1 of 10

Velocity

Intro to Velocity Network

Velocity Network Foundation

Velocity NetworkTM is a public permissioned distributed network, based on a permissioned version of the Ethereum Blockchain utilizing Hyperledger Besu. Operating a node and writing to the Velocity Ledger requires permission from the Velocity Network FoundationR.

The following data is stored on chain:

organization metadata - DID, profile, endpoint
credential metadata (encrypted) - ID, type, public key, revocation status
verification voucher transactions
credential types and schemas

Network participants

High level

Holder - a person that holds the credential on behalf of the subject (themselves or another person)
Issuer - an organization that creates and issues credentials
- first party issuer - an entity that can directly attest to the claims within the credential
- notary issuer - an entity that can evaluate evidence to attest to the claims within the credential
Relying Party - an entity that requests and verifies credentials from a Holder

Low level

Wallet Provider (Holder App Provider) - an organization offering digital wallets to be used by Holders
Credential Agent Operator - an organization operating a credential agent
- Agent - an interface to the network used by organizations (Issuer, Relying Party, Holder) - call contracts, retrieve account states - form the 'layer-2' network
  - Tenant - an organization’s delegate on which behalf the agent is acting
Node Operator - an organization operating a node
- Node - a participant on the network holding copies of the underlying ledger
  - Members (Stewards) - read-only nodes with limited data access that forward write operations to Validators
  - Validators - full-write permission nodes that participate in consensus
Velocity Network Registrar - a set of centralized services that are used for administering the accredited organizations and credential types on the Network
Credits hub - a module where Velocity credits are administered and credit reward transactions can be executed
Voucher hub - a module where Velocity vouchers are administered and top up transactions can be executed
The ledger - the distributed blockchain-based, continuously-replicated, global cryptographic database maintained by Stewards operating nodes communicating with the Velocity consensus protocol

Workflows

Issuing - the process of asserting claims about a Holder who receives the verifiable credential
- by writing a transaction to the Velocity Ledger which includes the credential ID, its type, the Issuer ID, and the public key matching the private key that signed it
Revocation - the act of an Issuer revoking the validity of a credential
- by writing a transaction to the Velocity Ledger marking the credential as revoked
Verification - the process of confirming that a verifiable credential is not modified, revoked or expired and is issued by a trusted authority
- by accessing the Velocity Ledger to retrieve the unique public key associated with credential and verify its signature

Verifiable Credentials

Velocity currently uses the JWT format for encoding credentials with JWS signatures using SECP256K1 as proofs.

Verifiable credentials are divided into the following categories:

Layer-1 credential types - network’s core set of credential types (e.g. Email, IdDocument, OpenBadgeCredential)
- for each issued credential, the Issuer receives a reward in the form of Velocity Credits
Layer-2 credential types - any custom credential type
- should be mapped to a Layer-1 type in order for the Issuer to be eligible for a reward

More about credential types here https://docs.velocitynetwork.foundation/docs/developers/basics-credential-types.

Decentralized identifiers

did:ion - used to identify organizations or individuals
- received when registering with the Registrar
did:velocity - used to identify credentials
- is immutable
- stores only a single key and credential type
- resolving it will burn an NFT to permit DID resolution

Basics

This section describes the main steps required to interact with Velocity network:

onboarding (did registration)
issuing credentials
inspecting credentials

Onboarding

In order to operate on Velocity network, any entity (regardless of scope - issuer, relying party or credential agent operator) has to register with the network.

The onboarding is currently done manually and will custody a DID on the DID:ION network:

get an account with the registrar
- by sending an email to support@velocitynetwork.foundation
set up the organization(s)
- set the required services according to the use case:
  - issuer - VlcCareerIssuer_v1
  - verifier - VlcInspector_v1
  - agent operator - VlcCredentialAgentOperator_v1
configure the tenants
- add the required keys according to the use case:
  - issuer - ISSUING_METADATA
  - verifier - EXCHANGES
  - agent operator - DLT_TRANSACTIONS

The configuration steps from above can be completed either using:

More information on Velocity onboarding can be found at https://docs.velocitynetwork.foundation/docs/developers/developers-guide-getting-started.

Issuing

Issuing involves an exchange between a Holder and an Issuer, by which the Holder receives a set of offers from the Issuer. Once the Holder accepts the offers, the Issuer converts them into verifiable credentials and supplies them to the Holder.

