GATACA Studio enables you to quickly create customizable verification templates for onboarding and sign-in processes while reducing personal data stored in your infrastructure.
The verification template is the specific configuration of a verification process that defines what data you will require the user to share to enable successful authentication, as well as accepted issuers or trust levels for each credential, the purpose of each request, and other security features.
Once implemented, your users simply scan a QR code on your website, consent only to the required data for identity verification, and they’re in.
Verification templates can be reused among different applications. Creating an Issuance template involves a 4-step process:
1. Create a Verification Template
The issuance template is used to verify user information for the issuance of credentials.
When accessing Gataca Studio, you can create a new verification template from the main dashboard or click New verifier in the verification templates section.
Configuration
Verification template identifier - Name the verification template
The first step is to select your verification template name.
This name will be associated with the verification/authentication process for users.
Example:
Requester DID
By default, a DID has already been created for you (My DID). This DID can be selected for issuing your first issuance template. You can also decide to create a DID first.
Verifiable Credentials are associated with a specific DID as the owner or holder of that credential. In an SSI ecosystem, Issuers, Users, and Verifiers are all represented by one or more DIDs. As a verifier, you will have to select the DID you want to associate with this credential.
QR Code viewing duration - How much time before the QR code expires?
Amount of time available for the user to scan the QR code. After this time, the user will need to reload the page to get a new QR code.
Consent duration - How much time should my company store and process data shared by users?
Amount of time your company has to store and process data shared by users in days.
In Europe, according to the GDPR, the storage limitation principles state that you should keep personal data for as long as the purpose is unfulfilled. Once the data has served its purpose, you should then delete it.
When this time has been reached, the user data will be deleted, and you won’t have any more access to it.
Callback
URL of a service that is notified by a post notification with the session data when the session has been validated.
Service description - What to include in the service description?
Include briefly all relevant information about the service you provide and for which the user is requesting access.
Example:
Credentials
Requested credentials - What credentials should I request from the user?
Establish the data you will be requesting from your users in order to authenticate them.
This data must be necessary for you to verify your user before getting access to your service.
Scroll the list and tick those credentials you want to select, or use the search bar on top.
Example:
How to select required credentials and optional credentials
Required credentials mean that the information is critical to fulfilling the credential issuance. Any other nice-to-have information should be marked as optional.
From the list of credentials that you will be requesting, select those that will be required or will remain optional.
Constraints
Credentials trust level - How to determine which credentials are trusted?
In this section, you will determine the level of trust you require from the requested credentials.
Example:
Credential data agreement - How to select the credential purpose
In this section, you will determine the reason why you are requesting the previously established credentials from your users. This will be shown to your users.
Example:
Security configuration
Security mechanisms that provide extra security features, such as 2FA via biometrics, OTPs, or in-app authentication.
The available security methods will depend on your subscription.
Successful configuration
How to add an issuance template to the API key
Once you reach the end of creating an issuance template, you can select to add this template to an API Key.
When clicking on “Add to API Key“ a list of the available API keys for your templates will open.
If this is your first template, the creation of an API Key will appear instead. Jump to the tutorial on creating an API Key.
Select the API Key you want to associate with the new template created.
Insert the password provided when creating the API Key.
Callback: Insert the URL of a service that is notified by a post notification with the session data when the session has been validated.
2. Create an API Key
If you have already created an API Key, jump to the tutorial on how to test your template in the sandbox.
On the API Keys section, click on “New API Key” and set the basic configuration:
API Key Name
Select the DID associated with the new API Key
Select the credential issuance template you want to associate with this API Key from the SSI Operations dropdown.
You will be presented with the ID and password of the API Key created.
Make sure to store the API key password in a secure place. Once you close this tab, you will not be able to retrieve the password, you will only be able to access the API Key ID in the API keys list.
3. Test it
Once you reach the end of creating a verification template, you can select to add this template to an API Key. Alternatively, on the verification templates list, click on the three dots next to the issuance template you would like to test and select Edit.
Once the issuance template opens, on the top right, click on Try it.
Select the API Key you want to associate with the new template created.
Insert the password provided when creating the API Key.
Callback: Insert the URL of a service that is notified by a post notification with the session data when the session has been validated.
Click the Scan Now button to access the QR Code to join your sandbox and scan it with your wallet. The sandbox will allow you to perform private and secure tests of the platform.
Once the connexion with your sandbox has been successful, click on Generating test.
Scan the QR code generated to start testing.
Your Wallet will then ask for the requested credentials. Consent.
You will then be immediately connected to the service because your identity has been verified.
As a verifier, you will be able to monitor and manage your verified users by clicking on Verified Users in the Verifications section. You can decide to delete a verified user, refusing to accept its access to your platform, by clicking on the bin icon next to the user.
