ESSIF wallets

ESSIF wallets are applications that follow the European sovereign identity framework and they are responsible for generating the digital identifiers (DID) of users, storing the different verifiable credentials that an issuer could issue and sharing those verifiable credentials with other applications.

Wallets can be used via Web application or any user could install on his smartphone to hold their verifiable credentials. Through these applications a user can possess numerous verifiable credentials that prove certain things such as the identity of this person and also generate a unique digital identifier that could be linked to the verifiable credentials issued by the issuers.

Through these applications, a user can directly interact with different platforms using the OIDC protocol and exchange verifiable credentials or verifiable presentations. A user can be registered on a platform that supports ESSIF wallets without performing a traditional registration/signup on it. In this way the platform will ask the wallet for permission to obtain certain data and users will decide whether to give grants or not. This can speed up the registration process on modern platforms.

Decentralized Identifiers (DIDs)

(DIDs) are a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.). DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. The design enables the controller of a DID to prove control over it without requiring permission from any other party. DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject.

Verifiable credentials

Verifiable credentials are a set of one or more claims made by an issuer. A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. They represent all information that a physical credential (e.g. a diploma, workshop certificate, etc.) represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.

When a verified credential is created, it is shared between issuer and holder (via user’s SSI wallet) through the OIDC4CA protocol. Any ESSIF compliant wallet can be used as a storage application.

Verifiable credential Issuance API & UI

The SSI EduWallets project provides an API for configuring and issuing verifiable credentials. Through API calls the platform that implements it (the issuer) can tweak the settings for the issuance of verifiable credentials and also issue verifiable credentials to the users.

If a learning platform user (within a LMS) finishes e.g. a webinar, workshop, e-learning or course and wants to get a verifiable credential certifying the achievements, the user can click on a provided button inside the GUI to claim the verifiable credential. He is then redirected to the issuance UI where the user chooses which verifiable credential should be issued (if more available).

At the same time a QR code is generated so that it can be scanned through a mobile device within an ESSIF compliant wallet (via mobile app). By scanning the QR code via app the issuance of the verifiable credential will be exchanged in cross-flow. Optionally, by using the web GUI the issuing process can be executed by calling the web wallet.

Once the user accepts the final step to receive the credential, it will be finally stored in his wallet.