Introduction

GATACA Decentralized Identity Platform is a blockchain-based digital identity solution that provides Identity and Access Management Services using decentralized identifiers and Verifiable Credentials.

Definitions

GATACA abides to the W3C standards defined by the DID and Verifiable Credentials Community group.

Decentralized Identifiers (DIDs) - globally unique identifiers that do not require a centralized registration authority because they are registered with distributed ledger technology (DLT)

Claim – a statement about an individual, legal entity, or thing.

Credential - A set of one or more claims made by an issuer

Verifiable Credentials (VCs) – digital representations of credentials that are cryptographically secure, privacy respecting, and machine-verifiable. Examples of verifiable credentials include digital employee identification cards, digital birth certificates, and digital educational certificates.

Presentation - a set of one or more claims or verifiable credentials. Presentations are a mean for users to preserve privacy by presenting only partial information of one or more Verifiable Credentials.

Consent - a set of terms of use for each shared claim in a Presentation. 

Subject - A an individual, legal entity, or thing about which claims are made.

Issuer – A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder.

Trusted Authority – A role an entity can perform by attesting to the authenticity and ownership of claims, signing a verifiable credential from these claims, and transmitting the signed verifiable credential to a holder.

Service Provider – A role an entity can perform by providing products or services to Subjects, usually, but not necessarily via Internet.

The SSI ecosystem

The SSI model includes 3 main agents in its ecosystem: Issuers, Users (or Holders), and Verifiers.

  • Issuers: Entities that are authorized to issue specific Identity credentials such as universities (issuing student IDs and academic diplomas), governments (national IDs, driver’s licenses, passports, birth certificates, certificate of car ownership), financial institutions (credit scores), hospitals (medical records), employers (employee cards), etc.

  • Users (holders): Individuals or organizations subject of such Identity credentials (that’s you!). That is, the credential owners who store, manage, and share these credentials through the use of a digital ID Wallet.

  • Verifiers: Verifiers are service providers that require identity verification and authentication for access to their services (ie. banks, retail stores, insurance companies, hospitals, universities, etc). An example of a Verifier is an employer that asks Alice for an authentic Academic Diploma for job qualification.

The Backbone of SSI: DIDs, and VCs and Blockchain

Decentralized computing architectures provide the backbone to SSI technology. DIDs and VCs are two fundamental standards of SSI technology established by the World Wide Web Consortium (W3C). Both concepts, together with blockchain technology, make up the powerhouse of SSI.

A brief intro into DIDs & VCs

In real life and online, users need to identify themselves and do so through identifiers, which can be passport numbers, usernames, emails, telephone numbers, and more. Decentralized Identifiers are just that, decentralized, portable identifiers that are not tied to any centralized registry or identity provider, rather they pertain to the owner or subject and are registered in a Distributed Ledger Technology (DLT) or Blockchain. In an SSI ecosystem, every agent is identified by one or more DIDs; that is, Issuers, Users, and Verifiers are all represented by one or more DIDs. More on DIDs here.

Similarly, Verifiable Credentials (VCs) enable users to finally have trustworthy, tamper-proof, and machine-verifiable digital identity documents. More on VCs here.

The role of Blockchain and Distributed Ledger Technologies (DLTs)

Blockchain/DLTs connect the SSI ecosystem through simple activities: storing DIDs and enabling decentralized public key infrastructures (PKIs). PKIs are composed of a set of cryptographic keys, a public key (stored in the blockchain) tied to a private key (stored by the user on their phone); this setup allows entities to verify the legitimacy and ownership of verifiable credentials. If one sends a credential claiming it was signed (issued) by an Authority, only the Authority’s public key published on the blockchain will verify such signature. Otherwise, it was not the Authority who signed it.

Unlike private keys, public keys are stored in the blockchain enhancing their resistance, resilience, and integrity. The diagram below illustrates the triangle of trust and the components that go along with it.

GATACA SSI Product Suite

GATACA Technology comprises the following components:

GATACA Wallet

GATACA Wallet is a mobile app that helps users manage their decentralized identities, including but not limited to a) the request, receipt and storage of Verifiable Credentials, b) the issuance and storage of consents, and c) the management of access to digital services, including sign up and sign in functions. GATACA wallet allows users to:

  • Create and manage DIDs and associated cryptographic KeyPairs

  • Create, receive and securely store Verifiable Credentials

  • View and manage existing Verifiable Credentials

  • Register in and login to digital services

  • View and manage connected services

  • Revoke access to Verifiable Credentials

  • Back-up and restore the contents of a GATACA Wallet

  • Delete the contents of a GATACA Wallet

GATACA Connect

A product that offers single-sign-on authentication tools for Service Providers to enable the use of GATACA Wallets as an authentication method and to verify the authenticity, integrity and ownership of associated VCs. GATACA Connect allows Service Providers to:

  • Generate a W3C-compliant DID and associated cryptographic Keypair

  • Configure and display a unique QR code per session containing service access requirements pertaining to personal information.

  • Collect VCs from GATACA Wallets and validate cryptographic signatures

  • Validate the authenticity and ownership of a GATACA Wallet and any other second factor authentication

  • Collect, sign and manage users’s consent objects related to the authorized use of users’ personal information.

GATACA Certify

A product for Issuers to create, revoke and attest to the authenticity and ownership of VCs and to transmit those VCs to the subject or delegated holder. GATACA Certify allows Issuers and Trusted Authorities to:

  • Generate an Issuer DID and associated cryptographic KeyPair

  • Create and/or sign VCs and transmit them to the corresponding subject

  • Suspend or revoke VCs

  • View and manage issued and/or signed VCs

GATACA Web Administration Panel

A web-based administration tool to configure and parametrize GATACA Connect and GATACA Certify.

GATACA Backbone

GATACA Backbone is the backend system and infrastructure that offers communication and services with and between the rest of GATACA components. It enables the following functionality:

  • DIDs operations: resolve, register, update DIDs

  • Manage communication with blockchain networks

    • Handle ledger-agnosticity

    • Integration with universal resolver (read-only)

    • Integration with EBSI

  • Manage wallet accounts

    • Handle user wallet enrollment and deletion

    • Handle wallet security aspects

    • Handle sandbox users

  • Handle public catalogs (TIR, TSR, TVR)

    • Manage enrollment of new Service Providers and Issuers and authorization rules

  • Issue basic VCs (email & Device ID) at wallet set up and email/phone upon user demand.

  • Manage notifications to requested DIDs

  • Handle Challenge and DID Authentication