Depending on data source location and process initiating party, the following issuing types are supported:

custom - credential agent loads offers from itself as well as calling out webhooks
- demand triggered - Holder initiates the credential claiming process
  - Issuer responds with the available credential offers according to Holder’s criteria
- supply triggered - Issuer initiates the credential claiming process
  - offers are made available to the Holder using a notification mechanism by sending a deep-link or qr-code to claim the credentials
batch - credential agent loads offers only from itself
- a specialized version of supply triggered custom issuing

More information on issuing can be found at https://docs.velocitynetwork.foundation/docs/developers/developers-guide-issuing.

Inspection

The verification process (inspection) is initiated by disclosure exchanges where the Relying Party requests credentials from Holder. These exchanges can be encoded in the following ways:

deep links - a URI that matches the spec:
- velocity-network://inspect?request_uri=[REQUEST_URI]&inspectorDid=[INSPECTOR_DID]&vendorOriginContext=[VENDOR_ORIGIN_CONTEXT]
QR-codes - a visual representation of a deep link

Depending on the use case, the Relying Party can request either:

verified credentials
- requires payment in tokens
- returns the verification checks (policies) result
unverified credentials:
- requires no payment in tokens
- can be verified later

Verification policies

The verification checks performed against the credential are the following:

UNTAMPERED
- pass - hasn't been tampered
- fail - has been tampered
- voucher_reserve_exhausted - a voucher is required for verification
TRUSTED_ISSUER
- pass - issuer is trusted
- fail - issuer is not a member of Velocity
- self_signed - data attested by the Holder
- voucher_reserve_exhausted - a voucher is required for verification
UNREVOKED
- pass - hasn't been revoked
- has been revoked
- voucher_reserve_exhausted - a voucher is required for verification
UNEXPIRED
- pass - hasn't expired
- fail - has expired

More details on credential verification checks can be found at https://docs.velocitynetwork.foundation/docs/developers/developers-guide-disclosure-exchange#credential-verification-checks.

More on credential verification at https://docs.velocitynetwork.foundation/docs/developers/developers-guide-disclosure-exchange.

Integration with SSIKit

The interaction with Velocity network is implemented in SSIKit using a Rest API client which currently exposes the functionality through the command-line-interface. The available functions can grouped as follows:

organization related
- onboarding
- tenant configuration
credential related
- issuance
- verification

In order to cover the credential related functions, but also tenant management, SSIKit uses a credential agent deployed on walt.id infrastructure. For this, walt.id is registered on Velocity network (currently only on testnet) as a credential agent operator and can issue and verify credentials on behalf of issuer using either issuer's keys or walt.id keys. The diagram below shows how Velocity integration is currently done with SSIKit.

The organization related functions, such as onboarding and DID acquisition, are implemented by calling Velocity network registrar Rest API.

Command line interface

This section describes the following functions implemented as part of Velocity network integration:

Velocity network specific operation are available under the velocity command:

Onboarding

Velocity onboading commands are available under the onboard command as follows:

DID acquisition

E.g. Onboarding organization.

Tenant management

Every organization needs a tenant on the credential agent. Tenant functions are available under the tenant command:

create tenant

E.g. Add a tenant having verifier, issuer and agent operator purposes.

Disclosure management

In order to be able to issue / verify credential, it is required to have the correct identification disclosure set up. Current disclosure management functions are:

create disclosure

E.g. Create an integrated issuing identification disclosure.

Issuing

Velocity issuance commands are available under issue command as follows:

offer management
credential management

./ssikit.sh velocity issue -h

Offer management

Before being able to issue verifiable credentials, the credential data needs to be prepared. Offers represent the way to set up credential data. Basically, an offer is a credential that has not been signed. The offer management functions can be accessed from the command:

./ssikit.sh velocity issue offer -h

Currently available functions are:

create offer

E.g. Create an offer.

./ssikit.sh velocity issue -i did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692 -d 61966dfc4732da2ea0e64826 -m adam.smith@example.com

{
    "type":
    [
        "PastEmploymentPosition"
    ],
    "credentialSubject":
    {
        "vendorUserId": "adam.smith@example.com",
        "company": "did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692",
        "companyName":
        {
            "localized":
            {
                "en": "Microsoft Corporation"
            }
        },
        "title":
        {
            "localized":
            {
                "en": "Director, Communications (HoloLens & Mixed Reality Experiences)"
            }
        },
        "startMonthYear":
        {
            "month": 10,
            "year": 2010
        },
        "endMonthYear":
        {
            "month": 5,
            "year": 2022
        },
        "location":
        {
            "countryCode": "US",
            "regionCode": "MA"
        },
        "description":
        {
            "localized":
            {
                "en": "Big Data, AI, Hybrid, IoT, Datacenter, Mixed Reality/HoloLens, D365, Power Platform - all kinds of fun stuff!!!"
            }
        }
    },
    "offerCreationDate": "2020-08-04T21:13:32.019Z",
    "offerExpirationDate": "2021-08-04T21:13:32.019Z",
    "offerId": "ptIQrgxaicFX0QPVf_Z1L"
}

{
    "type":
    [
        "PastEmploymentPosition"
    ],
    "credentialSubject":
    {
        "vendorUserId": "adam.smith@example.com",
        "company": "did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692",
        "companyName":
        {
            "localized":
            {
                "en": "Microsoft Corporation"
            }
        },
        "title":
        {
            "localized":
            {
                "en": "Director, Communications (HoloLens & Mixed Reality Experiences)"
            }
        },
        "startMonthYear":
        {
            "month": 10,
            "year": 2010
        },
        "endMonthYear":
        {
            "month": 5,
            "year": 2022
        },
        "location":
        {
            "countryCode": "US",
            "regionCode": "MA"
        },
        "description":
        {
            "localized":
            {
                "en": "Big Data, AI, Hybrid, IoT, Datacenter, Mixed Reality/HoloLens, D365, Power Platform - all kinds of fun stuff!!!"
            }
        }
    },
    "offerCreationDate": "2020-08-04T21:13:32.019Z",
    "offerExpirationDate": "2021-08-04T21:13:32.019Z",
    "offerId": "ptIQrgxaicFX0QPVf_Z1L",
    "id": "634d9aacb6b4b8ab66563fac",
    "createdAt": "2022-10-14T18:10:52.726Z",
    "updatedAt": "2022-10-14T18:10:52.726Z",
    "exchangeId": "634d9a9caa4dc9cf44a8f37f",
    "issuer":
    {
        "id": "did:velocity:0x6872fedef46b03e9863a56859a1cdb45648907f7"
    }
}

Credential management

Credential management functions include:

issue credential

./ssikit.sh velocity issue credential -h

E.g. Issue credential.

./ssikit.sh velocity issue credential -i did:velocity:0x6872fedef46b03e9863a56859a1cdb45648907f7 -c PastEmploymentCredential credential-data.json

{
    "type":
    [
        "PastEmploymentPosition"
    ],
    "credentialSubject":
    {
        "vendorUserId": "adam.smith@example.com",
        "company": "did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692",
        "companyName":
        {
            "localized":
            {
                "en": "Microsoft Corporation"
            }
        },
        "title":
        {
            "localized":
            {
                "en": "Director, Communications (HoloLens & Mixed Reality Experiences)"
            }
        },
        "startMonthYear":
        {
            "month": 10,
            "year": 2010
        },
        "endMonthYear":
        {
            "month": 5,
            "year": 2022
        },
        "location":
        {
            "countryCode": "US",
            "regionCode": "MA"
        },
        "description":
        {
            "localized":
            {
                "en": "Big Data, AI, Hybrid, IoT, Datacenter, Mixed Reality/HoloLens, D365, Power Platform - all kinds of fun stuff!!!"
            }
        }
    },
    "offerCreationDate": "2020-08-04T21:13:32.019Z",
    "offerExpirationDate": "2021-08-04T21:13:32.019Z",
    "offerId": "ptIQrgxaicFX0QPVf_Z1L"
}

velocity-network://issue?request_uri=https://stagingagent.velocitycareerlabs.io/api/holder/v0.6/org/did:velocity:0x6872fedef46b03e9863a56859a1cdb45648907f7/issue/get-credential-manifest?exchange_id=634d9a9caa4dc9cf44a8f37f&credential_types=PastEmploymentPosition

Inspection

Velocity credential verification is available with the verify command:

./ssikit.sh velocity verify -h

E.g. Verify credential.

