Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Important: Please be informed that, beginning from December 2023, the Wallet Kit will no longer receive new features. Furthermore, the Wallet Kit is planned for discontinuation by the end of Q3 2024. However, all functionalities offered by the Wallet Kit are now integrated into our new libraries, APIs, and apps in the walt.id identity repo. Giving you more modularity, flexibility and ease-of-use to build end-to-end digital identity and wallet solutions.
Read the transition guide here. For any clarification or questions, feel free to contact us.
This documentation will help you understand how the Wallet works and how you can use it. However, it presumes a certain level of knowledge about Self-Sovereign Identity (SSI) so
if you are already familiar with SSI, you can jump to the introduction of the Wallet.
if you are new to SSI, please continue with our introduction to Self-Sovereign Identity.
Learn what SSI is and how it works.
Self-Sovereign Identity (SSI) is a user-centric approach to digital identity that gives people and organizations full control over their data. As a result, SSI enables anyone to easily share their data and reliably prove their identity (i.e. who they are and anything about them) without sacrificing security or privacy.
In other words, SSI enables you to “bring your own identity” and this is true for potentially any type of information - from your core identity (e.g. name, age, address) to your education and work records, your health and insurance data, bank account and financial information, etc.
Moreover, SSI can be used to model the digital identities of people, organizations and things.
At the end of the day, SSI promises a digital world in which interactions are effortless and worry-free. It is simply the next evolutionary step in identity management, a new paradigm in which our digital identities are no longer fragmented and locked into silos that are under someone else’s control, but only at our own disposal to be shared securely and privately.
SSI allows us to model digital identity just like we are used to the way identity works in the non-digital world based on paper documents and cards. There are just some minor twists.
For example, instead of our identity documents being made of paper or plastic, they are digital credentials made of bits and bytes and instead of storing them in wallets made of leather, they are stored in digital wallets on our phones. Importantly, these digital credentials can be reliably verified by anyone they are shared with online or offline.
In doing so, SSI enables decentralized ecosystems in which different parties can exchange and verify identity-related information. These ecosystems look like three-sided marketplaces, so that every party can take on three roles:
Issuers - Parties who “issue” identity-related data to people or organizations (“Holders”) in the form of digital credentials. They are the original data sources of an SSI ecosystem. For example, a government issues digital passports to citizens or a university issues digital diplomas to graduates.
Holders - Individuals or organizations who receive digital credentials that contain data about themselves from various sources (“Issuers”). By aggregating and storing such credentials in digital wallets, Holders can build holistic digital identities that are under their control and can easily be shared with third parties ("Verifiers").
Verifiers - Parties who rely on data to provide products and services can reliably verify and process data that has been provided by others (“Holders”). Verifiers, also called “Relying Parties”, are usually organizations or individuals in their professional capacity.
Usually, a single party plays only one of these roles per interaction. However, it is perfectly normal for a party to take on different roles in different interactions.
For example:
A university (Holder) is being accredited to issue certain types of educational credentials by a national authority (Issuer).
A university (Issuer) issues a digital diploma to a graduate (Holder), who can share this information with a recruiter (Verifier) in the course of a job application.
After the recruiting process, a recruiter (Issuer) issues the results of an applicant’s assessment (e.g. skills, referral) to the applicant (Holder), who can share this information with a new manager or another recruiter (Verifier).
A manager (Issuer) issues the results of a performance review to his employee (Holder) who can share this information with HR (e.g. to improve talent development programs).
This section elaborates the theory behind the Wallet:
Wallet Basics - Learn what the Wallet Kit is and what it does.
Architecture - Explore the architecture and components.
- Explore all features in an overview list
Learn about Self-Sovereign Identity (SSI).
Welcome to our Introduction to Self-Sovereign Identity (SSI) for developers and technical readers.
Before you get started, feel free to explore other (less technical) resources that will help you and your team to get a more holistic understanding of SSI and digital identity in general:
.
