficient	VP proof/auth context
Fraud risk below threshold or reviewed	risk decision
AI inference excluded from proofing	policy log
Customer-facing reason available	final message

11.4 Agent Delegation Checklist

Check	Passing evidence
Agent identity registered	`agent_id` and owner
Workflow run bound to purpose	run record
Customer/employee approved specific disclosure	approval/consent id
Claims and RP fixed by action hash	action hash
Agent cannot access wallet private keys	architecture review
Token/session expires quickly	TTL config
Revocation stops pending disclosures	revocation test
Human review for high-impact submit	approval record

12. Metrics and KRIs

Metric	Why it matters
Wallet onboarding completion rate	value of reduced friction
Fallback completion rate	inclusion and resilience
Average claims requested per journey	privacy minimization
Full-document request rate	over-collection risk
Status check failure rate	issuer/status reliability
Revoked/stale credential attempt rate	risk pressure
Issuer incident count	trust registry health
RP policy exception rate	policy clarity and ecosystem maturity
Manual review overturn rate	false reject/accept learning
Synthetic identity escape among wallet users	fraud control effectiveness
Wallet recovery-to-high-risk-action rate	takeover risk
AI inference misuse defects	AI governance health
Hallucinated identity conclusion rate	model guardrail health
Complaint identity trace completeness	audit readiness
Consent receipt completeness	customer trust and evidence
Accessibility defect rate in wallet UX	equal access
CAPA aging	governance follow-through

Balanced scorecard:

Friction: customers complete faster with less repeated proof.
Privacy: fewer claims and less full-document collection.
Trust: issuers, status and assurance are governed.
Risk: fraud and wallet abuse are monitored.
AI safety: models do not convert inference into identity fact.
Evidence: every RP reliance decision is replayable.
Inclusion: fallback and accessibility paths work.

13. Anti-Patterns

Anti-pattern	Why it fails	Better pattern
“Any VC is acceptable”	cryptographic validity does not establish issuer trust	issuer trust registry and RP policy
“Connect wallet to verify identity”	wallet connection is not proofing	credential verification plus assurance mapping
“Passkey means KYC complete”	authentication signal is not identity proofing	separate AAL, IAL and RP acceptance
Full ID credential for every journey	privacy and breach risk	selective disclosure and abstract claims
LLM verifies credential	hallucination and prompt injection risk	deterministic verifier service
AI-inferred attributes in identity store	unsupported claims and bias	separate inference store with prohibited uses
No status check	revoked/stale credentials accepted	status/freshness policy
Blockchain as trust substitute	registry immutability does not equal issuer governance	trust framework and issuer accountability
Mobile-only wallet onboarding	exclusion and operational fragility	fallback and assisted proofing
Agent holds customer wallet keys	unauthorized disclosure and poor revocation	holder-mediated disclosure
Complaint outside identity trace	impossible RCA	complaint-to-evidence linkage
Success measured only by speed	hidden fraud/privacy harms	balanced scorecard

14. Tabletop Scenarios

Scenario 1: Valid Proof, Untrusted Issuer

A customer presents a cryptographically valid employment credential from an issuer
that is not in the institution's accepted issuer registry for income verification.
The AI assistant says the document looks valid and recommends approval.

Expected decisions: proof vs acceptance separation, AI output correction, customer explanation, exception route, issuer onboarding process。

Scenario 2: Revoked Credential During KYC Refresh

The credential signature verifies, but the status service returns revoked.
The customer previously completed onboarding using the same credential.

Expected decisions: fail/review policy, customer notice language, account lifecycle review, evidence retention, complaint path。

Scenario 3: Agent Over-Disclosure

A customer-facing AI agent requests full address, DOB, license number and document image
for a journey that only needs age-over-18.

Expected decisions: minimization defect, agent prompt/tool policy update, consent UX correction, QA regression。

Scenario 4: Wallet Recovery Followed by High-Risk Application

A wallet is recovered on a new device and immediately used to present credentials
for a high-limit financial product.

Expected decisions: authentication step-up, device risk, fraud review, cooling-off, customer support path。

Scenario 5: KYB Authorized Representative Ambiguity

A business wallet presents a legal entity credential and an employee role credential,
but the authority to open financial products is unclear.