./ssikit.sh velocity verify -i did:ion:1234567890 credential.jwt checks.json

eyJqd2siOnsia3R5IjoiRUMiLCJleHQiOnRydWUsImtleV9vcHMiOlsidmVyaWZ5Il0sIngiOiJVd3V5Y2lfMUJNa05DdVkwZ0lPWFZ3ZDZTOXBPMldOUWpsdUVXbWd3TGNBIiwieSI6Ik5vYlp6WFh1VUtNQmIwU1ZpaGo2cG10RWY2cXd4Y1FwSHlOMmRwSHBjM1kiLCJjcnYiOiJQLTI1NiJ9LCJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6Ijc1NmZlMWIzLWYwOGEtNDgxYy05ZWFlLTU2ZWIwMGI2NWQ1NyIsInR5cGUiOlsiSWREb2N1bWVudCIsIlZlcmlmaWFibGVDcmVkZW50aWFsIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImZpcnN0TmFtZSI6eyJsb2NhbGl6ZWQiOnsiZW4iOiJBZGFtIn19LCJsYXN0TmFtZSI6eyJsb2NhbGl6ZWQiOnsiZW4iOiJTbWl0aCJ9fSwia2luZCI6IkRyaXZlcnNMaWNlbnNlIiwiYXV0aG9yaXR5Ijp7ImxvY2FsaXplZCI6eyJlbiI6IkNhbGlmb3JuaWEgRE1WIn19LCJsb2NhdGlvbiI6eyJjb3VudHJ5Q29kZSI6IlVTIiwicmVnaW9uQ29kZSI6IkNBIn0sImRvYiI6eyJkYXkiOjIwLCJtb250aCI6NiwieWVhciI6MTk2Nn0sImlkZW50aXR5TnVtYmVyIjoiMTIzMTAzMTIzMTIiLCJkZWZhdWx0Ijp0cnVlfX0sInN1YiI6ImFkYW0uc21pdGhAZXhhbXBsZS5jb20iLCJhdWQiOiIgIiwiaXNzIjoiNzU2ZmUxYjMtZjA4YS00ODFjLTllYWUtNTZlYjAwYjY1ZDU3IiwianRpIjoiNzU2ZmUxYjMtZjA4YS00ODFjLTllYWUtNTZlYjAwYjY1ZDU3IiwiaWF0IjoxNjIwMTI4NjgyLCJuYmYiOjE2MjAxMjg2ODJ9.iqbGO5LfYzUmvesVSCquWHekbC-z3VCvls156zsNnmvz7y6sFtcH7lH0IkRNwljGQQvsce50O7RG06QOSnMS4g

{
    "TRUSTED_ISSUER": "SELF_SIGNED",
    "UNREVOKED": "PASS",
    "UNEXPIRED": "NOT_APPLICABLE",
    "UNTAMPERED": "PASS"
}

Verification result:
true
{
    "TRUSTED_ISSUER": "SELF_SIGNED",
    "UNREVOKED": "PASS",
    "UNEXPIRED": "NOT_APPLICABLE",
    "UNTAMPERED": "PASS"
}

Velocity

Intro to Velocity Network

Velocity Network Foundation

The following data is stored on chain:

organization metadata - DID, profile, endpoint
credential metadata (encrypted) - ID, type, public key, revocation status
verification voucher transactions
credential types and schemas

Network participants

High level

Holder - a person that holds the credential on behalf of the subject (themselves or another person)
Issuer - an organization that creates and issues credentials
- first party issuer - an entity that can directly attest to the claims within the credential
- notary issuer - an entity that can evaluate evidence to attest to the claims within the credential
Relying Party - an entity that requests and verifies credentials from a Holder

Low level

Wallet Provider (Holder App Provider) - an organization offering digital wallets to be used by Holders
Credential Agent Operator - an organization operating a credential agent
- Agent - an interface to the network used by organizations (Issuer, Relying Party, Holder) - call contracts, retrieve account states - form the 'layer-2' network
  - Tenant - an organization’s delegate on which behalf the agent is acting
Node Operator - an organization operating a node
- Node - a participant on the network holding copies of the underlying ledger
  - Members (Stewards) - read-only nodes with limited data access that forward write operations to Validators
  - Validators - full-write permission nodes that participate in consensus
Velocity Network Registrar - a set of centralized services that are used for administering the accredited organizations and credential types on the Network
Credits hub - a module where Velocity credits are administered and credit reward transactions can be executed
Voucher hub - a module where Velocity vouchers are administered and top up transactions can be executed
The ledger - the distributed blockchain-based, continuously-replicated, global cryptographic database maintained by Stewards operating nodes communicating with the Velocity consensus protocol

Workflows

Issuing - the process of asserting claims about a Holder who receives the verifiable credential
- by writing a transaction to the Velocity Ledger which includes the credential ID, its type, the Issuer ID, and the public key matching the private key that signed it
Revocation - the act of an Issuer revoking the validity of a credential
- by writing a transaction to the Velocity Ledger marking the credential as revoked
Verification - the process of confirming that a verifiable credential is not modified, revoked or expired and is issued by a trusted authority
- by accessing the Velocity Ledger to retrieve the unique public key associated with credential and verify its signature

Verifiable Credentials

Velocity currently uses the JWT format for encoding credentials with JWS signatures using SECP256K1 as proofs.

Verifiable credentials are divided into the following categories:

Layer-1 credential types - network’s core set of credential types (e.g. Email, IdDocument, OpenBadgeCredential)
- for each issued credential, the Issuer receives a reward in the form of Velocity Credits
Layer-2 credential types - any custom credential type
- should be mapped to a Layer-1 type in order for the Issuer to be eligible for a reward

More about credential types here https://docs.velocitynetwork.foundation/docs/developers/basics-credential-types.

Decentralized identifiers

did:ion - used to identify organizations or individuals
- received when registering with the Registrar
did:velocity - used to identify credentials
- is immutable
- stores only a single key and credential type
- resolving it will burn an NFT to permit DID resolution

Issuing

Velocity issuance commands are available under issue command as follows:

offer management
credential management

./ssikit.sh velocity issue -h

Offer management

./ssikit.sh velocity issue offer -h

Currently available functions are:

create offer

E.g. Create an offer.

./ssikit.sh velocity issue -i did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692 -d 61966dfc4732da2ea0e64826 -m adam.smith@example.com

{
    "type":
    [
        "PastEmploymentPosition"
    ],
    "credentialSubject":
    {
        "vendorUserId": "adam.smith@example.com",
        "company": "did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692",
        "companyName":
        {
            "localized":
            {
                "en": "Microsoft Corporation"
            }
        },
        "title":
        {
            "localized":
            {
                "en": "Director, Communications (HoloLens & Mixed Reality Experiences)"
            }
        },
        "startMonthYear":
        {
            "month": 10,
            "year": 2010
        },
        "endMonthYear":
        {
            "month": 5,
            "year": 2022
        },
        "location":
        {
            "countryCode": "US",
            "regionCode": "MA"
        },
        "description":
        {
            "localized":
            {
                "en": "Big Data, AI, Hybrid, IoT, Datacenter, Mixed Reality/HoloLens, D365, Power Platform - all kinds of fun stuff!!!"
            }
        }
    },
    "offerCreationDate": "2020-08-04T21:13:32.019Z",
    "offerExpirationDate": "2021-08-04T21:13:32.019Z",
    "offerId": "ptIQrgxaicFX0QPVf_Z1L"
}

{
    "type":
    [
        "PastEmploymentPosition"
    ],
    "credentialSubject":
    {
        "vendorUserId": "adam.smith@example.com",
        "company": "did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692",
        "companyName":
        {
            "localized":
            {
                "en": "Microsoft Corporation"
            }
        },
        "title":
        {
            "localized":
            {
                "en": "Director, Communications (HoloLens & Mixed Reality Experiences)"
            }
        },
        "startMonthYear":
        {
            "month": 10,
            "year": 2010
        },
        "endMonthYear":
        {
            "month": 5,
            "year": 2022
        },
        "location":
        {
            "countryCode": "US",
            "regionCode": "MA"
        },
        "description":
        {
            "localized":
            {
                "en": "Big Data, AI, Hybrid, IoT, Datacenter, Mixed Reality/HoloLens, D365, Power Platform - all kinds of fun stuff!!!"
            }
        }
    },
    "offerCreationDate": "2020-08-04T21:13:32.019Z",
    "offerExpirationDate": "2021-08-04T21:13:32.019Z",
    "offerId": "ptIQrgxaicFX0QPVf_Z1L",
    "id": "634d9aacb6b4b8ab66563fac",
    "createdAt": "2022-10-14T18:10:52.726Z",
    "updatedAt": "2022-10-14T18:10:52.726Z",
    "exchangeId": "634d9a9caa4dc9cf44a8f37f",
    "issuer":
    {
        "id": "did:velocity:0x6872fedef46b03e9863a56859a1cdb45648907f7"
    }
}

