mirror of
https://github.com/Decentralized-ID/decentralized-id.github.io.git
synced 2024-12-11 00:24:25 -05:00
verifiable credentials breakdown
This commit is contained in:
parent
c6e5095b43
commit
f2b6b27a72
@ -13,6 +13,8 @@ header:
|
|||||||
last_modified_at: 2019-01-11
|
last_modified_at: 2019-01-11
|
||||||
---
|
---
|
||||||
|
|
||||||
|
* [Verifiable Credential API](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITALEBSI/Verifiable+Credential+API)
|
||||||
|
> The Verifiable Credential API provides a Core Service of the EBSI platform providing the capability of creating W3C credentials ready for signing and validating W3C Verifiable Credentials.
|
||||||
* [Government services and digital identity](https://www.eublockchainforum.eu/sites/default/files/research-paper/20180801_government_services_and_digital_identity.pdf) (EUBlockchainForum)
|
* [Government services and digital identity](https://www.eublockchainforum.eu/sites/default/files/research-paper/20180801_government_services_and_digital_identity.pdf) (EUBlockchainForum)
|
||||||
> The theme of this paper is the use of blockchain and distributed ledger technology for government services, and digital identity in relation to those. The scope for the state-of-the-art is global, but conclusions and recommendations focus on the significance and barriers in the European context. We assume general familiarity with blockchain and smart contract technology. For the purposes of this document, the essential features are that a blockchain has no central data controller or storage, and that it is an append-only immutable record store with reliable timestamping. More specific details, such as consensus mechanism, which vary from one blockchain network to another, are omitted.
|
> The theme of this paper is the use of blockchain and distributed ledger technology for government services, and digital identity in relation to those. The scope for the state-of-the-art is global, but conclusions and recommendations focus on the significance and barriers in the European context. We assume general familiarity with blockchain and smart contract technology. For the purposes of this document, the essential features are that a blockchain has no central data controller or storage, and that it is an append-only immutable record store with reliable timestamping. More specific details, such as consensus mechanism, which vary from one blockchain network to another, are omitted.
|
||||||
* [EU BLOCKCHAIN OBSERVATORY AND FORUM—Workshop Report e-Identity](https://www.eublockchainforum.eu/sites/default/files/reports/workshop_5_report_-_e-identity.pdf)
|
* [EU BLOCKCHAIN OBSERVATORY AND FORUM—Workshop Report e-Identity](https://www.eublockchainforum.eu/sites/default/files/reports/workshop_5_report_-_e-identity.pdf)
|
||||||
|
@ -9,7 +9,7 @@ canonical_url: 'https://decentralized-id.com/organizations/identity-foundation/'
|
|||||||
redirect_from:
|
redirect_from:
|
||||||
- organizations/identity-foundation
|
- organizations/identity-foundation
|
||||||
- identity-foundation.html
|
- identity-foundation.html
|
||||||
categories: ["Organizations"]
|
categories: ["Organizations","Identity Foundation (DIF)"]
|
||||||
tags: ["IBM","Microsoft","Jolocom","DIF","Evernym","GS1","Danube Tech","Sovrin Foundation","uPort","Meeco","Transmute"]
|
tags: ["IBM","Microsoft","Jolocom","DIF","Evernym","GS1","Danube Tech","Sovrin Foundation","uPort","Meeco","Transmute"]
|
||||||
|
|
||||||
last_modified_at: 2020-01-15
|
last_modified_at: 2020-01-15
|
||||||
|
@ -7,7 +7,7 @@ excerpt: >
|
|||||||
layout: single
|
layout: single
|
||||||
permalink: organizations/identity-foundation/keri/
|
permalink: organizations/identity-foundation/keri/
|
||||||
canonical_url: 'https://decentralized-id.com/organizations/identity-foundation/keri/'
|
canonical_url: 'https://decentralized-id.com/organizations/identity-foundation/keri/'
|
||||||
categories: ["Web Standards"]
|
categories: ["Identity Foundation (DIF)"]
|
||||||
tags: ["DIF","KERI","DKMI"]
|
tags: ["DIF","KERI","DKMI"]
|
||||||
header:
|
header:
|
||||||
image: /images/keri-header.webp
|
image: /images/keri-header.webp
|
||||||
@ -17,9 +17,6 @@ last_modified_at: 2020-11-22
|
|||||||
|
|
||||||
[Website](https://keri.one) - [Resources](https://keri.one/keri-resources/) - [GitHub](https://github.com/decentralized-identity/keri) - [Identifiers & Discovery WG](https://identity.foundation/working-groups/identifiers-discovery.html)
|
[Website](https://keri.one) - [Resources](https://keri.one/keri-resources/) - [GitHub](https://github.com/decentralized-identity/keri) - [Identifiers & Discovery WG](https://identity.foundation/working-groups/identifiers-discovery.html)
|
||||||
|
|
||||||
This is not actually on any standards track, to my knowledge, but fits better with the standards category than elsewhere.
