Verifiable credentials (or VCs) are a standard format for the digital representation of credentials (documents that collect attributes about a subject) that are cryptographically secure, verifiable through machines, and that guarantee privacy by enabling methods such as minimum disclosure.
VCs can be used to describe identity credentials, such as academic diplomas, driver’s licenses, passports, insurance cards, vaccination records (and so much more).
Verifiable Credentials are formed by three components:
Credential Metadata: Properties or attributes of the credential that reference the holder (or user), the issuer, associated DIDs, the issue date, and the expiration date.
Claims: A statement about a subject (individual, legal entity, or thing).
Proofs: Cryptographic signatures tied to private keys that prove the user sharing the VC is the subject of the information.
To ensure credentials are shared and interpreted correctly, each of these credentials requires a template.
Below you can see the step-by-step tutorial on how to issue your first credential.
1. Create an Issuance Template
The issuance template is used to verify user information for the issuance of credentials.
When accessing Gataca Studio, you can create a new issuance template from the main dashboard or by clicking “Create issuance template“ in the Issuance templates section.
Issuance ID - Name the issuance template
The first step is to select your issuance template name (Issuance template identifier).
This name will be associated with the issuance process for users, and it will also serve as a reference to the credential the user is requesting when interacting with your platform.
Example:
General configuration
Requester DID
In some cases, you may need to create a DID in the first place (See the tutorial on creating DIDs).
Verifiable Credentials are associated with a specific DID, as the owner or holder of that credential. In an SSI ecosystem, Issuers, Users, and Verifiers are all represented by one or more DIDs. As an issuer, in this section, you will have to select the DID you want to associate with this credential.
Select DID method
This field specifies how to deal with this DID. When reading this part of the DID, computers understand where to go fetch the DID. For example, GATACA’s DID method is denominated "gatc"
You can select between two different DID methods:
EBSI https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/EBSI+DID+Method
GATACA https://github.com/gataca-io/gataca-did-method
QR Code viewing duration - How much time should the user view the QR code?
Amount of time that the user has to scan the QR Code, in seconds.
Usually between one and two seconds.
Consent duration - How much time should my company store and process data shared by users?
Amount of time your company has to store and process data shared by users, in days.
According to the GDPR, the storage limitation principles state that you should keep personal data for as long as the purpose is unfulfilled. Once the data has served its purpose, you should then delete it.
However, this goes beyond data just serving its purpose. If you are collecting data and it is just sitting around, you will need to consider deleting it and stop any further collection of that specific data category.
If your organization is outside the EU, please check with your corresponding data privacy regulations.
Callback
URL de un servicio al que se le notifica mediante una notificación post con los datos de la sesión cuando esta haya sido validada.
Service description - What to include in the service description?
Include briefly all relevant information to
Issuance
Credential Types - How to select the credential type to be issued?
Credential Attributes - What credential attributes include?
Credential Issuance Requirements
Establish the data you will be requesting from your users in order to issue the credential.
Credentials requested - What credentials should I request from the user?
How to select required credentials and optional credentials
Restrictions
Credentials trust level - How to determine which credentials are trusted?
Purpose of credentials requested - How to select the credential purpose
How to create a custom purpose
Security configuration
Add app authentication
Add two-factor authentication