Expected decisions: role/authority claim requirement, corporate authorization evidence, human review, legal/compliance interpretation boundary。

Scenario 6: Accessibility Failure

A screen reader user cannot review the wallet disclosure screen and misses the consent deadline.

Expected decisions: equivalent access, deadline protection, alternative channel, vendor defect, complaint/remediation linkage。

15. Portfolio Deliverables

Deliverable	What it demonstrates
Executive one-pager	你能把 wallet identity 从技术集成讲成信任与风险控制
Claim minimization matrix	你能用 selective disclosure 降低隐私风险
Issuer trust registry design	你能定义 issuer、schema、assurance、status 和 incident governance
RP policy decision table	你能把 verified credential 转成 business acceptance
Wallet UX consent pack	你能设计客户可理解、可审计的 disclosure flow
AI identity data policy	你能区分 verified claims 和 AI-inferred attributes
Agent delegation matrix	你能控制 AI agent 代表客户/员工的披露和行动
Fraud threat model	你能覆盖 replay、wallet takeover、issuer compromise、synthetic identity
Evidence bundle schema	你能证明每个 reliance decision 可重放
QA/eval scenario library	你能把 source anchors 转成测试和 release gates
RACI and roadmap	你能推动跨 IAM、Fraud、Compliance、Privacy、Ops 的落地

Portfolio storyline:

I designed a digital identity wallet trust architecture for AI-enabled financial onboarding.
The system requests only minimum verified claims, verifies credentials deterministically,
applies relying-party policy, keeps AI inferences separate, monitors fraud,
uses passkeys for proportional authentication, supports agent delegation with consent,
and preserves evidence from wallet presentation to final customer decision.

16. Interview Answers

Q1: 如何向高管解释 VC wallet 的价值和边界?

30 秒:

价值是减少重复证明收集, 让客户通过钱包选择性展示由可信 issuer 签发的 claims。边界是签名有效不等于业务可接受, 钱包连接不等于身份核验, AI 推断不等于 verified claim。必须有 issuer trust registry、RP policy、status check、fraud controls、consent receipt 和 evidence replay。

Q2: VC 是否需要 blockchain?

30 秒:

不需要。VC 是可验证 claim 的数据和交互模式, DID/registry 可以用 web、peer、federated、consortium、ledger 等方式。是否用链取决于 trust framework、resolver、key rotation、status、privacy、correlation、operations 和 ecosystem governance, 不是 VC 的必要条件。

Q3: AI 在 credential verification 中应该扮演什么角色?

30 秒:

AI 不应做 cryptographic verification 或最终身份结论。验证要由确定性的 verifier service 完成, RP policy engine 决定是否接受。AI 适合做缺口解释、申请预填、证据总结、不一致提示和人工复核辅助, 并且只能使用 source-linked facts。

Q4: 如何控制 AI-inferred attributes?

30 秒:

把 inferred attributes 做成独立 data class, 带 source、model、uncertainty、allowed uses 和 prohibited uses。年龄、身份、企业角色、资格、KYC/KYB 不能用模型推断替代 verified claims。高影响用途必须走 policy approval and human review。

Q5: Wallet-based KYC/KYB 如何落地?

30 秒:

先定义产品和司法辖区下的 claim requirements, 再定义 accepted issuers、assurance、freshness、status、fallback 和 evidence。Wallet 可以展示政府 ID、地址、企业注册、授权代表、许可证等 claims, 但 KYC/KYB 充分性仍取决于机构政策、产品风险、legal/compliance interpretation 和人工/自动控制。

17. Practical Templates

17.1 Use Case Boundary Card

Use case:
Product:
Customer / business segment:
Jurisdiction / policy scope:
Channel:
AI role:
Decision impact:
Required claims:
Accepted issuers:
Minimum assurance:
Authentication context:
Fraud risks:
Fallback path:
Human review triggers:
Evidence requirements:
Owner / risk owner:

17.2 Issuer Trust Registry Entry

Field	Example
issuer_id	`did:web:issuer.example.gov`
issuer_name	Example Government ID Authority
accepted_claim_types	age-over-X, residency jurisdiction
accepted_products	retail onboarding, age-gated feature
assurance_mapping	mapped to internal proofing policy
status_endpoint	status list or issuer status API
key_rotation_process	published and monitored
incident_contact	issuer operations contact
review_cadence	quarterly or event-driven
restrictions	not accepted for income or business ownership

17.3 RP Policy Rule

Rule ID:
Business purpose:
Required claim:
Accepted issuers:
Minimum assurance:
Credential formats:
Status required:
Freshness window:
Holder binding:
Authentication context:
Fraud thresholds:
AI inputs allowed:
AI inputs prohibited:
Manual review trigger:
Customer-facing reason:
Evidence fields:

17.4 Agent Delegation Record

Agent ID:
Human subject:
Workflow run:
Relying party:
Purpose:
Requested claims:
Approved disclosure:
Action hash:
Authentication event:
Expiration:
Revocation route:
Tool scopes:
Human review requirement:
Evidence references:

17.5 Complaint RCA Template

Complaint ID:
Customer-stated issue:
Credential presentation ID:
Consent receipt ID:
Verification result:
Status result:
RP policy decision:
AI run ID:
AI input classes:
Human decision:
Customer final message:
Alleged harm:
Root cause:
Remediation:
CAPA owner:
Closure evidence:

18. Final Operating Principle

这套 playbook 的成熟度可以用一个问题检验:

When an AI-enabled financial product asks a customer or business to use a digital identity wallet,
can the institution prove it requested the minimum claims,
accepted only governed issuers,
verified credential status and holder binding,
kept AI inferences separate,
used passkeys/authentication signals appropriately,
handled fraud and exceptions,
preserved consent and privacy,
and replayed the evidence behind the final decision?

如果答案不清楚, 不是缺一个 wallet SDK。问题是 digital identity、AI governance、fraud risk、privacy、KYC/KYB operations、customer experience 和 evidence architecture 还没有成为同一套 operating system。

AI Digital Identity Wallet / Verifiable Credentials / Trust Playbook

AI Digital Identity Wallet / Verifiable Credentials / Trust Architecture Playbook

0. Disclaimer

1. Executive Framing

1.1 Board / Steering Committee Questions

2. Source Anchors

3. Trust Taxonomy

3.1 Ecosystem Roles

3.2 Information Classes

3.3 Assurance Vocabulary

4. Reference Architecture

5. Decision Gates

Gate 0: Use Case Eligibility

Gate 1: Claim and Issuer Acceptance

Gate 2: Wallet UX and Consent

Gate 3: Verification and RP Policy

Gate 4: Fraud and Abuse

Gate 5: Evidence, Complaints and Lifecycle

6. Required Artifacts

6.1 Claim Minimization Matrix

6.2 AI Identity Data Policy

7. RACI / Operating Model

8. Implementation Roadmap

Days 1-30: Strategy and Control Baseline

Days 31-60: Controlled Pilot

Days 61-90: Scale and Assurance

9. Evidence Pack

10. QA / Eval Scenario Suite

11. Checklists

11.1 Release Checklist

11.2 Wallet UX Checklist

11.3 Relying-Party Policy Checklist

11.4 Agent Delegation Checklist

12. Metrics and KRIs

13. Anti-Patterns

14. Tabletop Scenarios

Scenario 1: Valid Proof, Untrusted Issuer

Scenario 2: Revoked Credential During KYC Refresh

Scenario 3: Agent Over-Disclosure

Scenario 4: Wallet Recovery Followed by High-Risk Application

Scenario 5: KYB Authorized Representative Ambiguity

Scenario 6: Accessibility Failure

15. Portfolio Deliverables

16. Interview Answers

Q1: 如何向高管解释 VC wallet 的价值和边界?

Q2: VC 是否需要 blockchain?

Q3: AI 在 credential verification 中应该扮演什么角色?

Q4: 如何控制 AI-inferred attributes?

Q5: Wallet-based KYC/KYB 如何落地?

17. Practical Templates

17.1 Use Case Boundary Card

17.2 Issuer Trust Registry Entry

17.3 RP Policy Rule

17.4 Agent Delegation Record

17.5 Complaint RCA Template

18. Final Operating Principle