|
|
||||||
{: .notice}
|
|
||||||
|
|
||||||
* [KEY EVENT RECEIPT INFRASTRUCTURE (KERI) DESIGN](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/KERI_WP_2.x.web.pdf) Samuel M. Smith Ph.D. v2.54 2020/10/22, v1.60 2019/07/03 [[arXiv](https://arxiv.org/abs/1907.02143)]
|
* [KEY EVENT RECEIPT INFRASTRUCTURE (KERI) DESIGN](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/KERI_WP_2.x.web.pdf) Samuel M. Smith Ph.D. v2.54 2020/10/22, v1.60 2019/07/03 [[arXiv](https://arxiv.org/abs/1907.02143)]
|
||||||
> An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI). The primary root-of-trust are self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key-pair. These are self-contained until/unless control needs to be transferred to a new key-pair. In that event an append only chained key-event log of signed transfer statements provides end verifiable control provenance. This makes intervening operational infrastructure replaceable because the event logs may be therefore be served up by ambient infrastructure. End verifiable logs on ambient infrastructure enables ambient verifiability (verifiable by anyone, anywhere, at anytime). The primary key management operation is key rotation (transference) via a novel key pre-rotation scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, the identity controller establishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERLs) for validating events. The security and accountability guarantees of indirect mode are provided by KERIs Agreement Algorithm for Control Establishment (KACE) among a set of witnesses.
|
> An identity system based secure overlay for the Internet is presented. This includes a primary root-of-trust in self-certifying identifiers. It presents a formalism for Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs). They are part of an Autonomic Identity System (AIS). This system uses the design principle of minimally sufficient means to provide a candidate trust spanning layer for the internet. Associated with this system is a decentralized key management infrastructure (DKMI). The primary root-of-trust are self-certifying identifiers that are strongly bound at issuance to a cryptographic signing (public, private) key-pair. These are self-contained until/unless control needs to be transferred to a new key-pair. In that event an append only chained key-event log of signed transfer statements provides end verifiable control provenance. This makes intervening operational infrastructure replaceable because the event logs may be therefore be served up by ambient infrastructure. End verifiable logs on ambient infrastructure enables ambient verifiability (verifiable by anyone, anywhere, at anytime). The primary key management operation is key rotation (transference) via a novel key pre-rotation scheme. Two primary trust modalities motivated the design, these are a direct (one-to-one) mode and an indirect (one-to-any) mode. In the direct mode, the identity controller establishes control via verified signatures of the controlling key-pair. The indirect mode extends that trust basis with witnessed key event receipt logs (KERLs) for validating events. The security and accountability guarantees of indirect mode are provided by KERIs Agreement Algorithm for Control Establishment (KACE) among a set of witnesses.
|
||||||
* [Decentralized key management](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/10-ssi-key-management.pdf) Sam Smith (Manning)
|
* [Decentralized key management](https://raw.githubusercontent.com/SmithSamuelM/Papers/master/whitepapers/10-ssi-key-management.pdf) Sam Smith (Manning)
|
||||||
|
@ -0,0 +1,66 @@
|
|||||||
|
---
|
||||||
|
date: 2020-11-25
|
||||||
|
title: Claims and Credentials Working Group
|
||||||
|
description: Standards and technology that create, exchange, and verify claims and credentials in a decentralized identity ecosystem.
|
||||||
|
excerpt: >
|
||||||
|
Join this group to contribute to the standards and technology that create, exchange, and verify claims and credentials in a decentralized identity ecosystem. For example, a cryptographically verifiable credential that proves an individual has a college degree or is of a certain age. Our members focus on specs that are vendor agnostic and based on industry standards.
|
||||||
|
permalink: organizations/identity-foundation/claims-and-credentials-wg/
|
||||||
|
categories: ["Identity Foundation (DIF)","Web Standards"]
|
||||||
|
tags: ["Verifiable Credentials","Claims and Credentials WG","JSON-LD","Credentials Community Group"]
|
||||||
|
header:
|
||||||
|
image: /images/claims-credentials-header.webp
|
||||||
|
teaser: /images/claims-credentials-teaser.webp
|
||||||
|
last_modified_at: 2020-11-25
|
||||||
|
---
|
||||||
|
|
||||||
|
[DIF - Claims and Credentials Working Group](https://identity.foundation/working-groups/claims-credentials.html) - [GitHub](https://github.com/decentralized-identity/claims-credentials)
|
||||||
|
|
||||||
|
> Join this group to contribute to the standards and technology that create,
|
||||||
|
exchange, and verify claims and credentials in a decentralized identity
|
||||||
|
ecosystem. For example, a cryptographically verifiable credential that
|
||||||
|
proves an individual has a college degree or is of a certain age. Our
|
||||||
|
members focus on specs that are vendor agnostic and based on industry
|
||||||
|
standards.
|
||||||
|
|
||||||
|
## Claims and Credentials WG documentation
|
||||||
|
|
||||||
|
* [C&C WG Charter](https://github.com/decentralized-identity/org/blob/master/Org%20documents/WG%20documents/DIF_CC_WG_charter_v1.pdf)
|
||||||
|
> **Working Group Scope.**
|
||||||
|
> - Claims & Credential Interoperable Formats: Develop interoperable formats for broad adoption around Claim & Credential processes within SSI. These include
|
||||||
|
> - Static Payload Formats like: Verifiable Credential, Verifiable Presentation, CredentialSubject Schemas (building on top of the W3C formats - only if the extension is a requirement by DIF partners, see “out of scope”)
|
||||||
|
> - Data formats that support the communication between one and more participants in regard to Credential processes. For Example: Credential Manifest (Requirements for Issuing a new Credential), Presentation Definition (Requirements for presenting existing proofs, (partial, verifiable) credentials and unverifiable data), Presentation Submission (Response format to a Presentation Definition).
