Identity Verification
Identity Verification is a feature of Affinidi Vault that provides consumers with a method to verify their identity using standard identity documents like Passports. Upon successful verification, it creates a verified identity document using the Verifiable Credential (VC) format (verified identity VC) that consumers can share and reuse for the ID verification process.
With Identity Verification, businesses can request the verified identity document of the consumer during the ID verification process to streamline consumer onboarding into their platform.
How Identity Verification Flow Works
The diagram below details how the Identity Verification flow works using the Affinidi Iota Framework.
sequenceDiagram actor u as User participant app as Website participant iota as Affinidi Iota Framework participant vault as Affinidi Vault participant acq as Affinidi IDV Service participant provider as IDV Provider u ->> app: Subscribe to verified service app ->> iota: Initialise data-sharing request Note over iota: Generate request token<br>with IDV provider claim iota -->> app: Signed request token app ->> vault: Redirect user to start data-sharing flow with signed request token Note over vault: Query stored VC alt verified identity VC not found vault ->> acq: Trigger Identity Verification flow using<br>signed request token + consumer token Note over acq: Check request token and project configuration acq ->> +provider: Initiate session provider -->> -acq: Session URL acq -->> vault: Session URL vault -->> provider: Redirect u ->> provider: Capture self-photo and identity document Note over provider: Process verification provider ->> acq: Verification result webhook Note over acq: Create verified identity VC acq->>vault: verified identity VC Note over vault: Store verified identity VC end vault->>+u: Request for consent to share data u-->>-vault: Allow access to the data vault -->> iota: Generate and send Verifiable Presentation iota -->> app: Verifiable Presentation Note over iota, app: Contains the verified identity VC <br/> shared by the user app ->> u: Continue journey on the website
Identity Verification Flow Highlights:
The website initiates user onboarding through Affinidi Iota Framework and requests the user’s verified identity.
The user unlocks their Affinidi Vault, which queries the local storage to see if the verified identity VC satisfying the Presentation Definition is available; otherwise, it triggers the identity verification flow and creates a session with the Identity Verification provider.
The user completes the verification process by providing a screen capture of their face and supported identity documents like a Passport.
ID verification provider verifies the provided data and sends the verification result to the Affinidi Service.
Affinidi Vault fetches the generated VC from the identity verification and stores it locally.
Affinidi Vault requests user consent to share the verified identity VC to the website.
Once the user consents to share the data, the Affinidi Vault generates the Verifiable Presentation and sends it to the Affinidi Iota Framework.
The website parses the Verifiable Presentation response from the Affinidi Iota Framework and continues the user’s journey.
Note
A failed or incomplete identity verification process will return anaccess_denied response code to the website.Enabling Identity Verification Flow
Identity Verification is currently in Closed Beta. To enable this feature in your project, send us a request through Contact Us form and get your Project ID whitelisted.
To request the user’s verified identity, integrate your website with the Affinidi Iota Framework, a consent-driven data-sharing process. Enabling the identity verification flow requires the following changes:
Create or update an Affinidi Iota Framework configuration using this guide.
Ensure that you select Redirect as the data-sharing mode and check the Enable Identity Verification (IDV) option (only available to specific projects).
Note
Identity Verification is only available using the Redirect mode of Affinidi Iota Framework.After creating the Affinidi Iota Framework configuration with the Identity Verification option enabled, create a Presentation Definition using the following query requesting a Passport document.
The Affinidi Vault checks the query included in the request token of the Affinidi Iota Framework to determine if the Verifiable Credential being requested is a verified identity VC and initiates the Identity Verification flow if the VC is not present.
{
"id": "verified_identity",
"input_descriptors": [
{
"id": "id_document_input",
"name": "Passport",
"constraints": {
"fields": [
{
"path": ["$.issuer", "$.vc.issuer", "$.iss"],
"purpose": "Only accept credentials issued by Affinidi IDV",
"filter": {
"type": "string",
"pattern": "^did:web:idv.affinidi.com$"
}
},
{
"path": [
"$.type"
],
"purpose": "Only accept IDV type VC",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^VerifiedIdentityDocument$"
}
}
},
{
"path": [
"$.type"
],
"purpose": "Only accept IDV supported document",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^Passport$"
}
}
}
]
}
}
]
}Important Note
The verified identity VC generated after successful verification is signed and issued by Affinidi’s DID (did:web:idv.affinidi.com) using the did:web method. Hence, following the Presentation Definition template is essential to request the user’s verified identity VC from the Affinidi Vault.- After setting up the configuration and creating the required query, implement the Affinidi Iota Framework into your website using Redirect mode with this guide.
Supported Documents
Currently, the Identity Verification flow supports the following type of document that users can present during the ID verification process:
Passport - contains information of the user extracted from a Passport document captured during the verification process.
Driver’s License - contains information of the user extracted from a driver’s license ID card captured during the verification process.
Learn how to request any supported documents using the Presentation Definitions from the user’s Affinidi Vault using the Affinidi Iota Framework.
Frequently Asked Questions
What happens if my customer has already been through an ID verification in their Affinidi Vault?
The verified identity VCs are stored in consumer’s Affinidi Vault, allowing them to reuse the credential whenever they need to. This reduces the friction of customers going through the same ID verification process multiple times on different apps, enabling a more seamless onboarding to your service.
How much does Identity Verification cost?
We aim to bring down the cost of ID verification through the power of reusability. Talk to our team about your requirements.
Who is doing the verification?
The ID verification process is currently handled by Veriff. Veriff ID Verification solution has a success rate of 95% on the user’s first try.
What happens if my user is not verified?
If the user is not verified due to technical issues within Affinidi services or technical issues at our Partner’s end - you will not be charged for initiating such verification. You are only charged when a user consents to share data. If the user fails the identity verification (due to abandoning the session or using a fraudulent document), you will receive a
access_deniedresponse code.Metrics on aggregate failure rates and reasons can be tracked in the
Affinidi Portal.How to report an issue?
You may raise the issue using this form or you may reach out to your assigned POC.
Glad to hear it! Please tell us how we can improve more.
Sorry to hear that. Please tell us how we can improve.
Thank you for sharing your feedback so we can improve your experience.