Verifiable Credentials
Overview
W3C defines Verifiable Credentials as "Credentials that represent statements made by an issuer in a tamper-evident and privacy-respecting manner.”
The difficulty of expressing digital credentials on the Web poses several challenges in receiving the benefits that physical credentials offer us in the physical world. Moreover, physical credentials pose several challenges including, but not limited to — forgery, they can be lost or damaged, they often disclose more information than is needed and have limited use in the digital space. This is where Verifiable Credentials can add tremendous value.
Verifiable Credentials represent our day-to-day credentials (e.g. Driver's License, University Certificate etc.) as a cryptographically secure, privacy respecting and machine-verifiable digital ID. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.
The Technology
The Verifiable Credentials protocol forms one of the three key pillars of Self-Sovereign Identity along with Decentralized Identifiers and Distributed Ledger Technology.
This optional feature allows the Wallet Server to obtain and manage verifiable credentials for a user using a deployed Hyperledger Aries Cloud Agent.
The verifiable credentials managed by the Wallet Server and its Cloud Agent microservice follow the specifications outlined in this repository: Hyperledger Aries RFCs - Features Section
Key Personas
There are 3 key personas in a typical Verifiable Credential use case:
- Issuer: An entity that creates and issues credentials based on the assertion of certain claims. The Verifiable Credential, once issued, is transferred to a Holder.
- Holder: An entity that receives, holds and shares credentials with the Verifier. The FPX Wallet fulfills the role of a credential Holder within the FPX ecosystem.
- Verifier: Also referred to as the relying party. A Verifier receives and verifies proofs (a digital sharing of all or part of a credential) from holders.
Use Case
Support for Verifiable Credentials has been implemented within the FPX product suite in order to support interaction with new identity management ecosystems being developed by organizations and governments. These ecosystems enable users to send information about themselves to access services securely and more easily, while only revealing the bare minimum amount of information needed.
By enabling Verifiable Credentials, the FPX Wallet Server and its client applications can interact with these ecosystems, and provide the benefits of digital, verified credentials to its users.
Architecture
The green module within the Wallet Server shows the addition made as part of this optional capability. It interfaces with a cloud agent developed by the Hyperledger Foundation in order to facilitate interactions with an external ledger. The cloud agent and ledger also facilitate interactions with external issuers and verifiers that may issue users new verifiable credentials, or ask the users to present a verifiable credential in order to gain access to a service.
The Wallet Server and cloud agent communicate with each other through backchannel HTTP requests. The Wallet Server contacts the cloud agent whenever an operation is requested which involves a connection to another party or involves the ledger.
Impacted Components
The following components inside and outside of the FPX ecosystem are impacted if you choose to implement Verifiable Credentials:
- Internal
- Wallet Server
- Wallet Web UI
- Wallet Mobile Apps - iOS and Android
- External
- Hyperledger Aries Cloud Agent
The subsequent chapters in this section of the guide will focus on: