Wallet credentials list
Adding external credentials
Bank Attestation credential created from a DTP
Integrating with Santander demo DTP demo
Login and consent steps

Inspiration

Self-Sovereign Identity is a model of digital identity where individuals and entities alike are in full control over central aspects of their digital identity, including their underlying encryption keys; creation, registration, and use of their decentralized identifiers or DIDs; and control over how their Credentials and related personal data is shared and used.

We are building VIDchain as an ecosystem of components to help companies, citizens and public administrations adopt this paradigm of digital identity management.

One of the pillars of SSI is the need of trusted information, or credentials, coming from authoritative sources. When we learnt about the Digital Trust Protocol initiative we saw that it was a clear enabler that can benefit the whole community.

What it does

By combining SSI with DTP we provide a standard way (using OpenID, a broad adopted protocol for authentication) to request personal data from a trusted source (here the Bank institution).

VIDchain acts as a Relying party that connects the user using DTP with the bank to request for personal information (like the Bank account number).

Once the information has been received by VIDchain, it is stored in the user's wallet and can be shared afterwards, when the user needs to do so, with a third party.

In our case, this digital bank attestation obtained via DTP is then provided to a municipality online service when applying for a Benefit service.

So what we are doing is helping citizens to share data provided by 3rd parties with public administrations in a standard, secure and easy way.

How we built it

We used the provided DTP API and specification to build a DTP client that connects with DTP server to request some information (bank account).

Our VIDchain app relies on 2 components, a mobile app (VIDwallet) and an API server that act as the Relying Party in the DTP Authorization Code Flow

We modified our wallet app (VIDwallet) to initiate the authorization process through our API server against the OpenID Provider.

The app would then redirect the user to the authorization endpoint of the OP and we adapted the app to be able to capture the result and pass it to our API server. The API server would then request the id_token using the authorization code.

At this point we added some logic that was not available on the DTP OP, and we digitally signed the contents of the __id_token __and created a signed Verifiable Credential conforming to W3C specifications.

Challenges we ran into

We ran into many challenges regarding the use of the SDK. Above all, discovering how to correctly sign and include the correct headers in the initiate-authorize request was a struggle. Nevertheless, we could finally overcome it by using node-jose library.

Accomplishments that we are proud of

We are proud of delivering an end-to-end user journey demonstration where a user benefits from obtaining reliable information from a trustworthy source (bank) that later can present in a form of credential to a third party (municipality).

What we learned

Integrating our solution to an external provider tests our integrability. By integrating DTP API and libraries, we learned how to work with an OIDP as a credential issuer using specific claims. Moreover, we got inspired by how DTL manages assertions claims so as to avoid disclosing and preserving personal data unnecessarily.

Last but not least, we believe hackathons are a great opportunity to strengthen teamwork and this has not been an exception.

What's next for VIDchain

Regarding this PoC, we would like to formally include solutions that rely on DTP or other providers like yes.com to add credentials coming from trusted issuers. We would be delighted to have the opportunity to develop this PoC further and provide credentials properly sealed by the bank.

Our roadmap aims to implement PoCs that make use of SSI using our components.