|
||||||
|
> - Documentation of existing formats and protocols that are in use or under active development by existing SSI ecosystems and industry partners. Support in unifying migrating those to more interoperable formats / standards.
|
||||||
|
> - Claims & Credential Taxonomies: There is currently no coordinated effort to align the contexts used in the highly-flexible verifiable credentials format. For example, what is the best way to encode a KYC check, credit score, user consent, or proof of employment?
|
||||||
|
* [CC WG Operating Addendum](https://github.com/decentralized-identity/org/blob/master/Org%20documents/WG%20documents/DIF_CC_WG_Operating_Addendum_V1.pdf)
|
||||||
|
> **Core Principles**
|
||||||
|
> - Work on the request, creation, exchange, and verification of identity credentials or claims in avendor-agnostic manner
|
||||||
|
> - Support the development of DIDs and Verifiable Credentials
|
||||||
|
> - Actively support projects that demonstrate interoperable use-cases within the space of claims andcredentials utilization within self-sovereign identity systems
|
||||||
|
> - Help community members advocate for the mainstream adoption of blockchain identity and credentials.
|
||||||
|
> - Support industry-specific taxonomy development around credentials other identity-centric data formats
|
||||||
|
* [Mailing list](https://dif.groups.io/g/cc-wg) - Develop interoperable formats for broad adoption around Claim & Credential processes within SSI.
|
||||||
|
* [Meeting notes](https://www.notion.so/dif/Claims-and-Credentials-d236ac4366d54c76ba85c2f521c003e0)
|
||||||
|
|
||||||
|
## Specs and Projects
|
||||||
|
|
||||||
|
* [2019 JSON-LD Signature Suite](https://github.com/decentralized-identity/lds-ecdsa-secp256k1-2019.js)
|
||||||
|
* [Ecdsa Secp256k1 Signature 2019](https://w3c-ccg.github.io/lds-ecdsa-secp256k1-2019/) - CCG Draft Community Group Report 08 April 2020
|
||||||
|
* [presentation-exchange](https://github.com/decentralized-identity/presentation-exchange)
|
||||||
|
> Specification that codifies an inter-related pair of data formats for defining proof presentations (Presentation Definition) and subsequent proof submissions
|
||||||
|
(Presentation Submission)
|
||||||
|
* [presentation-request](https://github.com/decentralized-identity/presentation-request)
|
||||||
|
> Requirements Analysis and Protocol Design for a VC Presentation Request Format
|
||||||
|
|
||||||
|
### [Credential Manifest](https://github.com/decentralized-identity/credential-manifest)
|
||||||
|
|
||||||
|
> The DID Credential Manifest is a format that aims to normalize the process of credential acquisition, wherein the issuer is able to describe the requirements the subject or participant in the credential generation process must meet for the issuer to generate the desired credential.
|
||||||
|
|
||||||
|
* [Explainer](https://github.com/decentralized-identity/credential-manifest/blob/master/explainer.md)
|
||||||
|
> Creating trust between DIDs and gaining access to products, services, and systems with DIDs requires the acquisition, generation, and inspection of credentials (DID-signed data objects).
|
||||||
|
|
||||||
|
### [VC JSON Schemas](https://github.com/w3c-ccg/vc-json-schemas)
|
||||||
|
|
||||||
|
> The VC JSON Schema specification aims to provide a standardized mechanism to use JSON Schemas as the data backing for Verifiable Credentials. Though the repository lives in the W3C-CCG, this working group contains key contributors and has a vested interest in contributing to the development of the specification.
|
||||||
|
|
||||||
|
* [Specification](https://w3c-ccg.github.io/vc-json-schemas/)
|
||||||
|
> The [VC_DATA_MODEL](https://www.w3.org/TR/vc-data-model/) specifies the models used for Verifiable Credentials and Verifiable Presentations, and explains the relationships between three parties: issuer, holder, and verifier. A critical piece of infrastructure out of the scope of those specifications is the Credential Schema.
|
@ -15,7 +15,6 @@ redirect_from:
|
|||||||
- web-standards/verifiable-credentials/
|
- web-standards/verifiable-credentials/
|
||||||
- specs-standards/verifiable credentials/
|
- specs-standards/verifiable credentials/
|
||||||
last_modified_at: 2020-11-25
|
last_modified_at: 2020-11-25
|
||||||
toc: true
|
|
||||||
---
|
---
|
||||||
|
|
||||||
> Verifiable credentials (VCs) are the electronic equivalent of the physical credentials that we all possess today, such as: plastic cards, passports, driving licences, qualifications and awards, etc. The data model for verifiable credentials is a World Wide Web Consortium Recommendation, "Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web" published 19 November 2019. - [Wikipedia](https://en.wikipedia.org/wiki/Verifiable_credentials)
|
> Verifiable credentials (VCs) are the electronic equivalent of the physical credentials that we all possess today, such as: plastic cards, passports, driving licences, qualifications and awards, etc. The data model for verifiable credentials is a World Wide Web Consortium Recommendation, "Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web" published 19 November 2019. - [Wikipedia](https://en.wikipedia.org/wiki/Verifiable_credentials)
|
||||||
@ -34,15 +33,12 @@ toc: true
|
|||||||
* [Verifiable Credentials—A Quick Overview](https://vonx.io/safeentry/vcs/) (VonX)
|
* [Verifiable Credentials—A Quick Overview](https://vonx.io/safeentry/vcs/) (VonX)
|
||||||
> The following is a brief overview of the technology underlying SafeEntryBC—Verifiable Credentials. In reading this, think of the process you went through to get an official government document, like a drivers license.
