Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The SSI Kit establishes an identity infrastructure layer for any use case in any industry. Its core services are in the scope of:
Registry Interactions (e.g. read, write; agnostic towards the underlying tech e.g. DLT, DNS)
Key Management (e.g. generate, sign, import, export, manage lifecycle)
Decentralized Identifier (DID) operations (e.g. register, resolve, manage lifecycle)
Verifiable Credential/Presentations (VC, VP) operations (e.g. create, issue, present, verify)
Ecosystem specific use cases (e.g. onboarding, data exchange and monetization)
Illustration:
Important: Please be informed that, beginning from December 2023, the SSI Kit will no longer receive new features. Furthermore, the SSI Kit is planned for discontinuation by the end of Q3 2024. However, all functionalities offered by the SSI Kit will be integrated into our new libraries, APIs, and apps in the walt.id identity repo. Giving you more modularity, flexibility and ease-of-use to build end-to-end digital identity and wallet solutions. Read the transition guide here. For any clarification or queries, feel free to contact us as we aim to make this transition as smooth as possible.
This documentation will help you understand how the SSI Kit works and how you can use it. However, it presumes a certain level of knowledge about Self-Sovereign Identity (SSI) so
if you are already familiar with SSI, you can jump to the introduction of the SSI Kit.
if you are new to SSI, please continue with our introduction to Self-Sovereign Identity.
Signatory allows you to digitize paper credentials and automate data provision to your stakeholders.
It provides all functionality required by “Issuers”. For example:
Process and authenticate data requests by people or organisations,
Import data (from local storage or third parties),
Create re-usable VC templates,
Create VCs in different formats (e.g. JSON/JWT, JSON-LD),
Sign VCs using different key types (e.g. ed25519, secp256K1, RSA),
Manage the lifecycle of VCs (e.g. revocation).
Issue VCs (e.g. via OIDC/SIOP)
Custodian is a secure data hub for people and organizations. It provides all functionality required by “Holders”. For example:
Interact with Registries (read, write)
Create, store, manage keys, data (DIDs, VCs) and other secrets,
Request and import data (VCs) from third parties,
Selectively disclose data (VCs/VPs) for authentication and identification,
Manage consent and data access in a user-centric fashion.
Auditor allows you to verify your stakeholders’ identity data and offer frictionless access to services or products. It provides all functionality required by “Verifiers”. For example:
request data (VCs/VPs) from stakeholders,
verify data (VCs/VPs; incl. integrity, validity, provenance, authenticity),
trigger pre-defined actions following the verification.
The verification steps can be dynamically configured by passing "verification policies" to each verification attempt.
The SSI Kit comes with the following set of built-in verification polices:
SignaturePolicy: Loads or resolves DID, loads public key and verifies the credentials signature.
JsonSchemaPolicy: Validates the credential against the JSON schema.
TrustedSchemaRegistryPolicy: Checks if the JSON schema is anchored in the EBSI Trusted Schema Registry.
TrustedIssuerDidPolicy: Checks if the issuer DID is anchored on the EBSI DID registry.
TrustedIssuerRegistryPolicy: Checks if the issuer got inserted in the EBSI TIR (Trusted Issuer Registry).
TrustedSubjectDidPolicy: Checks if the issuer DID is anchored on the EBSI DID registry.
IssuedDateBeforePolicy: Checks if issued date is in the past.
ValidFromBeforePolicy: Checks if valid-from date is in the past.
ExpirationDateAfterPolicy: Checks if expiration-date is in the futrue.
CredentialStatusPolicy: Checks if credential is revoked based on the credential-status list.
Here are the most important things you need to know about the SSI Kit:
It is written in Kotlin/Java. It can be directly integrated (Maven/Gradle dependency) or run as RESTful web-service. A CLI tool allows you to run all functions manually.
It is open source (Apache 2). You can use the code for free and without strings attached.
It is a holistic solution that allows you to build use cases “end-to-end”. There is no need to research, combine or tweak different libraries to build pilots or production systems.
It abstracts complexity and low-level functionality via different interfaces (CLI, APIs). Additional services facilitate development and integration (e.g. Issuer and Verifier Portals).
It is modular, composable and built on open standards allowing you to customize and extend functionality with your own or third party implementations and to preventing lock-in.
It is flexible in a sense that you can deploy and run it on-premise, in your (multi) cloud environment or as a library in your application.
It enables you to use different identity ecosystems like Europe’s emerging identity ecosystem () in anticipation of a multi-ecosystem future.