Overview

Holistic Identity gives everyone a 360-degree view of themselves online and allows them to remain in complete control of their identity. Holistic Identity encompasses the full spectrum of discovering, collecting, storing, sharing and monetising your personal data in the digital realm.

Holistic Identity - Consumer

Affinidi Trust Network (ATN)

Affinidi Trust Network consists of tools and services to bring the Holistic Identity vision to life. The Affinidi Trust Network integrates data from multiple authoritative sources while ensuring the data’s integrity and its chain of custody. It also enables individuals to provide consent for data sharing while verifying the identities of all parties involved in the transaction.

Affinidi Trust Network

Affinidi Login

Enables a passwordless login and a seamless onboarding experience for users. Learn more about how Affinidi Login works to integrate it on your application.

Affinidi Vault

Empowers individuals with a secure “360-degree view of oneself” to discover, collect, store, share, and monetise data. It enables individuals to control and provide consent for data sharing. Learn more about how Affinidi Vault works in this document.

Affinidi Elements

A fully managed tech stack for scalable development and secure integration of Affinidi services.

Affinidi Connectors

Provides secure integration with various types of data sources.

Affinidi Concierge

A personalised AI that manages data in accordance with user values and preferences.

Affinidi Messaging

Enables authenticity in communication between sender and receiver in the Affinidi Trust Network.

Building Blocks of Decentralised Identity

Familiarise yourself with key concepts that enable decentralised identity and power the Affinidi Trust Network to realise the Holistic Identity vision.

Decentralised Identifier (DID)

Decentralised Identifier (DID) is a unique digital identifier that individuals issue, manage, and store themselves rather than relying on a centralized authority. Central to the DID framework is the use of cryptographic key pairs: a public key that is openly published for verification purposes, and a private key for digital signing that remains confidential, ensuring security and authenticity.

DIDs empower individuals to assert their identity independently, offering a self-sovereign form of identification. This autonomy enables individuals to provide verifiable facts about themselves to others in a secure and privacy-preserving manner, a cornerstone in the evolving landscape of digital interactions and trust.

A DID is assigned to Affinidi Vault user upon their successful registration.

The DID method used by Affinidi Vault is did:key

Verifiable Credentials (VC)

Verifiable Credentials (VCs) is a digital attestations that are cryptographically signed and verifiable, making them tamper-evident and reliable. VCs can represent various facets of an individual’s identity, from academic achievements and employment history to medical records. These credentials place control and privacy squarely in the hands of the individual, who can store and manage them in a digital identity wallet, for instance, Affinidi Vault.

Email VC is issued to Affinidi Vault users after successful account creation and it is signed by Affinidi. These verifiable credentials are stored in the Affinidi Vault and shared with user consent.

Affinidi Vault issues VCs using the W3C Data Model. Example of a Verifiable Credential.

{ "@context": [ "https://www.w3.org/2018/credentials/v1", "https://schema.affinidi.com/EmailV1-0.jsonld" ], "id": "claimId:63b5d11c0d1b5566", "type": [ "VerifiableCredential", "Email" ], "holder": { "id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du" }, "credentialSubject": { "email": "non-existant-email@non-existant.com" }, "credentialSchema": { "id": "https://schema.affinidi.com/EmailV1-0.json", "type": "JsonSchemaValidator2018" }, "issuanceDate": "2024-05-30T19:14:31.964Z", "expirationDate": "2025-05-30T19:14:31.964Z", "issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du", "proof": { "type": "EcdsaSecp256k1Signature2019", "created": "2024-05-30T19:14:31Z", "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du", "proofPurpose": "assertionMethod", "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..FEqEKSPZCHKY9XuCywtOSBzhn1EHRFEle67bfJt-3wUFvMnk9pGmQO52EOCB65WcgXSesCgKasgXZKZOJXbF5A" } }

Verifiable Presentations (VP)

Verifiable Presentations (VPs) is a collection of one or more VCs, packaged in a specific way for presentation to a “verifier” such as a service provider. VPs are digitally signed by the holder (using their private key) to prove control over the included VCs. They allow you to selectively disclose only the relevant information from your VCs, preserving privacy. The verifier can then cryptographically validate the VP. VPs are important as they offer a more secure and privacy-conscious way to prove your identity compared to sharing raw VCs. For example, to prove your age at an age-restricted venue, you can present a VP containing only your birthdate without revealing your nationality or address, as compared to the current method of showing your driver’s license or identification card.

Example of a Verifiable Presentation.

{ "id": "claimId:123456789", "@context": [ "https://www.w3.org/2018/credentials/v1" ], "type": [ "VerifiablePresentation" ], "verifiableCredential": [ { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://schema.affinidi.com/EmailV1-0.jsonld" ], "id": "claimId:63b5d11c0d1b5566", "type": [ "VerifiableCredential", "Email" ], "holder": { "id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du" }, "credentialSubject": { "email": "non-existant-email@non-existant.com" }, "credentialSchema": { "id": "https://schema.affinidi.com/EmailV1-0.json", "type": "JsonSchemaValidator2018" }, "issuanceDate": "2024-05-30T19:14:31.964Z", "expirationDate": "2025-05-30T19:14:31.964Z", "issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du", "proof": { "type": "EcdsaSecp256k1Signature2019", "created": "2024-05-30T19:14:31Z", "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du", "proofPurpose": "assertionMethod", "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..FEqEKSPZCHKY9XuCywtOSBzhn1EHRFEle67bfJt-3wUFvMnk9pGmQO52EOCB65WcgXSesCgKasgXZKZOJXbF5A" } } ], "holder": { "id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du" }, "proof": { "type": "EcdsaSecp256k1Signature2019", "created": "2024-05-30T19:14:32Z", "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du", "proofPurpose": "authentication", "challenge": "claimId:123456789", "domain": "fun.com", "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..-cvh9gn7IHrXloPdWShkI4V1Q0ADudHDl2RARCCATVpwMvGqTAiRTSUKfVMdTeTyhoG7Gp7fyH5DW5jJsU1BVA" } }

OpenID for Verifiable Presentations (OID4VP)

OpenID for Verifiable Presentations (OID4VP) is an extension to the OpenID Connect (OIDC) standard that enables users to be their own identity provider without relying on third-party providers. This extension incorporates the Presentation Exchange protocol, allowing for the request and presentation of verifiable credentials.

With OID4VP, the VP Token is introduced, a new token type for conveying Verifiable Presentations (VPs). It utilizes the Presentation Exchange Protocol from the Decentralized Identity Foundation (DIF) within the OIDC claims request parameter. This integration specifies the credential requirements for applications and assists verifiers in processing the presented credentials.

Here is the representation of OID4VP implementation with Affinidi Login and Affinidi Vault to enable passwordless authentication flow.

sequenceDiagram
    actor User
    participant Website
    participant Affinidi Login
    participant Affinidi Vault

    User->>Website: Login to the website
    Website->>Affinidi Login: Trigger authentication flow via OIDC
    Affinidi Login->>Affinidi Vault: Initialise request to the Affinidi Vault with authorisation request
    Affinidi Vault->>User: Show Consent screen to share data
    User->>Affinidi Vault: User confirm consent to share data
    Affinidi Vault->>Affinidi Vault: Generate Verifiable Presentation (VP)
    Affinidi Vault->>Affinidi Login: Redirect to Affinidi Login with the VP Token response
    Affinidi Login->>User: Show loading screen
    Affinidi Login->>Affinidi Login: Generate ID Token from VP Token response
    Affinidi Login->>Website: Return ID Token
    Website->>User: Grant access to the user

Affinidi Login converts the VP Token into a standard format called ID Token. It sends the ID Token to the website to verify the user’s identity.

OpenID for Verifiable Credential Issuance (OID4VCI)

OpenID for Verifiable Credential Issuance (OID4VCI) is an extension to the OpenID Connect (OIDC) standard that provides the mechanism for Issuers to issue Verifiable Credentials to Affinidi Vault users and obtain the credentials. This extension uses the OAuth 2.0 authorisation flow to obtain authorisation to receive Verifiable Credentials, enabling the issuance process to benefit from the established security and flexibility of the OAuth 2.0 framework.

sequenceDiagram
    actor User
    participant Affinidi Vault
    participant Credential Issuance Service

    User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer
    Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token
    Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential
    Credential Issuance Service->>Credential Issuance Service: Validate credential proof
    Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed
    Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential
    Affinidi Vault->>User: Presented the Verifiable Credential
    User->>Affinidi Vault: Accepts the Verifiable Credential
    Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential

The Issuer sends the claim link to the Affinidi Vault user that contains the Credential Offer URI. The Credential Offer URI is used to get the required access token to retrieve the issued credential. The user can choose to accept the credential and store it in the Affinidi Vault or reject the credential offer.

What’s next

  Set up your Affinidi Vault to get started

  Create a project to integrate your application