How Affinidi Vault Works

Explore Affinidi Vault, which empowers you to discover, collect, store, share, and monetise your data with consent.

Affinidi Vault allows you to discover, collect, store, share, and monetise your data across different applications while keeping control of your data. When an application requests data from your Affinidi Vault, it displays a consent page to review the requested data and request your consent to allow access to that data.

Affinidi Vault Architecture

Decentralised Identifier (DID)

Setting up your Affinidi Vault generates a  Decentralised Identifier (DID) using the did:key method. This globally unique identifier represents your digital identity. The DID uses the Public Key Infrastructure (PKI) to sign and verify credentials cryptographically.

The private key associated with the DID signs the generated Verifiable Presentations (VPs) when sharing the data from your Affinidi Vault.

Affinidi Vault - DID

Resolving the DID returns the DID document containing information such as the public key used to cryptographically verify whether the Verifiable Credentials (VCs) shared by the user from their Affinidi Vault are tamper-evident.

DID resolution to retrieve the DID document differs depending on the method used. Below is an example of a valid DID using did:key method:

did:key:zQ3shUUDPVKeLREtiKeg2C6YiPBiqkEQkakDEvfUyoCbkV7pj

How user data is stored and protected

Affinidi Vault securely stores your data locally on your device (edge profile) or in the cloud (cloud profile), encrypted using the data encryption key generated from your Affinidi Vault. The data collected from authoritative or trusted sources, including self-attested data, is stored and managed within the Affinidi Vault.

Each piece of data in Affinidi Vault is associated with a profile, which allows you to categorise your data based on different purposes or contexts, such as travel, shopping, or work data.

  Read more about multi-profile management.

  Manage Verifiable Credentials (VCs) issued to your Affinidi Vault.

How to request data from user

The Affinidi Vault uses the presentation definition or PEX query, introduced by the  Presentation Exchange protocol, to query the user’s data. This JSON-structured query allows you to define the data requirement the user must share with consent from their Affinidi Vault.

You can request several data points stored in the user’s Affinidi Vault that your application requires to complete a process, such as the user onboarding process.

See the sample PEX query that requests the user’s basic information from their Affinidi Vault:

{ "id": "token_with_identity_fullname_vc", "input_descriptors": [ { "id": "profile_name", "name": "Profile Name", "purpose": "Check if data contains necessary fields", "constraints": { "fields": [ { "path": [ "$.@context" ], "purpose": "Verify VC Context", "filter": { "type": "array", "contains": { "type": "string", "pattern": "^https://schema.affinidi.io/profile-template/context.jsonld$" } } }, { "path": [ "$.type" ], "purpose": "Verify VC Type", "filter": { "type": "array", "contains": { "type": "string", "pattern": "^ProfileTemplate$" } } }, { "path": [ "$.credentialSubject.person.givenName" ], "purpose": "Require first name" }, { "path": [ "$.credentialSubject.person.familyName" ], "purpose": "Require last name" }, { "path": [ "$.credentialSubject.person.birthdate" ], "purpose": "Require birthdate" } ] } } ] }

With the above presentation definition, we request specific data points depending on your application’s requirement from the user with their consent to complete your application’s workflow, like onboarding the user or providing a more personalised experience.

  Read more about Presentation Definition (PEX Query).

  Manage and request claimed credentials.

At the core of the data-sharing flow, the Affinidi Vault requests consent from the user before sharing the data with the application requesting their data.

The Affinidi Vault queries the user data based on the presentation definition (PEX query) configured in the request and displays the consent screen, which shows the requested data.

The user must consent for your application to access this data or decline the request. If multiple profiles are present in the user’s Affinidi Vault, the user must select which available profiles they want to share the data from.

GIFAffinidi Vault - Share Credential

Once the user consents to share their data, the Affinidi Vault generates the Verifiable Presentation token (VP Token) and shares it with your application to continue a particular flow on your application.

Additionally, the user can select to remember the consent for your application to share the data automatically the next time they visit.

  Categorise your data in Affinidi Vault with multi-profile.

  Manage and request claimed credentials.

How to manage your Affinidi Vault

Affinidi Vault provides the following features to securely manage, store, and access your data.

Multi-profile management

Affinidi Vault allows you to create different representations of yourself and categorise your data based on various contexts. It enables you to create different profiles containing different data sets that you can use to claim third-party credentials and share this data, depending on who you interact with.

For example, users may represent themselves differently on social platforms than on other platforms, such as e-commerce or online learning sites.

GIFAffinidi Vault - Create Profile

  Read more about multi-profile management.

Settings

The Settings page gives you options to manage the setup of your Affinidi Vault, including enabling Biometrics for fast and secure access to your data and backing up or deleting your data.

Affinidi Vault - Settings

  Explore the available options in the Affinidi Vault settings page.

History

Sharing data from your Affinidi Vault records your consent to various websites, giving you a clear overview and helping you manage your consent.

It contains information like the URL of who requested the data, which profile the data was shared from your Affinidi Vault, the last time you consented to share the data and the details of the shared data with the requester.

Vault Consent History

What’s next

  Verify user’s identity using standard identity documents

  Request data from your users with their consent