Overview
Holistic Identity gives everyone a 360-degree view of themselves online and allows them to remain in complete control of their identity. Holistic Identity encompasses the full spectrum of discovering, collecting, storing, sharing and monetising your personal data in the digital realm.
Affinidi Trust Network (ATN)
Affinidi Trust Network consists of tools and services to bring the Holistic Identity vision to life. The Affinidi Trust Network integrates data from multiple authoritative sources while ensuring the data’s integrity and its chain of custody. It also enables individuals to provide consent for data sharing while verifying the identities of all parties involved in the transaction.
Affinidi Login
Enables a passwordless login and a seamless onboarding experience for users. Learn more about how Affinidi Login works to integrate it on your application.
Affinidi Vault
Empowers individuals with a secure “360-degree view of oneself” to discover, collect, store, share, and monetise data. It enables individuals to control and provide consent for data sharing. Learn more about how Affinidi Vault works in this document.
Affinidi Elements
A fully managed tech stack for scalable development and secure integration of Affinidi services.
Affinidi Connectors
Provides secure integration with various types of data sources.
Affinidi Concierge
A personalised AI that manages data in accordance with user values and preferences.
Affinidi Messaging
Enables authenticity in communication between sender and receiver in the Affinidi Trust Network.
Building Blocks of Decentralised Identity
Familiarise yourself with key concepts that enable decentralised identity and power the Affinidi Trust Network to realise the Holistic Identity vision.
Decentralised Identifier (DID)
Decentralised Identifier (DID) is a unique digital identifier that individuals issue, manage, and store themselves rather than relying on a centralized authority. Central to the DID framework is the use of cryptographic key pairs: a public key that is openly published for verification purposes, and a private key for digital signing that remains confidential, ensuring security and authenticity.
DIDs empower individuals to assert their identity independently, offering a self-sovereign form of identification. This autonomy enables individuals to provide verifiable facts about themselves to others in a secure and privacy-preserving manner, a cornerstone in the evolving landscape of digital interactions and trust.
A DID is assigned to Affinidi Vault user upon their successful registration.
The DID method used by Affinidi Vault is
did:key
Verifiable Credentials (VC)
Verifiable Credentials (VCs) is a digital attestations that are cryptographically signed and verifiable, making them tamper-evident and reliable. VCs can represent various facets of an individual’s identity, from academic achievements and employment history to medical records. These credentials place control and privacy squarely in the hands of the individual, who can store and manage them in a digital identity wallet, for instance, Affinidi Vault.
Email VC is issued to Affinidi Vault users after successful account creation and it is signed by Affinidi. These verifiable credentials are stored in the Affinidi Vault and shared with user consent.
Affinidi Vault issues VCs using the W3C Data Model. Example of a Verifiable Credential.
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.affinidi.com/EmailV1-0.jsonld"
],
"id": "claimId:63b5d11c0d1b5566",
"type": [
"VerifiableCredential",
"Email"
],
"holder": {
"id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du"
},
"credentialSubject": {
"email": "non-existant-email@non-existant.com"
},
"credentialSchema": {
"id": "https://schema.affinidi.com/EmailV1-0.json",
"type": "JsonSchemaValidator2018"
},
"issuanceDate": "2024-05-30T19:14:31.964Z",
"expirationDate": "2025-05-30T19:14:31.964Z",
"issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
"proof": {
"type": "EcdsaSecp256k1Signature2019",
"created": "2024-05-30T19:14:31Z",
"verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
"proofPurpose": "assertionMethod",
"jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..FEqEKSPZCHKY9XuCywtOSBzhn1EHRFEle67bfJt-3wUFvMnk9pGmQO52EOCB65WcgXSesCgKasgXZKZOJXbF5A"
}
}
Verifiable Presentations (VP)
Verifiable Presentations (VPs) is a collection of one or more VCs, packaged in a specific way for presentation to a “verifier” such as a service provider. VPs are digitally signed by the holder (using their private key) to prove control over the included VCs. They allow you to selectively disclose only the relevant information from your VCs, preserving privacy. The verifier can then cryptographically validate the VP. VPs are important as they offer a more secure and privacy-conscious way to prove your identity compared to sharing raw VCs. For example, to prove your age at an age-restricted venue, you can present a VP containing only your birthdate without revealing your nationality or address, as compared to the current method of showing your driver’s license or identification card.
Example of a Verifiable Presentation.
