Verifable Credentials (VC)

A verifiable credential is a digital file that contains one or more key-value claims (e.g., birth date, name, qualifications, gender, citizenship, etc.) about an entity (the subject), issued by another entity (the issuer), and is verifiable by any entity (the verifier).

We are building and maintaining a public library of VCs that is aimed to incorporate VCs designed for and used in real use cases across Latin America and the Caribbean in areas such as education, health, energy, public administration services, and land registry, among others. This library is in the domain https://www.lacchain.net/credentials/library/{type}/{hash}/{version} and the VCs are also stored in the LACChain Github and in the LACChain IPFS nodes. Verifiable Presentations also need to be verifiable because the recipient must be able to assume that a legitimate credential holder is consenting to share that presentation with them. The mechanism is exactly the same as for Verifiable Credentials, i.e. a «proof» attribute in the VerifiablePresentation object.

Schemas Repository

Each type of Verifiable Credential (VC) follows the basic scheme proposed by the W3C that defines the fields and data types. Similarly, it is possible to extend the proposed standard through schemes that define the new fields within a specific type of credential.

The schema of a VC is a JSON-LD file that describes the fields that the credential can contain, and the credential must point to that file through the «@context» field. Therefore, the JSON-LD file associated with the credential schema must exist in a public place where it can be accessed for later validation. Within the identity stack and with the purpose of maintaining a control of credential types, LACChain has created a LACChain Credential Repository where any entity can register its type of credential along with the associated schema for later publication within the registry that is located at https://id.lacchain.net

Verification Process

The LACChain ID Stack comes with the LACChain Verification Process that is presented in this section, which allows any verifier entity to accomplish diligent electronic verifications of digital credentials presented to them by holders.

The process of verification consists in six steps:

  1. Verification of the digital wallet as an electronic service used by the subject
  2. Verification of the validity of the credential
  3. Verification of the status of the credential
  4. Verification of the issuer
  5. Verification of the presenter
  6. Verification of the claims

 

At LACChain we have proposed that the entire verification process described above be carried out in an on-chain way, that is, using smart contracts based on EIP-712 and EIP-1812 for credential signatures and on-chain claims verification, respectively. One of the proofs of concept has been developed for the issuance of LACChain Academy academic credentials.

Exchange Protocol

Currently, there are not many solutions for the exchange of credentials, some proposals consist of exchange protocols over the internet (see DIDComm). At LACChain we have developed an ad-hoc solution for the exchange of Verifiable Credentials, exposing a REST API as an SMTP mail service.

The LACChain Mailbox is a secure and private system for the exchange of messages, VCs, and VPs. It is a controlled by a centralized service that allows entities identified using DIDs to send and receive messages that are stored encrypted in a secure database.

Authentication Protocols

In order to access a digital service, we use an authentication method based on OpenID Connect proposed by KayTrust called DIDConnect. This mechanism makes use of DIDs to perform the authentication. DID Connect introduces the usage of DID and Verifiable Credentials (VCs), which is a decentralized mechanism that allows the client to verify the identity of the user. The proposed authentication flows, together with the Diagrams, are described in the Authentication to Service Repository.

On-chain TLs, PKDs, roots of trust, and trust frameworks

The verification process of a VC consists of validating its proofs using cryptographic algorithms, ensuring that it has not been altered in any way. However, within this process nothing guarantees that another entity can issue a similar and fully valid credential. This last point is where it is necessary to define a Root-of-Trust mechanism that allows verifying which entities have the «authorization» to issue certain types of credentials, thus avoiding that they may be impersonated.

There are currently different centralized solutions to solve this problem, such as: Trusted List (TL) and Public Key Directories (PKD). LACChain has defined a form of Decentralized Root-of-Trust, making use of the same concepts but through Smart Contracts, with which TLs and PKDs can be deployed, and associated with the verification process of a VC.

Copyright 2022 © All rights Reserved. Designed by LACNet