Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Learn about Self-Sovereign Identity (SSI).
Welcome to our Introduction to Self-Sovereign Identity (SSI) for developers and technical readers.
Before you get started, feel free to explore other (less technical) resources that will help you and your team to get a more holistic understanding of SSI and digital identity in general:
This section elaborates the theory behind the Wallet:
Wallet Basics - Learn what the Wallet Kit is and what it does.
Architecture - Explore the architecture and components.
Feature List - Explore all features in an overview list
Important: Please be informed that, beginning from December 2023, the Wallet Kit will no longer receive new features. Furthermore, the Wallet Kit is planned for discontinuation by the end of Q3 2024. However, all functionalities offered by the Wallet Kit are now integrated into our new libraries, APIs, and apps in the walt.id identity repo. Giving you more modularity, flexibility and ease-of-use to build end-to-end digital identity and wallet solutions.
Read the transition guide here. For any clarification or questions, feel free to contact us.
This documentation will help you understand how the Wallet works and how you can use it. However, it presumes a certain level of knowledge about Self-Sovereign Identity (SSI) so
if you are already familiar with SSI, you can jump to the introduction of the Wallet.
if you are new to SSI, please continue with our introduction to Self-Sovereign Identity.
The Wallet Kit (or "wallet backend") as well as the Issuer and Verifier Portals (or "Issuer and Verifier backends") are built as abstraction layers over the SSI Kit. They provide user data separation (user contexts of the underlying data stores) and high-level APIs for the interaction with the web frontends and the credential exchange protocols such as OIDC and SIOP.
Moreover, the wallet backend can be seen as an abstraction over the "Custodian" component of the SSI Kit, whereas the Issuer and Verifier backends build on top of the "Signatory" and "Auditor" components, respectively.
It has always been our goal to provide developers and organizations with great tools, so they can focus on delivering holistic identity solutions. Taking the lessons learned from previous products, we decided to redesign our current offering, resulting in what we now call The Community Stack. A collection of open-source products providing everything to launch any identity solution with ease. You can learn more about it here.
Starting from December 2023, the Wallet-Kit will halt feature enhancements, leading to a complete discontinuation planned for end-Q3 2024. It's essential to plan your transition to the new stack effectively.
The table below indicates which components of the Wallet-Kit are already supported in the new stack.
If you have any question, please reach out.
All relevant new libaries and APIs have found it's place in the waltid-identity repo.
Wallet-Kit Feautres | The Community Stack |
---|---|
User Account/Wallet Management
E-Mail/Password
web3 address
Key Management Create and mange Keys/DIDs in user wallets
ed25519
secp256k1
secp256r1
rsa
DID Management Create and mange Keys/DIDs in user wallets
did:key
did:jwk
did:web
did:cheqd
did:iota
did:ebsi
Not yet fully supported
Credential Issuance (OID4VC)
W3C as JWT
Issuer-API - issue credentials
(currently, only did:key support) Wallet-API - receive and store credentials
W3C as SD-JWT
Issuer-API - issue credentials
(currently, only did:key support) Wallet-API - receive and store credentials
W3C as JSON-LD
Not supported
Credential Verification (OID4VP/SIOPv2)
W3C credentials (JWT)
Verifier-API - verify credentials
(currently, only did:key support) Wallet-API - receive and store credentials
W3C credentials (SD-JWT)
Verifier-API - verify credentials
(currently, only did:key support) Wallet-API - receive and store credentials
W3C credential (JSON-LD)
Not supported
Other Credential Features
Credential Templates
In The Community Stack, we no longer have the notion of a credential template. The issuance will simply happen by providing the full W3C data schema, which will then be signed. A list of credentials schemas can be found here
Credential Revocation
Not yet supported
Policies
Similar. A list of all policies can be found here.
Open-Policy Agent Policies
Not yet supported. However, the new webhook policies also give you great flexibility until we will reintroduce Open-Policy Agent policies.
Here are the most important things to know about the Wallet Kit:
It is open source (Apache 2). You can use the code for free and without limitations.
It is an out-of-the-box solution that you can simply re-use or even white-label such as for building pilot projects quickly.
It is customisable in a sense that you can individualise the app based on your requirements: You can rebrand the app, build your own UI and add new features. ****
It is composable in a sense that you can plug your existing (d)apps into the wallet backend in order to supercharge your (d)apps with SSI capabilities.
It abstracts complexity such as low-level functionality related to key handling, data storage, signing and interactions with third party systems.
It is built on open standards to ensure interoperability and prevent lock-in effects.
It is flexible in a sense that you can deploy and run wallets on-premise, in your (multi) cloud environment or directly integrate our libraries.
The Issuer and Verifier Portals are demo web portals showcasing the scenarios of getting verifiable credentials issued into the wallet by a certified issuer or presenting a credential to a relying party. They can be used as reference implementations for issuers and verifiers to implement their own service platforms.
