Förderjahr 2022 / Projekt Call #17 / ProjektID: 6344 / Projekt: SSI EduWallets
The SSI Edu wallets project focuses on the implementation of a user management system within online platforms through the use of EUDI (European digital identity) wallets, which allows the issuance of verifiable credentials.
The main target of this project is the implementation of a system that allows the use of EUDI wallets within the platforms, which allow users to access these platforms simply by having an identity credential in one of these wallets that comply with European regulations and share it with the specified platform.
The main use case of this implementation is the issuance of verifiable credentials and the verification of the received credentials by the user. The issuance process will be carried out on the different courses that a user complete so when a user completes a course, it can claim a certificate or "verifiable credential" with the data of the user, platform, course and the different skills that the user has acquired in it. This verifiable credential is generated by the platform that implements this system in a standard format defined by the Verifiable Credentials Framework to be easy to verify and impossible to fake.
The VC (Verifiable Credential) will be digitally signed by the private key of the issuer using the Public Key Infrastructure (PKI) so that it cannot be falsified and guarantees that it has been issued by the defined platform to a defined user and also that it has not been altered for no one. Once the credential is created, it is sent to the user's wallet, which will accept or not to receive the credential, and therefore the user can present this VC to any other party in the future.
Also other use case of the implementation is to verify any VC received from a user, since some operations within the platform may require the presentation of a VC. To carry out this process, the platform requests the user's wallet to present a certain type of VC, the user then chooses which VC or VCs want to present and once he accepts, the VC will be shared with the platform, which will carry out a check process to check whether that VC is valid or not.
How does the SSI EduWallets Workflow look like?
The incorporation of the SSI wallet to a platform follows the following process:
- The SSI wallet kit is incorporated in the defined platform to allow the onboarding of SSI wallet users.
- The platform act as an issuer and verifier, the first step is to set a DID (Decentralized Identifier) for the issuer, within the EBSI ecosystem its needed that an TAO (Trusted Accreditation Organizations) allow the platform “issuer” as a Trusted Issuer to issue Verified credentials to the users.
- When the TAO allow the issuer to issue verifiable credentials the accreditation is stored on the ebsi ledger and can be verified later, also the DID generated by the issuer is stored on the ledger.
- The TAO also allow the platform to act as a trusted verifier to verify any VC that the user shares with it.
- Once the user wants a VC from the completed course, the platform will issue a VC with the DID of the user, the DID of the platform, the sign of the issuer and the other fields that compose the VC.
- Through the protocols OIDC/SIOP the issuer exchange the VC with the user wallet, and then the user acepts of reject the VC
- Once the user accept the VC, the user hold in its wallet this credential that can be verify by other party using the EBSI ledger.
Why use SSI (EUDI) Wallets on learning platforms?
This new paradigm over the people identity in the web will solve a lot of problems:
- Privacy: SSI wallets allow users to share only the necessary information to verify a credential without revealing unnecessary personal information. This protects the user's privacy and prevents third parties from collecting and using their data without their consent. Over time, the European Union has been implementing regulations regarding what can or cannot be done with user data like the GDPR. With this new paradigm we will face less GDPR issues in the future.
- Interoperability: SSI wallets support interoperability between different credential issuers and verifiers. This means that users can store all their credentials in one place and share them with different parties without having to create a new identity for each one and also the verifiable credentials follow a standard scheme.
- Decentralized and secure: SSI wallets use decentralized and secure technologies, such as blockchain, to store and manage identity information. This means that the user has complete control over their personal data and can choose to share it only with trusted parties, without the need for intermediaries or centralized databases. The EUDI wallets follow the scheme of the EBSI blockchain infrastructure to store the data,
- Trust and security: SSI wallets use digital signatures and cryptographic techniques to ensure the authenticity and integrity of the credentials. This provides a high level of trust and security for the credential issuer and the verifier.
- Portable and convenient: SSI wallets provide a portable and convenient way to manage and use credentials. Users can access their credentials from any device with an internet connection, making it easy to share them when needed.