Overview

Holistic Identity gives individuals a 360-degree view of themselves online while keeping them in full control of their identity. It covers the entire process of discovering, collecting, storing, sharing, and monetising personal data in the digital world.

Affinidi Trust Network (ATN)

The Affinidi Trust Network provides tools and services to realise the Holistic Identity vision. It integrates data from multiple trusted sources while preserving data integrity and chain of custody. It also enables users to give consent for data sharing and verifies the identities of all parties involved.

Affinidi Login

Affinidi Login enables passwordless login and a smooth onboarding experience. Learn more about how to integrate it into your application.

Affinidi Vault

Affinidi Vault gives users a secure, complete view of their personal data. It lets them discover, collect, store, share, and monetise data while staying in control. Users can manage consent for data sharing. Learn more about how Affinidi Vault works in this document.

Affinidi Elements

Affinidi Elements is a fully managed tech stack designed for scalable development and secure integration of Affinidi services.

Affinidi Connectors

Affinidi Connectors allow secure integration with various data sources.

Affinidi Concierge

Affinidi Concierge is a personalised AI that manages data based on user values and preferences.

Affinidi Messaging

Affinidi Messaging ensures authenticity in communication between sender and receiver within the Affinidi Trust Network.

Building Blocks of Decentralised Identity

Explore the key concepts that support decentralised identity and power the Affinidi Trust Network to deliver Holistic Identity.

Decentralised Identifier (DID)

A Decentralised Identifier (DID) is a unique digital ID that users create, manage, and store themselves, without relying on a central authority. It uses cryptographic key pairs: a public key for verification and a private key for signing. This ensures both security and authenticity.

DIDs give users self-sovereign identity, allowing them to share verifiable facts securely and privately.

Each Affinidi Vault user receives a DID upon successful registration.

The DID method used by Affinidi Vault is did:key

Verifiable Credentials (VC)

Verifiable Credentials (VCs) are digital attestations that are cryptographically signed and verifiable. They are tamper-evident and trustworthy. VCs can represent identity details such as academic records, employment history, or medical data. Users store and manage VCs in a digital identity wallet like Affinidi Vault.

After account creation, Affinidi issues an Email VC to each user. This credentials is signed by Affinidi and stored in Affinidi Vault. Users can share it with consent.

Affinidi Vault issues VCs using the W3C Data Model. See an example of a Verifiable Credential.


        

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://schema.affinidi.com/EmailV1-0.jsonld"
  ],
  "id": "claimId:63b5d11c0d1b5566",
  "type": [
    "VerifiableCredential",
    "Email"
  ],
  "holder": {
    "id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du"
  },
  "credentialSubject": {
    "email": "non-existant-email@non-existant.com"
  },
  "credentialSchema": {
    "id": "https://schema.affinidi.com/EmailV1-0.json",
    "type": "JsonSchemaValidator2018"
  },
  "issuanceDate": "2024-05-30T19:14:31.964Z",
  "expirationDate": "2025-05-30T19:14:31.964Z",
  "issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
  "proof": {
    "type": "EcdsaSecp256k1Signature2019",
    "created": "2024-05-30T19:14:31Z",
    "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
    "proofPurpose": "assertionMethod",
    "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..FEqEKSPZCHKY9XuCywtOSBzhn1EHRFEle67bfJt-3wUFvMnk9pGmQO52EOCB65WcgXSesCgKasgXZKZOJXbF5A"
  }
}

Verifiable Presentations (VP)

A Verifiable Presentation (VP) is a package of one or more VCs, formatted for sharing with a verifier such as a service provider. The user signs the VP with their private key to prove control over the credentials. VPs allow selective disclosure, so users can share only the necessary information. For example, to prove age at a restricted venue, a user can present a VP with just their birthdate, without revealing other details like nationality or address. Verifiers can then validate the VP cryptographically.

See an example of a Verifiable Presentation.


        

{
  "id": "claimId:123456789",
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "VerifiablePresentation"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://schema.affinidi.com/EmailV1-0.jsonld"
      ],
      "id": "claimId:63b5d11c0d1b5566",
      "type": [
        "VerifiableCredential",
        "Email"
      ],
      "holder": {
        "id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du"
      },
      "credentialSubject": {
        "email": "non-existant-email@non-existant.com"
      },
      "credentialSchema": {
        "id": "https://schema.affinidi.com/EmailV1-0.json",
        "type": "JsonSchemaValidator2018"
      },
      "issuanceDate": "2024-05-30T19:14:31.964Z",
      "expirationDate": "2025-05-30T19:14:31.964Z",
      "issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
      "proof": {
        "type": "EcdsaSecp256k1Signature2019",
        "created": "2024-05-30T19:14:31Z",
        "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
        "proofPurpose": "assertionMethod",
        "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..FEqEKSPZCHKY9XuCywtOSBzhn1EHRFEle67bfJt-3wUFvMnk9pGmQO52EOCB65WcgXSesCgKasgXZKZOJXbF5A"
      }
    }
  ],
  "holder": {
    "id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du"
  },
  "proof": {
    "type": "EcdsaSecp256k1Signature2019",
    "created": "2024-05-30T19:14:32Z",
    "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
    "proofPurpose": "authentication",
    "challenge": "claimId:123456789",
    "domain": "fun.com",
    "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..-cvh9gn7IHrXloPdWShkI4V1Q0ADudHDl2RARCCATVpwMvGqTAiRTSUKfVMdTeTyhoG7Gp7fyH5DW5jJsU1BVA"
  }
}

OpenID for Verifiable Presentations (OID4VP)

OID4VP is an extension of OpenID Connect (OIDC), a standard authentication protocol. It lets users act as their own identity providers, removing the need for third-party services. OID4VP uses the Presentation Exchange protocolto request and present Verifiable Credentials.

It introduces the VP Token, a new token type for transmitting Verifiable Presentations. The token uses the Presentation Exchange protocol within the OIDC claims request parameter. This setup defines credential requirements and helps verifiers process the presented data.

Here is the representation of OID4VP implementation with Affinidi Login and Affinidi Vault to enable passwordless authentication flow.

sequenceDiagram
    actor User
    participant Website
    participant Affinidi Login
    participant Affinidi Vault

    User->>Website: Login to the website
    Website->>Affinidi Login: Trigger authentication flow via OIDC
    Affinidi Login->>Affinidi Vault: Initialise request to the Affinidi Vault with authorisation request
    Affinidi Vault->>User: Show Consent screen to share data
    User->>Affinidi Vault: User confirm consent to share data
    Affinidi Vault->>Affinidi Vault: Generate Verifiable Presentation (VP)
    Affinidi Vault->>Affinidi Login: Redirect to Affinidi Login with the VP Token response
    Affinidi Login->>User: Show loading screen
    Affinidi Login->>Affinidi Login: Generate ID Token from VP Token response
    Affinidi Login->>Website: Return ID Token
    Website->>User: Grant access to the user

Affinidi Login uses the VP Token to generate an ID Token in a standard format. It sends the ID Token to your website to verify the user’s identity.

OpenID for Verifiable Credential Issuance (OID4VCI)

OID4VCI is another extension of the OIDC standard. It allows issuers to provide Verifiable Credentials to Affinidi Vault users using the OAuth 2.0 authorisation flow. This approach benefits from OAuth 2.0’s security and flexibility.

sequenceDiagram
    actor User
    participant Affinidi Vault
    participant Credential Issuance Service

    User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer
    Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token
    Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential
    Credential Issuance Service->>Credential Issuance Service: Validate credential proof
    Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed
    Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential
    Affinidi Vault->>User: Presented the Verifiable Credential
    User->>Affinidi Vault: Accepts the Verifiable Credential
    Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential

The issuer sends a claim link to the user, which includes a Credential Offer URI. This URI is used to obtain an access token and retrieve the credential. The user can choose to accept and store the credential in Affinidi Vault or reject the offer.

What’s Next

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.