|
> The following is a brief overview of the technology underlying SafeEntryBC—Verifiable Credentials. In reading this, think of the process you went through to get an official government document, like a drivers license.
|
||||||
|
|
||||||
## Verifiable Claims Working Group
|
## Working Groups
|
||||||
|
### Verifiable Claims Working Group
|
||||||
|
|
||||||
* [W3C Verifiable Claims Working Group](https://www.w3.org/2017/vc/WG/)
|
* [W3C Verifiable Claims Working Group](https://www.w3.org/2017/vc/WG/)
|
||||||
* [Verifiable Credentials Data Model 1.0](https://www.w3.org/TR/vc-data-model/)
|
* [Verifiable Credentials Data Model 1.0](https://www.w3.org/TR/vc-data-model/)
|
||||||
> Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.
|
> Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.
|
||||||
* [W3C Verifiable Credentials - Kent Branch](https://www.bcs.org/events/2019/october/w3c-verifiable-credentials-kent-branch/) • [pdf](https://cdn.bcs.org/bcs-org-media/4653/kent-w3c-verifiable-credentials-031019.pdf)
|
|
||||||
> The speaker will introduce the W3C Verifiable Credentials Data Model, which was published as a Proposed Recommendation in September 2019. Verifiable Credentials are the latest development in identity management and are fundamentally different from today's federated identity management systems such as SAML and OpenID Connect.
|
|
||||||
>
|
|
||||||
> David will describe the VC ecosystem and data model. He will then describe the prototype implementation which was built with colleagues from the University of Toulouse. They built a prototype system, which uses Fast Identity Online (FIDO) for user authentication, meaning that usernames and passwords are no longer needed. A pilot application was tested with a small sample of NHS patients and the speaker will present the results of this trial.
|
|
||||||
* [Verifiable Credentials Implementation Guidelines 1.0](https://w3c.github.io/vc-imp-guide/)
|
* [Verifiable Credentials Implementation Guidelines 1.0](https://w3c.github.io/vc-imp-guide/)
|
||||||
> This guide provides some examples and resources for implementing protocols which make use of verifiable credentials, beyond those available in the core specification.
|
> This guide provides some examples and resources for implementing protocols which make use of verifiable credentials, beyond those available in the core specification.
|
||||||
* [W3C Verifiable Claims Working Group Test Suite](https://w3c.github.io/vc-test-suite/)
|
* [W3C Verifiable Claims Working Group Test Suite](https://w3c.github.io/vc-test-suite/)
|
||||||
@ -51,6 +47,22 @@ toc: true
|
|||||||
|
|
||||||
[![](https://i.imgur.com/J2IgVgl.png)](https://www.w3.org/TR/vc-use-cases/)
|
[![](https://i.imgur.com/J2IgVgl.png)](https://www.w3.org/TR/vc-use-cases/)
|
||||||
|
|
||||||
|
### Credentials Community Group
|
||||||
|
|
||||||
|
* [Credentials Community Group](https://www.w3.org/community/credentials/) • [Website](https://w3c-ccg.github.io/) • [Mail archive](http://lists.w3.org/Archives/Public/public-credentials/)
|
||||||
|
> The mission of the Credentials Community Group is to explore the creation, storage, presentation, verification, and user control of credentials. We focus on a verifiable credential (a set of claims) created by an issuer about a subject—a person, group, or thing—and seek solutions inclusive of approaches such as: self-sovereign identity; presentation of proofs by the bearer; data minimization; and centralized, federated, and decentralized registry and identity systems. Our tasks include drafting and incubating Internet specifications for further standardization and prototyping and testing reference implementations.
|
||||||
|
* [w3c-ccg/vc-extension-registry](https://github.com/w3c-ccg/vc-extension-registry)
|
||||||
|
REGISTRY: The Verifiable Credentials Extension Registry - w3c-ccg/vc-extension-registry
|
||||||
|
* [w3c-ccg/edu_occ_verifiable_credentials](https://github.com/w3c-ccg/edu_occ_verifiable_credentials)
|
||||||
|
WORK ITEM: Drafts and Ideas of Educational and Occupational Verifiable Credentials - w3c-ccg/edu_occ_verifiable_credentials
|
||||||
|
* [w3c-ccg/vc-examples](https://github.com/w3c-ccg/vc-examples)
|
||||||
|
WORK ITEM: Verifiable Credentials Examples.
|
||||||
|
|
||||||
|
### Claims and Credentials Working Group
|
||||||
|
|
||||||
|
* [Claims and Credentials Working Group](https://identity.foundation/working-groups/claims-credentials.html) - Decentralized Identity Foundation
|
||||||
|
|
||||||
|
|
||||||
## Literature
|
## Literature
|
||||||
|
|
||||||
* [Verifiable Credential Exchange](https://www.windley.com/archives/2018/12/verifiable_credential_exchange.shtml)
|
* [Verifiable Credential Exchange](https://www.windley.com/archives/2018/12/verifiable_credential_exchange.shtml)
|
||||||
@ -59,6 +71,14 @@ toc: true
|
|||||||
> The proposed solution is able to find credential types based on textual input from the user by using a full-text search engine and maintaining a local copy of the ledger. Thus, we do not need to rely on information about credentials coming from a very large candidate pool of third parties we would need to trust, such as the website of a company displaying its own identifier and a list of issued credentials. We have also proven the feasiblity of the concept by implementing and evaluating a prototype of the full-text credential metadata search service.
|
> The proposed solution is able to find credential types based on textual input from the user by using a full-text search engine and maintaining a local copy of the ledger. Thus, we do not need to rely on information about credentials coming from a very large candidate pool of third parties we would need to trust, such as the website of a company displaying its own identifier and a list of issued credentials. We have also proven the feasiblity of the concept by implementing and evaluating a prototype of the full-text credential metadata search service.
|
||||||
* [Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation](https://www.ndss-symposium.org/wp-content/uploads/diss2019_05_Lagutin_paper.pdf)
|
* [Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation](https://www.ndss-symposium.org/wp-content/uploads/diss2019_05_Lagutin_paper.pdf)
|
||||||
> Abstract—Decentralised identifiers (DIDs) and verifiable credentials (VCs) are upcoming standards for self-sovereign privacypreserving identifiers and authorisation, respectively. This focus on privacy can help improve many services and open up new business models, but using DIDs and VCs directly on constrained IoT devices can be problematic due to the management and resource overhead. This paper presents an OAuth-based method to delegate the processing and access policy management to the Authorisation Server thus allowing also systems with constrained IoT devices to benefit from DIDs and VCs.
|
> Abstract—Decentralised identifiers (DIDs) and verifiable credentials (VCs) are upcoming standards for self-sovereign privacypreserving identifiers and authorisation, respectively. This focus on privacy can help improve many services and open up new business models, but using DIDs and VCs directly on constrained IoT devices can be problematic due to the management and resource overhead. This paper presents an OAuth-based method to delegate the processing and access policy management to the Authorisation Server thus allowing also systems with constrained IoT devices to benefit from DIDs and VCs.
|
||||||
|
* [Improved Identity Management with Verifiable Credentials and FIDO](https://ieeexplore.ieee.org/document/9031543)
|
||||||
|
> We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual model and architecture, and the protocol we used by extending FIDO's UAF in order to provide both strong authentication and strong authorization. We built a pilot implementation for U.K. NHS patients to validate our implementation. Patients were able to use a mobile phone with a fingerprint reader to access restricted NHS sites in order to make and cancel appointments and order repeat prescription drugs. Our initial user trials with 10 U.K. NHS patients found the system to be easy to use, and fingerprints to be preferable to using usernames and passwords for authentication.
|
||||||
|
* [Distributed-Ledger-based Authentication with Decentralized Identifiers and Verifiable Credentials](https://arxiv.org/abs/2006.04754)
|
||||||
|
> Authentication with username and password is becoming an inconvenient process for the user. End users typically have little control over their personal privacy, and data breaches effecting millions of users have already happened several times. We have implemented a proof of concept decentralized OpenID Connect Provider by marrying it with Self-Sovereign Identity, which gives users the freedom to choose from a very large pool of identity providers instead of just a select few corporations, thus enabling the democratization of the highly centralized digital identity landscape. Furthermore, we propose a verifiable credential powered decentralized Public Key Infrastructure using distributed ledger technologies, which creates a straightforward and verifiable way for retrieving digital certificates.
|
||||||
|
* [W3C Verifiable Credentials - Kent Branch](https://www.bcs.org/events/2019/october/w3c-verifiable-credentials-kent-branch/) • [pdf](https://cdn.bcs.org/bcs-org-media/4653/kent-w3c-verifiable-credentials-031019.pdf)
|
||||||
|
> The speaker will introduce the W3C Verifiable Credentials Data Model, which was published as a Proposed Recommendation in September 2019. Verifiable Credentials are the latest development in identity management and are fundamentally different from today's federated identity management systems such as SAML and OpenID Connect.
|
||||||
|
>
|
||||||
|
> David will describe the VC ecosystem and data model. He will then describe the prototype implementation which was built with colleagues from the University of Toulouse. They built a prototype system, which uses Fast Identity Online (FIDO) for user authentication, meaning that usernames and passwords are no longer needed. A pilot application was tested with a small sample of NHS patients and the speaker will present the results of this trial.
|
||||||
* [Addition of Proof Request/Response to a formal Verifiable Credentials specification](https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/verifiable-credentials-proof-request.md)
|
* [Addition of Proof Request/Response to a formal Verifiable Credentials specification](https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/verifiable-credentials-proof-request.md)
|
||||||
> The W3C Verifiable Credentials (hereafter VC) specification does not currently outline how credential data should be requested by a Verifier. This document outlines the approach taken at Workday and proposes it as an addition or companion to the VC spec.
|
> The W3C Verifiable Credentials (hereafter VC) specification does not currently outline how credential data should be requested by a Verifier. This document outlines the approach taken at Workday and proposes it as an addition or companion to the VC spec.
|
||||||
>
|
>
|
||||||
@ -79,48 +99,3 @@ toc: true
|
|||||||
> While a more thorough (and competitive) separation of concerns might slice today’s and tomorrow’s identity systems into more modular and interchangeable parts at many more layers, the diagram used here organizes the space into just three broad divisions, which map roughly to the bottom three in the mapping dominant in the Aries & ToIP communities. For a more detailed and complex mapping, see the forthcoming map by the DIF interoperability working group.
|
> While a more thorough (and competitive) separation of concerns might slice today’s and tomorrow’s identity systems into more modular and interchangeable parts at many more layers, the diagram used here organizes the space into just three broad divisions, which map roughly to the bottom three in the mapping dominant in the Aries & ToIP communities. For a more detailed and complex mapping, see the forthcoming map by the DIF interoperability working group.
|
||||||
* [Interoperability Mapping Exercise](https://github.com/decentralized-identity/interoperability/blob/master/assets/interoperability-mapping-exercise-10-12-20.pdf)
|
* [Interoperability Mapping Exercise](https://github.com/decentralized-identity/interoperability/blob/master/assets/interoperability-mapping-exercise-10-12-20.pdf)
|
||||||
* [creatornader/Decentralized Identity Standards.md](https://gist.github.com/creatornader/c8a20c534d3cf8f65a9b34ce2ad81725)
|
* [creatornader/Decentralized Identity Standards.md](https://gist.github.com/creatornader/c8a20c534d3cf8f65a9b34ce2ad81725)
|
||||||
|
|
||||||
## Adoption
|
|
||||||
|
|
||||||
* [SolidVC : a decentralized framework for Verifiable Credentials on the web](https://dspace.mit.edu/handle/1721.1/121667)
|
|
||||||
> SolidVC is a decentralized Verifiable Credentials platform built with the open protocols of the Web. It is implemented on top of Solid, a Web framework developed at MIT in 2016 that allows decentralized applications to interact with personal user data to provide services in an access controlled environment.
|
|
||||||
* [Blockcerts V3 Proposal - Verifiable Credentials & Decentralized Identifiers](https://community.blockcerts.org/t/blockcerts-v3-proposal-verifiable-credentials-decentralized-identifiers/2221)
|
|
||||||
> As the standards around Verifable Credentials are starting to take form, different favors of "verifiable credentials-like" data structures need to make necessary changes to leverage on the rulesets outlined and constantly reviewed by knowledgeable communities such as the W3C. The purpose of this paper is to identify all of the changes needed for Blockcerts to comply with the Verifiable Credentials (VCs) and Decentralized Identifers (DIDs) standards and to expand upon the additional benefits of using a blockchain in combination with Verifiable Credentials. This paper is meant to act as an explainer in which a formal specification can be created. This paper proposes multiple implementation options for several properties. The intention is that we can engage the Blockcerts / Verifiable Credential communities and see what fts best.
|
|
||||||
* [mattr.global/Verifiable Credential based Authentication via OpenID Connect](https://mattr.global/verifiable-credential-based-authentication-via-openid-connect/)
|
|
||||||
> At MATTR, we’ve been working hard on an exciting opportunity with the Government of British Columbia (BC Gov) in Canada. In June 2019, the BC Gov Verifiable Organisations Network team put out a “Code With Us” development bounty to integrate KeyCloak, their chosen enterprise Identity and Access Management (IAM) solution, with a new W3C standard called Verifiable Credentials. This work led to a solution that enables the use of Verifiable Credentials (VC) as a means of authentication that is interoperable with OpenID Connect (OIDC). We call this work VC-AuthN-OIDC. The output is an adapter that bridges these standards and enables a whole new set of capabilities through a simple extension of most modern IAM solutions.
|
|
||||||
* [Blockstack and Verifiable Credentials - Paris P2P Festival](https://p2p.paris/gen/attADzQJ92rNIv6B3-Blockstack_and_Verifiable_Credentials_-_Paris_P2P_Festival_.pdf)
|
|
||||||
> • Keep auth and smart contracts on-chain\
|
|
||||||
> • Keep encrypted data off-chain\
|
|
||||||
> • Wrap everything in an easy JavaScript API
|
|
||||||
* [IBM Verify Credentials](https://docs.info.verify-creds.com)
|
|
||||||
> With IBM Verify Credentials and our alpha components, you can begin your journey of exploring the benefits of decentralized identity. We have provided an interactive experience centered around the challenge of proving your identity while opening a financial account. Additionally, we will walk you through the development of your first end-to-end decentralized identity solution.
|
|
||||||
* [Verifiable credentials and libp2p](https://discuss.libp2p.io/t/verifiable-credentials-and-libp2p/206)
|
|
||||||
> Hi - we’re looking into libp2p as a network stack for our application and exploring how we could integrate verifiable credentials (https://w3c.github.io/vc-data-model/ 2) infrastructure. A basic use case is that of a node being challenged to provide some specific credential to join the network. The bootstrap node handling the incoming connection should verify the credential with the issuer and complete the connection/bootstrap or terminate it.
|
|
||||||
* [Open Badges are Verifable Credentials](https://nbviewer.jupyter.org/github/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/final-documents/open-badges-are-verifiable-credentials.pdf)
|
|
||||||
> The Blockcerts Open Badges Draft Extension introduced a verifcation method based on those used by Verifable Credentials for the specifc use case of blockchain-anchored credentials. This paper expands that work and proposes a new option that can reside alongside existing Open Badges verifcation methods.
|
|
||||||
* [Workday Credentials & WayTo™ By Workday](https://credentials.workday.com/docs/overview/)
|
|
||||||
> An issuer is any entity that wishes to relinqiush and publicly attest to the veracity of data pertaining to a user. Public attestation comes in the form of a digital signature. When an issuer offers a credential to a user, Workday Credentials cryptographically signs the data in each credential with the issuer's private key before offering it to the user. The signing key's corresponding public key is written to a public ledger and is declared as belonging to the issuer, so that anyone can use that public key to verify the signature embedded in a user's digital credentials and establish trust in a credential's authenticity.
|
|
||||||
|
|
||||||
## Code
|
|
||||||
|
|
||||||
* [Identity.com Verifiable Credential Library](https://www.npmjs.com/package/@identity.com/credential-commons)
|
|
||||||
> This Javascript Library provides functionality around Verifiable Credentials (VC), a W3C standard. Enables Validators to issue, Credential Wallets to verify, filter and Requesters to verify credentials.
|
|
||||||
* [EDCI-Data-Model](https://github.com/european-commission-europass/EDCI-Data-Model)
|
|
||||||
> The European Commission is developing the Europass Digital Credentials Infrastructure (EDCI) – a set of tools, services and software to support the issuance of authentic, tamper-proof digital credentials (such as qualifications and other learning achievements) across Europe. The EDCI is being developed as part of ongoing work to implement the new Europass Framework for supporting transparency of skills and qualifications in Europe.
|
|
||||||
* [gautamdhameja/substrate-verifiable-credentials](https://github.com/gautamdhameja/substrate-verifiable-credentials)
|
|
||||||
> A minimal Substrate runtime for verifiable credentials' issuance and verification.
|
|
||||||
* [bcgov/TheOrgBook](https://github.com/bcgov/TheOrgBook)
|
|
||||||
> A public repository of verifiable claims about organizations. A key component of the Verifiable Organization Network.
|
|
||||||
* [bcgov/vc-authn-oidc](https://github.com/bcgov/vc-authn-oidc)
|
|
||||||
> Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC)
|
|
||||||
|
|
||||||
### Credentials Community Group
|
|
||||||
|
|
||||||
* [Credentials Community Group](https://www.w3.org/community/credentials/) • [Website](https://w3c-ccg.github.io/) • [Mail archive](http://lists.w3.org/Archives/Public/public-credentials/)
|
|
||||||
> The mission of the Credentials Community Group is to explore the creation, storage, presentation, verification, and user control of credentials. We focus on a verifiable credential (a set of claims) created by an issuer about a subject—a person, group, or thing—and seek solutions inclusive of approaches such as: self-sovereign identity; presentation of proofs by the bearer; data minimization; and centralized, federated, and decentralized registry and identity systems. Our tasks include drafting and incubating Internet specifications for further standardization and prototyping and testing reference implementations.
|
|
||||||
* [w3c-ccg/vc-extension-registry](https://github.com/w3c-ccg/vc-extension-registry)
|
|
||||||
REGISTRY: The Verifiable Credentials Extension Registry - w3c-ccg/vc-extension-registry
|
|
||||||
* [w3c-ccg/edu_occ_verifiable_credentials](https://github.com/w3c-ccg/edu_occ_verifiable_credentials)
|
|
||||||
WORK ITEM: Drafts and Ideas of Educational and Occupational Verifiable Credentials - w3c-ccg/edu_occ_verifiable_credentials
|
|
||||||
* [w3c-ccg/vc-examples](https://github.com/w3c-ccg/vc-examples)
|
|
||||||
WORK ITEM: Verifiable Credentials Examples.
|
|
||||||
|
@ -0,0 +1,44 @@
|
|||||||
|
---
|
||||||
|
date: 2020-11-25
|
||||||
|
title: Verifiable Credentials - Adoption
|
||||||
|
description: Companies and organizations adopting verifiable credentials.
|
||||||
|
permalink: /web-standards/w3c/vc-wg/verifiable-credentials/adoption/
|
||||||
|
categories: ["Adoption","Web Standards"]
|
||||||
|
tags: ["Claims and Credentials WG","Verifiable Credentials","Credentials Community Group","VC-WG"]
|
||||||
|
last_updated: 2020-11-25
|
||||||
|
---
|
||||||
|
|
||||||
|
* [Substrate Verifiable Credentials Workshop](https://substrate.dev/substrate-verifiable-credentials/#/) - Learn to build blockchains with Parity Substrate
|
||||||
|
* [Verifiable Credential API](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITALEBSI/Verifiable+Credential+API) CEF Digital Connecting Europe
|
||||||
|
> The Verifiable Credential API provides a Core Service of the EBSI platform providing the capability of creating W3C credentials ready for signing and validating W3C Verifiable Credentials.
|
||||||
|
* [SolidVC : a decentralized framework for Verifiable Credentials on the web](https://dspace.mit.edu/handle/1721.1/121667)
|
||||||
|
> SolidVC is a decentralized Verifiable Credentials platform built with the open protocols of the Web. It is implemented on top of Solid, a Web framework developed at MIT in 2016 that allows decentralized applications to interact with personal user data to provide services in an access controlled environment.
|
||||||
|
* [Blockcerts V3 Proposal - Verifiable Credentials & Decentralized Identifiers](https://community.blockcerts.org/t/blockcerts-v3-proposal-verifiable-credentials-decentralized-identifiers/2221)
|
||||||
|
> As the standards around Verifable Credentials are starting to take form, different favors of "verifiable credentials-like" data structures need to make necessary changes to leverage on the rulesets outlined and constantly reviewed by knowledgeable communities such as the W3C. The purpose of this paper is to identify all of the changes needed for Blockcerts to comply with the Verifiable Credentials (VCs) and Decentralized Identifers (DIDs) standards and to expand upon the additional benefits of using a blockchain in combination with Verifiable Credentials. This paper is meant to act as an explainer in which a formal specification can be created. This paper proposes multiple implementation options for several properties. The intention is that we can engage the Blockcerts / Verifiable Credential communities and see what fts best.
|
||||||
|
* [mattr.global/Verifiable Credential based Authentication via OpenID Connect](https://mattr.global/verifiable-credential-based-authentication-via-openid-connect/)
|
||||||
|
> At MATTR, we’ve been working hard on an exciting opportunity with the Government of British Columbia (BC Gov) in Canada. In June 2019, the BC Gov Verifiable Organisations Network team put out a “Code With Us” development bounty to integrate KeyCloak, their chosen enterprise Identity and Access Management (IAM) solution, with a new W3C standard called Verifiable Credentials. This work led to a solution that enables the use of Verifiable Credentials (VC) as a means of authentication that is interoperable with OpenID Connect (OIDC). We call this work VC-AuthN-OIDC. The output is an adapter that bridges these standards and enables a whole new set of capabilities through a simple extension of most modern IAM solutions.
|
||||||
|
* [Blockstack and Verifiable Credentials - Paris P2P Festival](https://p2p.paris/gen/attADzQJ92rNIv6B3-Blockstack_and_Verifiable_Credentials_-_Paris_P2P_Festival_.pdf)
|
||||||
|
> • Keep auth and smart contracts on-chain\
|
||||||
|
> • Keep encrypted data off-chain\
|
||||||
|
> • Wrap everything in an easy JavaScript API
|
||||||
|
* [IBM Verify Credentials](https://docs.info.verify-creds.com)
|
||||||
|
> With IBM Verify Credentials and our alpha components, you can begin your journey of exploring the benefits of decentralized identity. We have provided an interactive experience centered around the challenge of proving your identity while opening a financial account. Additionally, we will walk you through the development of your first end-to-end decentralized identity solution.
|
||||||
|
* [Verifiable credentials and libp2p](https://discuss.libp2p.io/t/verifiable-credentials-and-libp2p/206)
|
||||||
|
> Hi - we’re looking into libp2p as a network stack for our application and exploring how we could integrate verifiable credentials (https://w3c.github.io/vc-data-model/ 2) infrastructure. A basic use case is that of a node being challenged to provide some specific credential to join the network. The bootstrap node handling the incoming connection should verify the credential with the issuer and complete the connection/bootstrap or terminate it.
|
||||||
|
* [Open Badges are Verifable Credentials](https://nbviewer.jupyter.org/github/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/final-documents/open-badges-are-verifiable-credentials.pdf)
|
||||||
|
> The Blockcerts Open Badges Draft Extension introduced a verifcation method based on those used by Verifable Credentials for the specifc use case of blockchain-anchored credentials. This paper expands that work and proposes a new option that can reside alongside existing Open Badges verifcation methods.
|
||||||
|
* [Workday Credentials & WayTo™ By Workday](https://credentials.workday.com/docs/overview/)
|
||||||
|
> An issuer is any entity that wishes to relinquish and publicly attest to the veracity of data pertaining to a user. Public attestation comes in the form of a digital signature. When an issuer offers a credential to a user, Workday Credentials cryptographically signs the data in each credential with the issuer's private key before offering it to the user. The signing key's corresponding public key is written to a public ledger and is declared as belonging to the issuer, so that anyone can use that public key to verify the signature embedded in a user's digital credentials and establish trust in a credential's authenticity.
|
||||||
|
|
||||||
|
## Code
|
||||||
|
|
||||||
|
* [Identity.com Verifiable Credential Library](https://www.npmjs.com/package/@identity.com/credential-commons)
|
||||||
|
> This Javascript Library provides functionality around Verifiable Credentials (VC), a W3C standard. Enables Validators to issue, Credential Wallets to verify, filter and Requesters to verify credentials.
|
||||||
|
* [EDCI-Data-Model](https://github.com/european-commission-europass/EDCI-Data-Model)
|
||||||
|
> The European Commission is developing the Europass Digital Credentials Infrastructure (EDCI) – a set of tools, services and software to support the issuance of authentic, tamper-proof digital credentials (such as qualifications and other learning achievements) across Europe. The EDCI is being developed as part of ongoing work to implement the new Europass Framework for supporting transparency of skills and qualifications in Europe.
|
||||||
|
* [gautamdhameja/substrate-verifiable-credentials](https://github.com/gautamdhameja/substrate-verifiable-credentials)
|
||||||
|
> A minimal Substrate runtime for verifiable credentials' issuance and verification.
|
||||||
|
* [bcgov/TheOrgBook](https://github.com/bcgov/TheOrgBook)
|
||||||
|
> A public repository of verifiable claims about organizations. A key component of the Verifiable Organization Network.
|
||||||
|
* [bcgov/vc-authn-oidc](https://github.com/bcgov/vc-authn-oidc)
|
||||||
|
> Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC)
|
BIN
images/claims-credentials-header.webp
Normal file
BIN
images/claims-credentials-header.webp
Normal file
Binary file not shown.
After Width: | Height: | Size: 6.8 KiB |
BIN
images/claims-credentials-teaser.webp
Normal file
BIN
images/claims-credentials-teaser.webp
Normal file
Binary file not shown.
After Width: | Height: | Size: 4.5 KiB |
Loading…
Reference in New Issue
Block a user