For credential and presentation exchange, we make use of the OIDC/SIOP protocols described in OIDC.
Like the wallet-backend, the issuer and verifier portals are built on top of the SSI Kit, to leverage its functionality for issuing, signing and verifying credentials, provided by the Signatory and Auditor components resepectively.
To save you the roundtrip, in case you ended up on this page, here's the architecture diagram once more:
Learn what SSI is and how it works.
Self-Sovereign Identity (SSI) is a user-centric approach to digital identity that gives people and organizations full control over their data. As a result, SSI enables anyone to easily share their data and reliably prove their identity (i.e. who they are and anything about them) without sacrificing security or privacy.
In other words, SSI enables you to “bring your own identity” and this is true for potentially any type of information - from your core identity (e.g. name, age, address) to your education and work records, your health and insurance data, bank account and financial information, etc.
Moreover, SSI can be used to model the digital identities of people, organizations and things.
At the end of the day, SSI promises a digital world in which interactions are effortless and worry-free. It is simply the next evolutionary step in identity management, a new paradigm in which our digital identities are no longer fragmented and locked into silos that are under someone else’s control, but only at our own disposal to be shared securely and privately.
SSI allows us to model digital identity just like we are used to the way identity works in the non-digital world based on paper documents and cards. There are just some minor twists.
For example, instead of our identity documents being made of paper or plastic, they are digital credentials made of bits and bytes and instead of storing them in wallets made of leather, they are stored in digital wallets on our phones. Importantly, these digital credentials can be reliably verified by anyone they are shared with online or offline.
In doing so, SSI enables decentralized ecosystems in which different parties can exchange and verify identity-related information. These ecosystems look like three-sided marketplaces, so that every party can take on three roles:
Issuers - Parties who “issue” identity-related data to people or organizations (“Holders”) in the form of digital credentials. They are the original data sources of an SSI ecosystem. For example, a government issues digital passports to citizens or a university issues digital diplomas to graduates.
Holders - Individuals or organizations who receive digital credentials that contain data about themselves from various sources (“Issuers”). By aggregating and storing such credentials in digital wallets, Holders can build holistic digital identities that are under their control and can easily be shared with third parties ("Verifiers").
Verifiers - Parties who rely on data to provide products and services can reliably verify and process data that has been provided by others (“Holders”). Verifiers, also called “Relying Parties”, are usually organizations or individuals in their professional capacity.
Usually, a single party plays only one of these roles per interaction. However, it is perfectly normal for a party to take on different roles in different interactions.
For example:
A university (Holder) is being accredited to issue certain types of educational credentials by a national authority (Issuer).
A university (Issuer) issues a digital diploma to a graduate (Holder), who can share this information with a recruiter (Verifier) in the course of a job application.
After the recruiting process, a recruiter (Issuer) issues the results of an applicant’s assessment (e.g. skills, referral) to the applicant (Holder), who can share this information with a new manager or another recruiter (Verifier).
A manager (Issuer) issues the results of a performance review to his employee (Holder) who can share this information with HR (e.g. to improve talent development programs).
There are different ways to get started with the Wallet Kit, either you use the backend service provided by the Wallet Kit via an API and build your own frontend, or you run the Wallet Kit (backend service) and our pre-build frontend applications for the different parties (holder, verifier, issuer).
The Wallet enables you to launch an identity wallet or extend an existing app with identity capabilities:
It enables you to use different identity ecosystems like Europe’s emerging identity ecosystem (EBSI, ESSIF) in anticipation of a multi-ecosystem future. (Consult the to find out which ecosystems the Wallet Kit supports.)
Since the issuer and verifier backends are currently integrated with the wallet-backend project, refer to the section for details.
Important: Please be informed that, beginning from December 2023, the Wallet Kit will no longer receive new features. Furthermore, the Wallet Kit is planned for discontinuation by the end of Q3 2024. However, all functionalities currently offered by the Wallet Kit will be integrated into our new libraries, APIs, and apps under . This is aimed at providing a more modular, flexible, and efficient solution for your needs. For any clarification or queries, feel free to as we aim to make this transition as smooth as possible.
: Quick way to launch and try out the latest builds of our backend API and the frontend applications. No build environment required, adaptation of default config may be necessary, depending on your setup.
: Quickly build the individual services (backend & frontend) using Docker and launch the docker images. No local build environment required, besides docker.
: Build and run the services (backend & frontend) locally on your machine. Requires build environment, including JDK 16, Gradle, NodeJs and Yarn.
: The Wallet Kit ("wallet backend") can be used directly as for Maven or Gradle.
: The Wallet Kit comes with a to conveniently configure the issueer DID among other configuration options.
- Use the Wallet Kit API.
- Offer a full solution by connecting our pre-build frontends to the Wallet Kit backend.
If you just want to try out the Wallet Kit (backend) and the Issuer and Verifier Portals (frontends), you may directly use our , which don't require any configuration or build environment.