Credential management

Credential management functions include:

issue credential

./ssikit.sh velocity issue credential -h

E.g. Issue credential.

./ssikit.sh velocity issue credential -i did:velocity:0x6872fedef46b03e9863a56859a1cdb45648907f7 -c PastEmploymentCredential credential-data.json

{
    "type":
    [
        "PastEmploymentPosition"
    ],
    "credentialSubject":
    {
        "vendorUserId": "adam.smith@example.com",
        "company": "did:velocity:0xd4df29726d500f9b85bc6c7f1b3c021f16305692",
        "companyName":
        {
            "localized":
            {
                "en": "Microsoft Corporation"
            }
        },
        "title":
        {
            "localized":
            {
                "en": "Director, Communications (HoloLens & Mixed Reality Experiences)"
            }
        },
        "startMonthYear":
        {
            "month": 10,
            "year": 2010
        },
        "endMonthYear":
        {
            "month": 5,
            "year": 2022
        },
        "location":
        {
            "countryCode": "US",
            "regionCode": "MA"
        },
        "description":
        {
            "localized":
            {
                "en": "Big Data, AI, Hybrid, IoT, Datacenter, Mixed Reality/HoloLens, D365, Power Platform - all kinds of fun stuff!!!"
            }
        }
    },
    "offerCreationDate": "2020-08-04T21:13:32.019Z",
    "offerExpirationDate": "2021-08-04T21:13:32.019Z",
    "offerId": "ptIQrgxaicFX0QPVf_Z1L"
}

velocity-network://issue?request_uri=https://stagingagent.velocitycareerlabs.io/api/holder/v0.6/org/did:velocity:0x6872fedef46b03e9863a56859a1cdb45648907f7/issue/get-credential-manifest?exchange_id=634d9a9caa4dc9cf44a8f37f&credential_types=PastEmploymentPosition

Onboarding

Velocity onboading commands are available under the onboard command as follows:

DID acquisition

Once an account was set up with the registrar (see ), cli-tool can be used to register the organization, using the command:

./ssikit.sh velocity onboard organization <org-file>

E.g. Onboarding organization.

./ssikit.sh velocity onboard organization organization.json

{
    "profile":
    {
        "name": "WaltID",
        "location":
        {
            "countryCode": "AT",
            "regionCode": "W"
        },
        "founded": "2021",
        "logo": "https://images.squarespace-cdn.com/content/v1/609c0ddf94bcc0278a7cbdb4/d7a7bc88-c700-4efe-a95f-8d3086bccb9d/Walt.id_Logo_round.png?format=1500w"
    },
    "serviceEndpoints":
    [
        {
            "id": "#credential-agent-operator-1",
            "serviceEndpoint": "https://agent.velocity.walt.id",
            "type": "VlcCredentialAgentOperator_v1"
        },
        {
            "id": "#credential-agent-inspector-1",
            "serviceEndpoint": "https://agent.velocity.walt.id",
            "type": "VlcInspector_v1"
        },
        {
            "id": "#credential-agent-issuer-1",
            "serviceEndpoint": "https://agent.velocity.walt.id",
            "type": "VlcCareerIssuer_v1",
            "credentialTypes":
            [
                "OpenBadgeCredential",
                "EducationDegree",
                "CurrentEmploymentPosition",
                "PastEmploymentPosition",
                "Badge",
                "Certification",
                "Course",
                "Assessment",
                "AssessmentDec2020",
                "VaccinationCertificate-Apr2021",
                "CourseRegistrationV1.0",
                "CourseCompletionV1.0",
                "CourseAttendanceV1.0",
                "EducationDegreeRegistrationV1.0",
                "EducationDegreeStudyV1.0",
                "EducationDegreeGraduationV1.0",
                "CertificationV1.0",
                "LicenseV1.0",
                "OpenBadgeV1.0",
                "AssessmentV1.0",
                "EmploymentCurrentV1.0",
                "EmploymentPastV1.0",
                "VerifiableCredential",
                "ComprehensiveLearnerRecord",
                "CourseRegistrationV1.1",
                "CourseCompletionV1.1",
                "CourseAttendanceV1.1",
                "EducationDegreeRegistrationV1.1",
                "EducationDegreeStudyV1.1",
                "EducationDegreeGraduationV1.1",
                "CertificationV1.1",
                "LicenseV1.1",
                "AssessmentV1.1",
                "EmploymentCurrentV1.1",
                "EmploymentPastV1.1",
                "BadgeV1.1",
                "OpenBadgeV2.0",
                "OpenBadgeV2.1"
            ]
        }
    ]
}

{
    "id": "did:ion:org-did",
    "didDoc":
    {
        "@context":
        [
            "https://www.w3.org/ns/did/v1",
            {
                "@base": "<did:ion:org-did>"
            }
        ],
        "id": "<did:ion:org-did>",
        "verificationMethod":
        [
            {
                "id": "#vc-signing-key-1",
                "type": "EcdsaSecp256k1VerificationKey2019",
                "controller": "",
                "publicKeyJwk":
                {
                    "crv": "secp256k1",
                    "x": "<x-value>",
                    "y": "<y-value>",
                    "kty": "EC"
                }
            },
            {
                "id": "#eth-account-key-1",
                "type": "EcdsaSecp256k1VerificationKey2019",
                "controller": "",
                "publicKeyJwk":
                {
                    "crv": "secp256k1",
                    "x": "<x-value>",
                    "y": "<y-value>",
                    "kty": "EC"
                }
            },
            {
                "id": "#exchange-key-1",
                "type": "EcdsaSecp256k1VerificationKey2019",
                "controller": "",
                "publicKeyJwk":
                {
                    "crv": "secp256k1",
                    "x": "<x-value>",
                    "y": "<y-value>",
                    "kty": "EC"
                }
            }
        ],
        "assertionMethod":
        [
            "#vc-signing-key-1",
            "#eth-account-key-1",
            "#exchange-key-1"
        ],
        "service":
        [
            {
                "type": "VlcCredentialAgentOperator_v1",
                "id": "#credentialagent-1",
                "serviceEndpoint": "https://agent.samplevendor.com/acme"
            },
            {
                "type": "VlcCareerIssuer_v1",
                "id": "#issuer-1",
                "serviceEndpoint": "https://agent.samplevendor.com/acme",
                "credentialTypes":
                [
                    "CertificationV1.1",
                    "LicenseV1.1",
                    "CourseCompletionV1.1",
                    "EducationDegreeGraduationV1.1",
                    "EmploymentCurrentV1.1",
                    "EmploymentPastV1.1"
                ]
            },
            {
                "type": "VlcInspector_v1",
                "id": "#inspector-1",
                "serviceEndpoint": "https://agent.samplevendor.com/acme"
            }
        ]
    },
    "profile":
    {
        "name": "Test Organization",
        "location":
        {
            "countryCode": "US",
            "regionCode": "NY"
        },
        "logo": "https://images.squarespace-cdn.com/content/v1/609c0ddf94bcc0278a7cbdb4/d7a7bc88-c700-4efe-a95f-8d3086bccb9d/Walt.id_Logo_round.png?format=1500w",
        "website": "http://www.organization.com",
        "cntactEmail": "contact@example.com",
        "founded": "2021-01-01",
        "registrationNumbers":
        [
            {
                "authority": "DunnAndBradstreet",
                "number": "1",
                "uri": "uri://uri"
            }
        ],
        "id": "<did:ion:org-did>",
        "verifiableCredentialJwt": "http://registrar.velocitynetwork.foundation/api/v0.6/organizations/<did:ion:org-did>/resolve-vc/<token>",
        "permittedVelocityServiceCategory":
        [
            "CredentialAgentOperator",
            "Issuer",
            "Inspector"
        ]
    },
    "keys":
    [
        {
            "id": "#vc-signing-key-1",
            "purposes":
            [
                "ISSUING_METADATA"
            ],
            "key": "<key-value>",
            "publicKey": "<key-value>",
            "algorithm": "SECP256K1",
            "encoding": "hex",
            "controller": "<did:ion:org-did>"
        },
        {
            "id": "#eth-account-key-1",
            "purposes":
            [
                "DLT_TRANSACTIONS"
            ],
            "key": "<key-value>",
            "publicKey": "<key-value>",
            "algorithm": "SECP256K1",
            "encoding": "hex",
            "controller": "<did:ion:org-did>"
        },
        {
            "id": "#exchange-key-1",
            "purposes":
            [
                "EXCHANGES"
            ],
            "key": "<key-value>",
            "publicKey": "<key-value>",
            "algorithm": "SECP256K1",
            "encoding": "hex",
            "controller": "<did:ion:org-did>"
        }
    ],
    "authClients":
    [
        {
            "type": "auth0",
            "clientType": "cao-node-client",
            "clientId": "<id-value>",
            "clientSecret": "<secret-value>",
            "serviceId": "#credentialagent-1"
        }
    ]
}

Tenant management

Every organization needs a tenant on the credential agent. Tenant functions are available under the tenant command:

create tenant

./ssikit.sh velocity onboard tenant -h

E.g. Add a tenant having verifier, issuer and agent operator purposes.

./ssikit.sh velocity onboard tenant tenant.json

{
    "serviceIds":
    [
        "#credential-agent-operator-1",
        "#credential-agent-inspector-1",
        "#credential-agent-issuer-1"
    ],
    "did": "<did:ion:org-did>",
    "keys":
    [
        {
            "purposes":
            [
                "DLT_TRANSACTIONS"
            ],
            "algorithm": "SECP256K1",
            "encoding": "hex",
            "kidFragment": "#eth-account-key-1",
            "key": "<key-value>"
        },
        {
            "purposes":
            [
                "EXCHANGES"
            ],
            "algorithm": "SECP256K1",
            "encoding": "hex",
            "kidFragment": "#exchange-key-1",
            "key": "<key-value>"
        },
        {
            "purposes":
            [
                "ISSUING_METADATA"
            ],
            "algorithm": "SECP256K1",
            "encoding": "hex",
            "kidFragment": "#vc-signing-key-1",
            "key": "<key-value>"
        }
    ]
}

{
    "id": "634d9327aa4dc9cf44a8f37a",
    "createdAt": "2022-10-14T17:38:47.231Z"
}

Disclosure management

In order to be able to issue / verify credential, it is required to have the correct identification disclosure set up. Current disclosure management functions are:

create disclosure

./ssikit.sh velocity onboard disclosure -h

E.g. Create an integrated issuing identification disclosure.

./ssikit.sh velocity onboard disclosure -i did:ion:1234567890 disclosure.json

{
    "types":
    [
        {
            "type": "EmailV1.0"
        }
    ],
    "vendorEndpoint": "integrated-issuing-identification",
    "vendorDisclosureId": "MSFT0001",
    "purpose": "Id Check",
    "duration": "16m",
    "termsUrl": "https://www.velocityexperiencecenter.com/terms-and-conditions-vnf",
    "activationDate": "2021-02-16T00:00:01Z",
    "identityMatchers":
    {
        "vendorUserIdIndex": 0,
        "rules":
        [
            {
                "valueIndex": 0,
                "path":
                [
                    "$.emails"
                ],
                "rule": "pick"
            }
        ]
    }
}

{
    "types":
    [
        {
            "type": "EmailV1.0"
        }
    ],
    "vendorDisclosureId": "MSFT0001",
    "vendorEndpoint": "integrated-issuing-identification",
    "identityMatchers":
    {
        "rules":
        [
            {
                "path":
                [
                    "$.emails"
                ],
                "rule": "pick",
                "valueIndex": 0
            }
        ],
        "vendorUserIdIndex": 0
    },
    "purpose": "Id Check",
    "duration": "16m",
    "termsUrl": "https://www.velocityexperiencecenter.com/terms-and-conditions-vnf",
    "activationDate": "2021-02-16T00:00:01.000Z",
    "id": "634d9625b6b4b8ab66563fab",
    "createdAt": "2022-10-14T17:51:33.769Z",
    "updatedAt": "2022-10-14T17:51:33.769Z"
}