How Affinidi Vault Works
Affinidi Vault allows you to discover, collect, store, share, and monetise your data across different applications while keeping control of your data. When an application requests data from your Affinidi Vault, it displays a consent page to review the requested data and request your consent to allow access to that data.
Decentralised Identifier (DID)
Setting up your Affinidi Vault generates a Decentralised Identifier (DID) using the did:key method. This globally unique identifier represents your digital identity. The DID uses the Public Key Infrastructure (PKI) to sign and verify credentials cryptographically.
The private key associated with the DID signs the generated Verifiable Presentations (VPs) when sharing the data from your Affinidi Vault.
Resolving the DID returns the DID document containing information such as the public key used to cryptographically verify whether the Verifiable Credentials (VCs) shared by the user from their Affinidi Vault are tamper-evident.
DID resolution to retrieve the DID document differs depending on the method used. Below is an example of a valid DID using did:key method:
did:key:zQ3shUUDPVKeLREtiKeg2C6YiPBiqkEQkakDEvfUyoCbkV7pjTip
To view the corresponding DID document, you can use thedid:key above to resolve the value using the DIF Universal Resolver tool online.How user data is stored and protected
Affinidi Vault securely stores your data locally on your device (edge profile) or in the cloud (cloud profile), encrypted using the data encryption key generated from your Affinidi Vault. The data collected from authoritative or trusted sources, including self-attested data, is stored and managed within the Affinidi Vault.
Each piece of data in Affinidi Vault is associated with a profile, which allows you to categorise your data based on different purposes or contexts, such as travel, shopping, or work data.
How to request data from user
The Affinidi Vault uses the presentation definition or PEX query, introduced by the Presentation Exchange protocol, to query the user’s data. This JSON-structured query allows you to define the data requirement the user must share with consent from their Affinidi Vault.
You can request several data points stored in the user’s Affinidi Vault that your application requires to complete a process, such as the user onboarding process.
See the sample PEX query that requests the user’s basic information from their Affinidi Vault:
{
"id": "token_with_identity_fullname_vc",
"input_descriptors": [
{
"id": "profile_name",
"name": "Profile Name",
"purpose": "Check if data contains necessary fields",
"constraints": {
"fields": [
{
"path": [
"$.@context"
],
"purpose": "Verify VC Context",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^https://schema.affinidi.io/profile-template/context.jsonld$"
}
}
},
{
"path": [
"$.type"
],
"purpose": "Verify VC Type",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^ProfileTemplate$"
}
}
},
{
"path": [
"$.credentialSubject.person.givenName"
],
"purpose": "Require first name"
},
{
"path": [
"$.credentialSubject.person.familyName"
],
"purpose": "Require last name"
},
{
"path": [
"$.credentialSubject.person.birthdate"
],
"purpose": "Require birthdate"
}
]
}
}
]
}With the above presentation definition, we request specific data points depending on your application’s requirement from the user with their consent to complete your application’s workflow, like onboarding the user or providing a more personalised experience.
How to share data with consent
At the core of the data-sharing flow, the Affinidi Vault requests consent from the user before sharing the data with the application requesting their data.
The Affinidi Vault queries the user data based on the presentation definition (PEX query) configured in the request and displays the consent screen, which shows the requested data.
The user must consent for your application to access this data or decline the request. If multiple profiles are present in the user’s Affinidi Vault, the user must select which available profiles they want to share the data from.
Once the user consents to share their data, the Affinidi Vault generates the Verifiable Presentation token (VP Token) and shares it with your application to continue a particular flow on your application.
Additionally, the user can select to remember the consent for your application to share the data automatically the next time they visit.
Note
If the presentation definition is modified to remove or add another data point from the request, the consent page will ask the user for consent again.How to manage your Affinidi Vault
Affinidi Vault provides the following features to securely manage, store, and access your data.
Multi-profile management
Affinidi Vault allows you to create different representations of yourself and categorise your data based on various contexts. It enables you to create different profiles containing different data sets that you can use to claim third-party credentials and share this data, depending on who you interact with.
For example, users may represent themselves differently on social platforms than on other platforms, such as e-commerce or online learning sites.
Settings
The Settings page gives you options to manage the setup of your Affinidi Vault, including enabling Biometrics for fast and secure access to your data and backing up or deleting your data.
History
Sharing data from your Affinidi Vault records your consent to various websites, giving you a clear overview and helping you manage your consent.
It contains information like the URL of who requested the data, which profile the data was shared from your Affinidi Vault, the last time you consented to share the data and the details of the shared data with the requester.
What’s next
Glad to hear it! Please tell us how we can improve more.
Sorry to hear that. Please tell us how we can improve.
Thank you for sharing your feedback so we can improve your experience.