VIDcredentials Studio
VIDcredentials Studio is Validated ID SSI (Self-sovereign identity) core component platform. This service can be used for verifiable credentials throughout the entire lifecycle: creation, signature, verification and revocation. VIDcredentials Studio offers:
- Credential Management and Issuance Portal: a web user interface that allows the administrators and operators of an entity to issue credentials, manage their entire life cycle and gather the relevant data to build the audit trail.
- API: A set of APIs for entities to integrate the solution with their technology platforms. API endpoints are published to be consumed on the backend.
This page refers to VIDcredentials Studio portal. To find more information about API integration, see VIDcredentials Studio API integration guide.
Access to VIDcredentials Studio portalβ
Studio allows to define entities and users. Users are related with one or more entities and are assigned an operator or administrator role for each entity.
If you belong to an entity you can request access to VIDcredentials Studio in staging environment for testing purposes. Please contact our Support team by opening a support ticket to request an access credential. Once you have been granted access to the portal, you will be able to log into the portal through VIDwallet.
This authentication mechanism allows passwordless plus a double factor authentication. The user will act as an entity administrator or operator, depending on the previously credential provided as a holder.
Rolesβ
VIDcredentials Studio portal manages user access based on roles. Depending on the role assigned, different actions can be done throught the portal:
Admin:
- Can create Operator credentials for their specific entity (and revoke their access if necessary).
- Can create, consult and revoke other holder credentials for their specific entity.
- Have access to Audit Trails to track changes and events.
- Issue credentials.
- Approve credential requests.
Operator:
- Can create, consult and revoke credentials for their specific entity.
- Issue credentials.
- Approve credential requests.
- Operators are created by Admins.
Credentials Managementβ
It allows to efficiently manage the credentials that provide access to company data, services, systems, networks, and assets in the cloud.
These credentials are role-based and linked to any attribute that demonstrates a condition, such as citizen, consumer, customer, employee, student, holder, insured, patient, adult, large family, etc.
Studio portal also has the functionality to revoke credentials.
An entity can have multiple types of credentials, for example, EducationalID, PatientID or LargeFamily and each credential has a set of attributes. You can have as many attributes as necessary, depending on the use case. The default attributes that a credential has are:
- Credential Issuance ID: unique identifier for issuance process.
- Credential Type: itβs the type of credential.
- Issuer: DID of the issuer.
- Holder: DID of the holder.
- Status: reflects the status of the credential (Created, Issued, Revoked, Issue Requested, etc.)
- Expiration date: credential expiration date.
- Created At: credential creation date.
Depending on the role of the person who interacts with the portal, you will be able to see one piece of information and another:
- Admin: can view and manage credentials of the entity to which he/she belongs.
- Operator: can view and manage credentials of the entity to which he/she belongs.
User Managementβ
VIDcredentials Studio users use credentials to log into the system.
In this section is where VIDcredentials Studio user credentials are managed, that is to say operator or admin users. Additionally, there are a series of roles that define what actions and what permissions each type of user has.
The user-friendly dashboard allows users to manage the entire user credential cycle: provisioning, managing and revoking user credentials.
The attributes that a user credential has by default are:
- Credential Type: itβs the type of credential (for exemple, EducationalID, LargeFamily, Patient, etc.)
- Issuer: DID of the issuer.
- Holder: DID of the holder.
- Created At: credential creation date.
- Entity: entity to which the credential corresponds and to which the user belongs.
- Name: name of the user associated with the credential.
- Role: user associated role, Operator or Administrator (can manage operators of the entity to which he/she belongs).
- LegalId: user Identification (DNI, NIE, etc.)
Issue credentialsβ
This section of the portal allows the issuance of credentials. The operator follows the credential issuance flow that ends when the holder receive it in their wallet.
Before credentials can be issued, the credential types and their corresponding schemas must have been previously defined for the entity. Please contact our Support Team by opening a support ticket to request the definitions of credential types and related schemas.
Identity verification is a fundamental aspect of the credential issuance process. VIDcredentials Studio currently has 3 identification methods which are explained below.
- EmailCredential: The user receives an email with an activation code in the indicated mailbox to verify their identity.
- KYCcredential: VIDcredentials Studio checks the validity of a credential obtained through a KYC (Know Your Customer) mechanism. The identity proof documents used in KYC mechanisms are usually passports, national identity cards or driver's licenses.
- Face2Face: Identity verification is done in person with both people being face to face. A physical document is requested to certify the identity of the person.
As an example, the process for issuing certificates in the case that the authentication method is a mail credential is:
The credential issuance form is completed. The minimum fields required to issue a credential are as follows:
- Email of the Receiver: email of the user, the future credential holder, who will receive the credential
- Credential type: the type of credential (for example, Large Family card). You can define as many credential attributes as needed, depending on the use case.
- Identity verification method: in this case, EmailCredential.
- User Language: language in which the email notification will be received.
- The operator confirms the issuance. Notice that at this time the credential has not yet been created.
- The user receives an email in the specified mailbox
Clicking on the "Get my credential" link will open a QR code that the user will have to scan with VIDwallet.
In fact, this behavior occurs when the process is executed in a cross device model, where more than one device is involved. If the certificate issuance process is carried out from the same device, it is not necessary to scan the QR code, it is transparent for the user.
- The user selects the required credential type. In this case, Email Credential.
- The credential is issued and the holder has to open VIDwallet to receive the credential
It is important to explain that user type credentials are not managed from this section but from the User Management section.
Credential Requestβ
VIDcredentials Studio allows third-party technology platforms to request credential orders via API. Creating the credential will have the same result as if it were created manually. It will also require the approval of an operator.
The Credential Request functional module receives these requests
And the operator will be able to approve it, for the credential to be issued, or reject it.
Once approved, a credential order is generated and the same credential issuance process is followed.
Audit Trailsβ
Audit trail is utilized when the accuracy of an item needs to be verified, as it might be in the case of an audit.
Audit Trail tracks step-by-step change history, determines when a particular event occurred and knows what a specific user action has done. Additionally, the evidence of the event is stored in order to be auditable, which adds more value to the audit record.
These are the events that Audit trails currently controls:
- User Login
- Credential Order Created
- Resend Credential Order Email
- Credential Request Created
- Credential Request Confirmed
- Credential Issued
- Credential Request Document Signed
- Credential Holder Authenticated
- Credential Revocation Requested
- Credential Revoked
- Credential Revocation Failed
- Credential Order Request Deleted
- Credential Migrated
Depending on the role of the person who interacts with the VIDcredentials Studio portal, you will be able to see one piece of information and another:
- Admin: can view the Audit Trail of the entity to which he/she belongs.
- Operator: can not view Audit Trails.