Overview
The browser turns itself into the foundation to help your web apps and extensions build self-custody, providing a new dedicated store and APIs. Therefore, you can easily build self-custody apps using two APIs, window.ssi and browser.ssi.
This specification does not provide so-called “wallet” because the store and settings don’t/shouldn’t have the ability to communicate externally.
SSI Store Service
It is an internal, dedicated store for credentials such as secret keys and authorization data. It is protected by an isolated process model and encryption. This service is responsible for executing tasks related to credentials, such as signing/decryption. The separation of concerns ensures a consistent service interface, regardless of where the actual data is stored (e.g., on the file system, a Secure Element (SE), or on separate hardware). It is accessed via internal privileged services in browser.ssi, window.ssi, and browser settings.
browser.ssi
It is a powerful API (in Chrome, it would be named chrome.ssi), bridging tasks related to credentials, such as signing/decryption, between the internal module and user land. It also provides the state of settings while prioritizing privacy and security, allowing users to choose whether to make them open. General web extensions can use this API in their scripts.
window.ssi
It is the most accessible API that is widely published on the web, bridging tasks related to credentials, such as signing/decryption, between the internal module and user land. General web extensions and general web apps can use it anywhere.
Browser setting
It is the user interface to the SSI Store Service, providing key generation and API configuration within the privileged process that differs from general web apps.