{
"id": "claimId:123456789",
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"type": [
"VerifiablePresentation"
],
"verifiableCredential": [
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://schema.affinidi.com/EmailV1-0.jsonld"
],
"id": "claimId:63b5d11c0d1b5566",
"type": [
"VerifiableCredential",
"Email"
],
"holder": {
"id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du"
},
"credentialSubject": {
"email": "non-existant-email@non-existant.com"
},
"credentialSchema": {
"id": "https://schema.affinidi.com/EmailV1-0.json",
"type": "JsonSchemaValidator2018"
},
"issuanceDate": "2024-05-30T19:14:31.964Z",
"expirationDate": "2025-05-30T19:14:31.964Z",
"issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
"proof": {
"type": "EcdsaSecp256k1Signature2019",
"created": "2024-05-30T19:14:31Z",
"verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
"proofPurpose": "assertionMethod",
"jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..FEqEKSPZCHKY9XuCywtOSBzhn1EHRFEle67bfJt-3wUFvMnk9pGmQO52EOCB65WcgXSesCgKasgXZKZOJXbF5A"
}
}
],
"holder": {
"id": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du"
},
"proof": {
"type": "EcdsaSecp256k1Signature2019",
"created": "2024-05-30T19:14:32Z",
"verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
"proofPurpose": "authentication",
"challenge": "claimId:123456789",
"domain": "fun.com",
"jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..-cvh9gn7IHrXloPdWShkI4V1Q0ADudHDl2RARCCATVpwMvGqTAiRTSUKfVMdTeTyhoG7Gp7fyH5DW5jJsU1BVA"
}
}
OpenID for Verifiable Presentations (OID4VP)
OpenID for Verifiable Presentations (OID4VP) is an extension to the OpenID Connect (OIDC) standard that enables users to be their own identity provider without relying on third-party providers. This extension incorporates the Presentation Exchange protocol, allowing for the request and presentation of verifiable credentials.
With OID4VP, the VP Token
is introduced, a new token type for conveying Verifiable Presentations (VPs). It utilizes the Presentation Exchange Protocol from the Decentralized Identity Foundation (DIF) within the OIDC claims request parameter. This integration specifies the credential requirements for applications and assists verifiers in processing the presented credentials.
Here is the representation of OID4VP implementation with Affinidi Login and Affinidi Vault to enable passwordless authentication flow.
sequenceDiagram actor User participant Website participant Affinidi Login participant Affinidi Vault User->>Website: Login to the website Website->>Affinidi Login: Trigger authentication flow via OIDC Affinidi Login->>Affinidi Vault: Initialise request to the Affinidi Vault with authorisation request Affinidi Vault->>User: Show Consent screen to share data User->>Affinidi Vault: User confirm consent to share data Affinidi Vault->>Affinidi Vault: Generate Verifiable Presentation (VP) Affinidi Vault->>Affinidi Login: Redirect to Affinidi Login with the VP Token response Affinidi Login->>User: Show loading screen Affinidi Login->>Affinidi Login: Generate ID Token from VP Token response Affinidi Login->>Website: Return ID Token Website->>User: Grant access to the user
Affinidi Login converts the VP Token into a standard format called ID Token
. It sends the ID Token to the website to verify the user’s identity.
OpenID for Verifiable Credential Issuance (OID4VCI)
OpenID for Verifiable Credential Issuance (OID4VCI) is an extension to the OpenID Connect (OIDC) standard that provides the mechanism for Issuers to issue Verifiable Credentials to Affinidi Vault users and obtain the credentials. This extension uses the OAuth 2.0 authorisation flow to obtain authorisation to receive Verifiable Credentials, enabling the issuance process to benefit from the established security and flexibility of the OAuth 2.0 framework.
sequenceDiagram actor User participant Affinidi Vault participant Credential Issuance Service User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential Credential Issuance Service->>Credential Issuance Service: Validate credential proof Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential Affinidi Vault->>User: Presented the Verifiable Credential User->>Affinidi Vault: Accepts the Verifiable Credential Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential
The Issuer sends the claim link to the Affinidi Vault user that contains the Credential Offer URI. The Credential Offer URI is used to get the required access token to retrieve the issued credential. The user can choose to accept the credential and store it in the Affinidi Vault or reject the credential offer.
What’s next
Glad to hear it! Please tell us how we can improve more.
Sorry to hear that. Please tell us how we can improve.
Thank you for sharing your feedback so we can improve your experience.