Verifiable credentials (or VCs) are a standard format for the digital representation of credentials (documents that collect attributes about a subject) that are cryptographically secure, verifiable through machines, and that guarantee privacy by enabling methods such as minimum disclosure.
With Gataca Studio, you can create, validate, and digitally sign identity credentials according to W3C standards for global interoperability.
You can easily create credential issuance templates to integrate an issuance process into your website or application.
Below you can see the step-by-step tutorial on how to issue your first credential.
1. Create an Issuance Template
To ensure credentials are shared and interpreted correctly, each of these credentials requires a template.
An issuance template defines an issuance process, including:
What credential type will be used (which in turns defines the type of credential: e.g. a driver’s license, an academic diploma, or a national ID)
Which claims within the credential will be actually issued
What authentication requirements and security constraints are needed for a user to get the credential (e.g. sharing other existing credentials from the Wallet, 2FA)
When accessing Gataca Studio, you can create a new issuance template from the main dashboard or click New issuance in the issuance templates section.
Creating an Issuance template involves a 4-step process:
Step 1: Basic configuration
Issuance ID - Name the issuance template
The first step is to define your issuance template name. We recommend this name to be descriptive of the credential to be issued.
This name will be associated with the issuance process and will serve as the main reference to the process when adding it to API Keys and throughout the platform.
Example: “Employee Card Teachers Template”
Requester DID
In an SSI ecosystem, Issuers, Users, and Verifiers are all represented by one or more DIDs. You will have to select which DID you want to state as the Issuer of this credential.
By default, a DID has already been created for you with alias name “My DID”. This DID can be selected for issuing your first issuance template. You can also decide to create another DID first.
Step 2: Issuance
In this step you define which credential type you want to use and what claims will be actually issued in this process.
If your organization requires a credential type not currently supported in Studio, please reach out and tell us your needs.
Credential Types
All verifiable credentials must declare their type in their template. A credential type defines the content and format of a specific credential. Gataca Studio covers a great number of credential types. New credential types will be added soon.
Depending on the service you provide, select the most appropriate one.
Example: “Employee”
Credential Attributes - What credential attributes should be included?
Credential attributes are claims made about the subject. When selecting a credential Type, Studio will show all available attributes within the schema. Select which attributes will be contained in the credential that you will be issuing.
Example:
Step 3: Requirements
In this step you define which personal information (in the form of verifiable credentials) is necessary for you to verify your user before issuing your credential. Users will need to make sure they have these credentials in their wallet before requesting the issuance of your credential.
Add credentials claims - What credentials should I request from the user?
Select which credentials you require your user to share with you by clicking the button “Add Credential Claims”.
Scroll the list and tick those credentials you want to select, or use the search bar on top.
How to select required credentials and optional credentials
Required credentials mean that the information is critical to fulfilling the credential issuance. Any other nice-to-have information should be marked as optional.
From the list of credentials that you will be requesting, select those that will be required or will remain optional.
Step 4: Constraints
Credential trust level - How to determine which credentials are trusted?
In this section, you will determine if the credentials you request from the user for authentication purposes need to be trusted, that is issued by an Issuer registered in Gataca’s public Issuer registry.
Credential data agreement - How to select the credential purpose
In this section, you will determine the reason why you are requesting the previously established credentials from your users. This will be shown to your users.
Security configuration
In this last section you’ll define the extra security mechanisms, such as 2FA via biometrics, OTPs, or in-app authentication.
The available security mechanisms will depend on your subscription.
Step 5: Successful configuration
Once you finish the configuration of an Issuance Template, you’ll see confirmation that the process has been successfully saved. You are now ready to test your Issuance Template.
If this is your first template, the creation of an API Key will appear . If you already have API Keys, jump to Step 3
2. Create an API Key
An API Key is a unique identifier and authentication key providing access to specific issuance and/or verification templates to your applications calling the Gataca Studio APIs.
Once you reach the end of creating an issuance template, you can select to add this template to an API Key.
On the API Keys section, click on “New API Key” and set the basic configuration:
API Key Name
Select the DID associated with the new API Key
Select the credential issuance template you want to associate with this API Key from the SSI Operations dropdown.
You will be presented with the ID and password of the API Key created.
Make sure to store the API key password in a secure place. Once you close this tab, you will not be able to retrieve the password, you will only be able to access the API Key ID in the API keys list.
3. Test it
Once you reach the end of creating an issuance template, you can select to add this template to an API Key. Alternatively, on the issuance templates list, click on the three dots next to the issuance template you would like to test and select Edit.
Once the issuance template opens, on the top right, click on Try it.
Select the API Key you want to associate with the new template created.
Insert the password provided when creating the API Key.
Callback: Insert the URL of a service that is notified by a post notification with the session data when the session has been validated.
Click the Scan Now button to access the QR Code to join your sandbox and scan it with your wallet. The sandbox will allow you to perform private and secure tests of the platform.
Once the connexion with your sandbox has been successful, click on Generating test.
Scan the QR code generated to start testing.
Your Wallet will then ask for the requested credentials. Consent.
Once you’ve given your consent, you will immediately be connected.
From Gataca Studio, to test a credential issuance template, you can do it from Credential Activity and in the pending section where you can take action to allow or deny the issuance of a specific credential. To issue a credential, click on the green tick and to revoke, click on the red cross.
When deciding to issue a credential when testing, you will need to fill in the information relative to this credential. This user data validation will depend on the type of credential to be issued.
Once the data is filled, click submit.
The credential will now appear under Issued Credentials and in your Wallet.
