Verifiable Credentials

Hi,
I would like to ask if there is a solution or idea out there about Verifiable Credentials implemented on the IC.

Thanks for any info.

Cheers Roland

Hey @rbole,

It would be great if you could share more details about what you’re thinking about in particular.
Here’s what’s currently happening on the IC as far as I know:

• NFID allows sharing of attributes (verified, that user has a mobile phone number) between dApps, though they don’t use W3C Verifiable Credential data model (yet). CC: @dostro

• The Identity & Authentication WG is currently thinking about a generalized flow of how a user could get attributes issued by a canister and present them to a relying canister in a way that is compatible with Internet Identity. Here, they’ll also explore the applicability of the W3C Verifiable Credential data model.

• Threshold ECDSA (tECDSA) allows canisters to issue W3C Verifiable Credentials that can be verified using standard libraries by relying parties even outside the Internet Computer, i.e. by standard web services or even mobile apps. We just released a Grant RFP that mentions this use case. Furthermore, it should be possible to define a DID method or just a verification method that supports canister signatures. This would allow issuing Verifiable Credentials even without using tECDSA.

Hey,
currently we are building a new online learning platform, unfortunately not on the IC. This platform can also be used for certification. And in order to do so we are going to publish certificates in case of passing the exam. And this certificates we would like to store as a verified credential on the IC, according the W3C standard. So there is a proof of ownership on this particular exam for the participant.

I’m not sure if this will work but I try to find a solution with fits our possibilities and the use case.

Hello!

If you add NFID as the sign in method, you’ll have a method exposed to simply issue the verifiable credential to that user. Other applications the user sign in to can request and verify your credentials just as easily.

When do you need it by?

Hi,
can you explain the difference between the Internet Identity Auth and NFID. We have planed an option for our users to register with the II Auth. So why we should use NFID instead of II Auth?

NFID is built on top of II, which means someone’s anchor could be used to authenticate from either service and generate the same identifier to 3rd party applications (though this will take some effort on the user’s side). Any feature II has is available in NFID, but not the other way around.

There are a few reasons developers like DSCVR and OpenChat have been citing to switch to NFID:

• Higher registration rates
  I’ve heard rates as low as 5-20% (80-95% drop-off) for new II users, especially non-technical people, and ~90-95% registration rate for NFID (most everyone chooses registration and authentication to the anchor via Google).
• Sybil resistance
  The phone credential proof provides devs with sybil resistance in the case of airdrops, token allocations, or governance to protect against duplicate accounts and bots (though I don’t believe this applies to you).
• Wallet support
  We just rolled out the first component of wallet support, wherein users will be able to see all their tokens across all their wallets and principals everywhere on the IC. Later next month, we’ll support users sending transactions to 3rd party apps all through their NFID.

This sounds interesting for me. I’m thinking about this a while, how I can implement something like Verified Credentials to enlarge web2 applications.

I come across this topic because of

https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Verifiable+Credentials+Lifecycle

Haven’t been able to setup NFID for some reason on a few sites. Using a browser with many extensions like adblockers and such probably brakes it somewhere.
No problems with II though.

Hi @rbole , what did you decide in the end for your online learning platform regarding Verifiable Credentials? Any of the suggestions by @domwoe and/or @dostro , or something else? Curious to hear about it. Cheers.

Hi @Mercury, nearly one year ago, we were looking for a solution to store digital education certifications. The solution should be feasible for us in terms of time and resources. That’s why we wanted something existing to have a standard if possible. At this time I found two solutions:

• W3C verified credentials (VC) (Verifiable Credentials Data Model v1.1) and
• OpenBadges (https://openbadges.org/)

We took the W3C approach and later we recognized that EU also took such an approach EBSI W3C Verifiable Credentials (VCs) and W3C Verifiable Presentations (VPs). - EBSI Specifications -.

With this solution we are also GDPR compliant, because we don’t store any personal data into the credential.
So we ended up with the W3C approach but with small modifications the result is a JSON file which contains all the data which we store in a canister on the IC.

The credentials can be verified with our platform or manuell but the last option is not for the normal customer (too complicated). You can export the VVC (veriable verified credential) as PDF and import it into your Apple wallet. With the displayed QR code in the Apple wallet everyone can verify it against the VVC stored on the Internet Computer.

So we ended up with a very cool solution, I think.

This is not a 100% IC solution and for IC maxis not good enough, but as a I have mentioned, we needed a solution that we can deliver in time, because VC plays only a small part in an application like VERIABLE.

Unfortunately, in the end the customer doesn’t care where the certificates are stored because they don’t understand the technology behind it.

This may sound strange at this point, but solutions must also be sellable and especially as a company based in the European Union we have to take care of a loot of regulations in terms of data protection.

Hope that helps, what’s your story ?

Isn’t the identity team working on verifiable credentials?

Indeed, we (identity team) are working on enabling verifiable credentials on the IC, please see https://github.com/dfinity/wg-identity-authentication/blob/main/topics/attribute-sharing.md for a description of the approach, and GitHub - dfinity/internet-identity at vc-mvp for an MVP implementation (wip).

Thanks. When will it be ready for general release and broad marketing?

Hi @rbole, glad to hear your story gave birth to a lovable product.

I totally agree that end-users’ product experience is what matters at the end of day.

Wrt GDPR, the document linked from the Verifiable Credential isn’t residing on your end, only a pointer to this PII document is inside the VC, and that’s how your storage is free from PII, is that so?

Surely someone who knows the basics of cryptology could do the verification themselves, very low percentile though, so I see why you needed to provide the means to handle that.