It has always been our goal to provide developers and organizations with great tools, so they can focus on delivering holistic identity solutions. Taking the lessons learned from previous products, we decided to redesign our current offering, resulting in what we now call The Community Stack. A collection of open-source products providing everything to launch any identity solution with ease. You can learn more about it here.
Starting from December 2023, the Wallet-Kit will halt feature enhancements, leading to a complete discontinuation planned for end-Q3 2024. It's essential to plan your transition to the new stack effectively.
The table below indicates which components of the Wallet-Kit are already supported in the new stack.
If you have any question, please reach out.
All relevant new libaries and APIs have found it's place in the waltid-identity repo.
User Account/Wallet Management
E-Mail/Password
web3 address
Key Management Create and mange Keys/DIDs in user wallets
ed25519
secp256k1
secp256r1
rsa
DID Management Create and mange Keys/DIDs in user wallets
did:key
did:jwk
did:web
did:cheqd
did:iota
did:ebsi
Not yet fully supported
Credential Issuance (OID4VC)
W3C as JWT
W3C as SD-JWT
W3C as JSON-LD
Not supported
Credential Verification (OID4VP/SIOPv2)
W3C credentials (JWT)
W3C credentials (SD-JWT)
W3C credential (JSON-LD)
Not supported
Other Credential Features
Credential Templates
Credential Revocation
Not yet supported
Policies
Open-Policy Agent Policies
- issue credentials
(currently, only did:key support) - receive and store credentials
- issue credentials
(currently, only did:key support) - receive and store credentials
- verify credentials
(currently, only did:key support) - receive and store credentials
- verify credentials
(currently, only did:key support) - receive and store credentials
In The Community Stack, we no longer have the notion of a credential template. The issuance will simply happen by providing the full W3C data schema, which will then be signed. A list of credentials schemas can be found
Similar. A list of all policies can be found .
Not yet supported. However, the new also give you great flexibility until we will reintroduce Open-Policy Agent policies.
Issuer web portal
Web based user interface for issuing credentials to the web wallet
Wallet configuration
Possibility to configure list of supported wallets (defaults to walt.id web wallet)
Credential issuance
Support for issuing verifiable credentials to the web wallet, based on OIDC for credential issuance specification
Verifier web portal
Web based user interface for requesting credential presentations through the web wallet
Wallet configuration
Possibility to configure list of supported wallets (defaults to walt.id web wallet)
Presentation exchange
Support for presentation exchange based on OIDC for verifiable presentations (SIOP) specification
Here are the most important things to know about the Wallet Kit:
It is open source (Apache 2). You can use the code for free and without limitations.
It is an out-of-the-box solution that you can simply re-use or even white-label such as for building pilot projects quickly.
It is customisable in a sense that you can individualise the app based on your requirements: You can rebrand the app, build your own UI and add new features. ****
It is composable in a sense that you can plug your existing (d)apps into the wallet backend in order to supercharge your (d)apps with SSI capabilities.
It abstracts complexity such as low-level functionality related to key handling, data storage, signing and interactions with third party systems.
It is built on open standards to ensure interoperability and prevent lock-in effects.
It is flexible in a sense that you can deploy and run wallets on-premise, in your (multi) cloud environment or directly integrate our libraries.
It enables you to use different identity ecosystems like Europe’s emerging identity ecosystem (EBSI, ESSIF) in anticipation of a multi-ecosystem future. (Consult the to find out which ecosystems the Wallet Kit supports.)
The Issuer and Verifier Portals are demo web portals showcasing the scenarios of getting verifiable credentials issued into the wallet by a certified issuer or presenting a credential to a relying party. They can be used as reference implementations for issuers and verifiers to implement their own service platforms.
For credential and presentation exchange, we make use of the OIDC/SIOP protocols described in OIDC.
The Wallet enables you to launch an identity wallet or extend an existing app with identity capabilities: