SlideShare a Scribd company logo

Decentralized Identities-July 2020 community call

Download as PPTX, PDF
Microsoft 365 Developer
Microsoft 365 Developer

The document provides information about decentralized identities and verifiable credentials. It discusses how a university administrator can configure the issuance of digital student ID credentials on the Microsoft identity platform. This includes customizing the look and feel of the credentials, defining the data included in credentials, and specifying requirements for credential issuance such as authentication methods. It also shows how a student can request the issuance of a new credential by sending an OpenID request containing credential details and requirements. The goal is to allow students to securely prove their student status to other applications and services using self-sovereign digital credentials.

Technology
1 of 90
Microsoft identity platform July 16, 2020 Community call Decentralized Identities Matthijs Hoekstra Microsoft @mahoekst
Introduction • First things first • Please note: We are recording this call so those unable to attend can benefit from the recording. • This call is designed for developers who implement or are interested in implementing Microsoft identity platform solutions. • What kind of topics will we discuss? • We will address development related topics submitted to us by the community for discussion. • We build a pipeline of topics for the next few weeks, please submit your feedback and topic suggestions - https://aka.ms/IDDevCommunityCallSurvey • View recordings on the Microsoft 365 Developer YouTube channel - https://aka.ms/M365DevYouTube • Follow us on Twitter @Microsoft365Dev and @azuread • This is NOT a support channel. Please use Stack Overflow to ask your immediate support related questions. • When is the next session? • Community Calls: Monthly – 3rd Thursday of every month • Next Identity Developer Community Call: Aug 20th
Your Identity == App(username, password)
u s e r n a m e l l l l l l l lYour Identity > App(username, password)
Your Identity > App(username, password) play purchases education achievements interests work citizenship u s e r n a m e l l l l l l l l
Your Identity > App(username, password) u s e r n a m e l l l l l l l l play purchases education achievements interests work citizenship
Your Identity App(username, password) Endless breaches of personal data Billions spent on audits 1B+ displaced without any ID ? In some cases, disappear
• Privacy and control of my identity and data • Protection from hacks • Protection from breaches Individuals • Trust, and Verify • Collaborate with everyone • Reduce risk for GDPR, KYC/AML Organizations • ID for cross border & agency • Digital ID for refugees • Social and financial inclusion for everyone Governments
u s e r n a m e l l l l l l l l play purchases education achievements interests work citizenship
u s e r n a m e l l l l l l l l
Each of us needs digital identity we own and control, one which securely and privately stores all elements of our digital identity. This self-owned identity must seamlessly integrate into our lives and give us complete control over how our identity data is accessed and used.
To: Alice Smith ContosoRegistrar 5/6/2020 9:30 AM YourDigital Student IT isavailable CR CR Add to Wallet Contoso Registrar Wed 9:30AMYourDigitalStudentITisavailable Hi Alice, Your digital student ID is here. Contoso
To: Alice Smith ContosoRegistrar 5/6/2020 9:30 AM YourDigital Student IT isavailable CR CR Add to Wallet Contoso Registrar Wed 9:30AMYourDigitalStudentITisavailable Hi Alice, Your digital student ID is here. Contoso
To: Alice Smith ContosoRegistrar 5/6/2020 9:30 AM YourDigital Student IT isavailable CR CR Add to Wallet Contoso Registrar Wed 9:30AMYourDigitalStudentITisavailable Hi Alice, Your digital student ID is here. Contoso
Users Identity Hub Universal Resolver People,Apps, andDevices Stage: Working Implementations Stage: Working Implementations W3C Decentralized Identifiers Stage: Published Standard Decentralized Systems · Blockchains and Ledgers CCG DID Authentication W3C Verifiable Credentials Stage: Published Standard User Agent Stage: Working Implementations did:// Join, collaborate, and contribute
Public key infrastructure
What’s an Verifiable Credential?
Configure credential issuance Administrator Contoso admin sets up an issuer that will produce verifiable credentials: 1. Provide an Azure Key Vault 2. Associate a verified DNS domain 3. A DID is registered
Configure credential look and feel Administrator Contoso admin customizes branding of their credentials. 1. Choose a card color. 2. Upload icons & images. 3. Provide helpful text.
Markup for defining look & feel of a card { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } }
{ "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } } Markup for defining look & feel of a card Customize the look & feel of the card
} "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } } Markup for defining look & feel of a card Provide text strings for credential data { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } }
Contract describes requirements for issuance { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used by verifiers to request }, "validityInterval": 2592000, // expiration of a credential, in seconds "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], }, }
{ "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used }, "validityInterval": 2592000, // expiration of a credential, in seconds "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used by verifiers to request }, "validityInterval": 2592000, // expiration of a credential, in seconds "signingKeys": [ // details of the signing keys used to issue credentials { "kid": "did:ion:test:EiBBk-jMkByqfJPKTSYJENy5XKRIq8p...", "key": "https://mykeyvault12.vault.azure.net/...", "authorization": { "method": "msi" } } ] "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], }, } Contract describes requirements for issuance Configure properties of the issued credential
"validityInterval": 2592000, // expiration of a credential, in seconds "signingKeys": [ // details of the signing keys used to issue credentials { "kid": "did:ion:test:EiBBk-jMkByqfJPKTSYJENy5XKRIq8p...", "key": "https://mykeyvault12.vault.azure.net/...", "authorization": { "method": "msi" } } ] "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used by verifiers to request }, "validityInterval": 2592000, // expiration of a credential, in seconds "signingKeys": [ // details of the signing keys used to issue credentials { "kid": "did:ion:test:EiBBk-jMkByqfJPKTSYJENy5XKRIq8p...", "key": "https://mykeyvault12.vault.azure.net/...", "authorization": { "method": "msi" } } ] "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], }, } Contract describes requirements for issuance Define requirements to issue a new credential
Request issuance Student
Request issuance Student
Request issuance Student
Request issuance Student
Request issuance of a credential · OpenID request // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniversity.edu/presentation/request", "redirect_uri": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "prompt": "create", "registration" : { "client_name": "Contoso University", "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential", "contracts": ["https://credentials.msidentity.microsoft.com/.../studentId"] } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_...
"client_id": "https://contosouniversity.edu/presentation/request", "redirect_uri": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "prompt": "create", "registration" : { "client_name": "Contoso University", "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential", "contracts": ["https://credentials.msidentity.microsoft.com/.../studentId"] } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_... // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request issuance of a credential · OpenID request
{ "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential", "contracts": ["https://credentials.msidentity.microsoft.com/.../studentId"] } ] } } . KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request issuance of a credential · OpenID request Request points to a specific contract
"kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request issuance of a credential · OpenID request Request is signed by the issuer
Sign in Student Student browses to the Contoso U portal and installs the PIC. 1. Go to the portal 2. Scan the code 3. Authenticate
OpenID request & response to university identity provider https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO
https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO OpenID request & response to university identity provider A standard OpenID Connect authorize request
// JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO OpenID request & response to university identity provider An id_token is returned to Authenticator as a proof
Add a Card Student
Add a Card Student
Format of an issued verifiable credential // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY...
// Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential Follows W3C standard for Decentralized Identifiers. // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Format of an issued verifiable credential
"iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Follows W3C standard for verifiable credentials. // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Format of an issued verifiable credential
"exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Credential is signed by issuer’s DID // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Format of an issued verifiable credential
Card added Student
Verify Student ID Bookstore
Request Permission Bookstore
Request presentation of a credential: OpenID request // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/request", "redirect_uri": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "client_name": "Fabrikam Bookstore", "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential" } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq
"client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential" } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request presentation of a credential: OpenID request
"client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential" } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request describes the requested credentials. // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request presentation of a credential: OpenID request
"state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request is signed by verifier’s DID // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request presentation of a credential: OpenID request
Approve Permission Student
Presentation of a credential: OpenID Response // Verifiable Credential included in presentation { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], "credentialSubject": { "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... // Sent via HTTP POST // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:example:subject#key-1" } . // JWT payload { "iss": "https://self-issued.me", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "sub_jwk" : { "crv":"secp256k1", "kid":"did:example:subject#verikey-1", "kty":"EC", "x":"7KEKZa5xJPh7WVqHJyUpb2MgEe3nA8Rk7eUlXsmBl-M", "y":"3zIgl_ml4RhapyEm5J7lvU-4f5jiBvZr4KgxUjEhl9o" }, "sub": "9-aYUQ7mgL2SWQ_LNTeVN2rtw7xFP-3Y2EO9WV22cF0", "did": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "vp": "eyJhbGciOiJIUzI1NiIsI..." // Verifiable Presentation see content to the right } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY 29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd
// Sent via HTTP POST // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:example:subject#key-1" } . // JWT payload { "iss": "https://self-issued.me", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "sub_jwk" : { "crv":"secp256k1", "kid":"did:example:subject#verikey-1", "kty":"EC", "x":"7KEKZa5xJPh7WVqHJyUpb2MgEe3nA8Rk7eUlXsmBl-M", "y":"3zIgl_ml4RhapyEm5J7lvU-4f5jiBvZr4KgxUjEhl9o" }, "sub": "9-aYUQ7mgL2SWQ_LNTeVN2rtw7xFP-3Y2EO9WV22cF0", "did": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "vp": { "@context": [ "https://www.w3.org/2018/credentials/v1"], "type": ["VerifiablePresentation"], "verifiableCredential": ["eyJhbGciOiJIUzI1NiIsI..."] } } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY 29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd // Verifiable Credential included in presentation { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], "credentialSubject": { "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... DID in presentation matches subject of issued credential "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1" "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1" // Sent via HTTP POST // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:example:subject#key-1" } . // JWT payload { "iss": "https://self-issued.me", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "sub_jwk" : { "crv":"secp256k1", "kid":"did:example:subject#verikey-1", "kty":"EC", "x":"7KEKZa5xJPh7WVqHJyUpb2MgEe3nA8Rk7eUlXsmBl-M", "y":"3zIgl_ml4RhapyEm5J7lvU-4f5jiBvZr4KgxUjEhl9o" }, "sub": "9-aYUQ7mgL2SWQ_LNTeVN2rtw7xFP-3Y2EO9WV22cF0", "did": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "vp": { "@context": [ "https://www.w3.org/2018/credentials/v1"], "type": ["VerifiablePresentation"], "verifiableCredential": ["eyJhbGciOiJIUzI1NiIsI..."] } } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY 29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd Presentation of a credential: OpenID Response // Verifiable Credential included in presentation { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], "credentialSubject": { "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY...
Verify Permission Bookstore
https://github.com/microsoft/VerifiableCredentials- Verification-SDK-Typescript https://github.com/microsoft/VerifiableCredentials- Crypto-SDK-Typescript https://github.com/microsoft/VerifiableCredential- SDK-Android
Help RPs to work with Verifiable Credentials Validate tokens (SI, id tokens, VCs, VPs, Issuance and Present SIOP) Create SIOP requests Supports signing with/or without Key Vault Serves as a specification for customers using other stacks
aka.ms/didwhitepaper aka.ms/opendid https://didproject.azurewebsites.net/
Microsoft 365 https://aka.ms/adaptivecardscommunitycall https://aka.ms/microsoftgraphcall https://aka.ms/IDDevCommunityCalendar https://aka.ms/microsoftteamscommunitycall https://aka.ms/officeaddinscommunitycall https://aka.ms/powerappscommunitycall https://aka.ms/spdev-call https://aka.ms/spdev-sig-call https://aka.ms/spdev-spfx-call https://aka.ms/M365DevCalls
Recording will be available soon on our Microsoft 365 Developer YouTube channel https://aka.ms/M365DevYouTube (subscribe today) Follow us on Twitter @Microsoft365Dev and @azuread Next call: August 20th at 9:00am PST https://aka.ms/IDDevCommunityCalendar Thank you

Recommended

EDUCAUSE 2018: Verifiable Digital Records and the Blockchain
EDUCAUSE 2018: Verifiable Digital Records and the BlockchainEDUCAUSE 2018: Verifiable Digital Records and the Blockchain
EDUCAUSE 2018: Verifiable Digital Records and the BlockchainChris Jagers
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentitySSIMeetup
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Twitter Presentation: #APIConSF
Twitter Presentation: #APIConSFTwitter Presentation: #APIConSF
Twitter Presentation: #APIConSFRyan Choi
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Taller "La identidad digital profesional para estudiantes de la ETSII"
Taller "La identidad digital profesional para estudiantes de la ETSII"Taller "La identidad digital profesional para estudiantes de la ETSII"
Taller "La identidad digital profesional para estudiantes de la ETSII"Oriol Borras Gene
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017Kevin Cody
 

Recommended

EDUCAUSE 2018: Verifiable Digital Records and the Blockchain
EDUCAUSE 2018: Verifiable Digital Records and the BlockchainEDUCAUSE 2018: Verifiable Digital Records and the Blockchain
EDUCAUSE 2018: Verifiable Digital Records and the BlockchainChris Jagers
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentitySSIMeetup
 
Streetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydStreetcred: Improving the Developer Experience in SSI – Michael Boyd
Streetcred: Improving the Developer Experience in SSI – Michael BoydSSIMeetup
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Twitter Presentation: #APIConSF
Twitter Presentation: #APIConSFTwitter Presentation: #APIConSF
Twitter Presentation: #APIConSFRyan Choi
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Taller "La identidad digital profesional para estudiantes de la ETSII"
Taller "La identidad digital profesional para estudiantes de la ETSII"Taller "La identidad digital profesional para estudiantes de la ETSII"
Taller "La identidad digital profesional para estudiantes de la ETSII"Oriol Borras Gene
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017Kevin Cody
 
Spotlight_Biometrics_ForeignBiometricSurge
Spotlight_Biometrics_ForeignBiometricSurgeSpotlight_Biometrics_ForeignBiometricSurge
Spotlight_Biometrics_ForeignBiometricSurgeCatherine Moji Renner
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Computer Boot Camp Orientation Fall 2015
Computer Boot Camp Orientation Fall 2015Computer Boot Camp Orientation Fall 2015
Computer Boot Camp Orientation Fall 2015btcgrant
 
Indjic fintech module 3
Indjic fintech module 3Indjic fintech module 3
Indjic fintech module 3Drago Indjic
 
eMadrid_KatjaAssaf_DigiCred.pdf
eMadrid_KatjaAssaf_DigiCred.pdfeMadrid_KatjaAssaf_DigiCred.pdf
eMadrid_KatjaAssaf_DigiCred.pdfeMadrid network
 
Pearson Acclaim Assembled Ed Presentation
Pearson Acclaim Assembled Ed PresentationPearson Acclaim Assembled Ed Presentation
Pearson Acclaim Assembled Ed PresentationGeneralAssembly_DC
 
Identifying Users Across Platforms with a Universal ID Webinar Slides
Identifying Users Across Platforms with a Universal ID Webinar SlidesIdentifying Users Across Platforms with a Universal ID Webinar Slides
Identifying Users Across Platforms with a Universal ID Webinar SlidesLooker
 
dna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webdna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webRavi Venkat
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformEvandro Silvestre
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Software Guru
 
Badges - EULER Project
Badges - EULER ProjectBadges - EULER Project
Badges - EULER ProjectOscar Martínez Ciuró
 
Computer Boot Camp, July 1, 2014
Computer Boot Camp, July 1, 2014Computer Boot Camp, July 1, 2014
Computer Boot Camp, July 1, 2014btcgrant
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Combine Both Clicks and Code to Build Customizable Mobile Apps
Combine Both Clicks and Code to Build Customizable Mobile AppsCombine Both Clicks and Code to Build Customizable Mobile Apps
Combine Both Clicks and Code to Build Customizable Mobile AppsSalesforce Developers
 
Cheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funCheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funSSIMeetup
 
Big data. Opportunità e rischi
Big data. Opportunità e rischiBig data. Opportunità e rischi
Big data. Opportunità e rischiIsmel - Istituto per la Memoria e la Cultura del Lavoro, dell'Impresa e dei Diritti Sociali
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationEricMendel
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Microsoft 365 Developer
 
Power Apps community call - August 2020
Power Apps community call - August 2020Power Apps community call - August 2020
Power Apps community call - August 2020Microsoft 365 Developer
 

More Related Content

Similar to Decentralized Identities-July 2020 community call

Spotlight_Biometrics_ForeignBiometricSurge
Spotlight_Biometrics_ForeignBiometricSurgeSpotlight_Biometrics_ForeignBiometricSurge
Spotlight_Biometrics_ForeignBiometricSurgeCatherine Moji Renner
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Computer Boot Camp Orientation Fall 2015
Computer Boot Camp Orientation Fall 2015Computer Boot Camp Orientation Fall 2015
Computer Boot Camp Orientation Fall 2015btcgrant
 
Indjic fintech module 3
Indjic fintech module 3Indjic fintech module 3
Indjic fintech module 3Drago Indjic
 
eMadrid_KatjaAssaf_DigiCred.pdf
eMadrid_KatjaAssaf_DigiCred.pdfeMadrid_KatjaAssaf_DigiCred.pdf
eMadrid_KatjaAssaf_DigiCred.pdfeMadrid network
 
Pearson Acclaim Assembled Ed Presentation
Pearson Acclaim Assembled Ed PresentationPearson Acclaim Assembled Ed Presentation
Pearson Acclaim Assembled Ed PresentationGeneralAssembly_DC
 
Identifying Users Across Platforms with a Universal ID Webinar Slides
Identifying Users Across Platforms with a Universal ID Webinar SlidesIdentifying Users Across Platforms with a Universal ID Webinar Slides
Identifying Users Across Platforms with a Universal ID Webinar SlidesLooker
 
dna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webdna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webRavi Venkat
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformEvandro Silvestre
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Software Guru
 
Computer Boot Camp, July 1, 2014
Computer Boot Camp, July 1, 2014Computer Boot Camp, July 1, 2014
Computer Boot Camp, July 1, 2014btcgrant
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Combine Both Clicks and Code to Build Customizable Mobile Apps
Combine Both Clicks and Code to Build Customizable Mobile AppsCombine Both Clicks and Code to Build Customizable Mobile Apps
Combine Both Clicks and Code to Build Customizable Mobile AppsSalesforce Developers
 
Cheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funCheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funSSIMeetup
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationEricMendel
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 

Similar to Decentralized Identities-July 2020 community call (20)

Spotlight_Biometrics_ForeignBiometricSurge
Spotlight_Biometrics_ForeignBiometricSurgeSpotlight_Biometrics_ForeignBiometricSurge
Spotlight_Biometrics_ForeignBiometricSurge
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
Computer Boot Camp Orientation Fall 2015
Computer Boot Camp Orientation Fall 2015Computer Boot Camp Orientation Fall 2015
Computer Boot Camp Orientation Fall 2015
 
Indjic fintech module 3
Indjic fintech module 3Indjic fintech module 3
Indjic fintech module 3
 
eMadrid_KatjaAssaf_DigiCred.pdf
eMadrid_KatjaAssaf_DigiCred.pdfeMadrid_KatjaAssaf_DigiCred.pdf
eMadrid_KatjaAssaf_DigiCred.pdf
 
Pearson Acclaim Assembled Ed Presentation
Pearson Acclaim Assembled Ed PresentationPearson Acclaim Assembled Ed Presentation
Pearson Acclaim Assembled Ed Presentation
 
Identifying Users Across Platforms with a Universal ID Webinar Slides
Identifying Users Across Platforms with a Universal ID Webinar SlidesIdentifying Users Across Platforms with a Universal ID Webinar Slides
Identifying Users Across Platforms with a Universal ID Webinar Slides
 
dna-identity-crisis-cloud-web
dna-identity-crisis-cloud-webdna-identity-crisis-cloud-web
dna-identity-crisis-cloud-web
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital Platform
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...
 
Badges - EULER Project
Badges - EULER ProjectBadges - EULER Project
Badges - EULER Project
 
Computer Boot Camp, July 1, 2014
Computer Boot Camp, July 1, 2014Computer Boot Camp, July 1, 2014
Computer Boot Camp, July 1, 2014
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Combine Both Clicks and Code to Build Customizable Mobile Apps
Combine Both Clicks and Code to Build Customizable Mobile AppsCombine Both Clicks and Code to Build Customizable Mobile Apps
Combine Both Clicks and Code to Build Customizable Mobile Apps
 
Cheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funCheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials fun
 
Big data. Opportunità e rischi
Big data. Opportunità e rischiBig data. Opportunità e rischi
Big data. Opportunità e rischi
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 

More from Microsoft 365 Developer

Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Microsoft 365 Developer
 
Microsoft Teams community call-August 2020
Microsoft Teams community call-August 2020Microsoft Teams community call-August 2020
Microsoft Teams community call-August 2020Microsoft 365 Developer
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Microsoft 365 Developer
 
Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft 365 Developer
 
Health team collaboration pitch deck partner
Health team collaboration pitch deck partnerHealth team collaboration pitch deck partner
Health team collaboration pitch deck partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar ansuman partner
Teams healthcare partner webinar ansuman partnerTeams healthcare partner webinar ansuman partner
Teams healthcare partner webinar ansuman partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar virtual visits partner
Teams healthcare partner webinar virtual visits partnerTeams healthcare partner webinar virtual visits partner
Teams healthcare partner webinar virtual visits partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar srini partner
Teams healthcare partner webinar srini partnerTeams healthcare partner webinar srini partner
Teams healthcare partner webinar srini partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar paul partner
Teams healthcare partner webinar paul partnerTeams healthcare partner webinar paul partner
Teams healthcare partner webinar paul partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar keren partner
Teams healthcare partner webinar keren partnerTeams healthcare partner webinar keren partner
Teams healthcare partner webinar keren partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar daniel partner
Teams healthcare partner webinar daniel partnerTeams healthcare partner webinar daniel partner
Teams healthcare partner webinar daniel partnerMicrosoft 365 Developer
 
Teams healthcare partner webinar andrew partner
Teams healthcare partner webinar andrew partnerTeams healthcare partner webinar andrew partner
Teams healthcare partner webinar andrew partnerMicrosoft 365 Developer
 
Security and compliance for healthcare pitch deck partner
Security and compliance for healthcare pitch deck partnerSecurity and compliance for healthcare pitch deck partner
Security and compliance for healthcare pitch deck partnerMicrosoft 365 Developer
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft 365 Developer
 

More from Microsoft 365 Developer (20)

Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021Change Notifications in Azure Event Hubs-April 2021
Change Notifications in Azure Event Hubs-April 2021
 
Power Apps community call - August 2020
Power Apps community call - August 2020Power Apps community call - August 2020
Power Apps community call - August 2020
 
Microsoft Teams community call-August 2020
Microsoft Teams community call-August 2020Microsoft Teams community call-August 2020
Microsoft Teams community call-August 2020
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
 
Power Apps community call-June 2020
Power Apps community call-June 2020Power Apps community call-June 2020
Power Apps community call-June 2020
 
Office Add-ins community call-June 2020
Office Add-ins community call-June 2020Office Add-ins community call-June 2020
Office Add-ins community call-June 2020
 
Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020Microsoft identity platform community call-May 2020
Microsoft identity platform community call-May 2020
 
Power Apps community call - May 2020
Power Apps community call - May 2020Power Apps community call - May 2020
Power Apps community call - May 2020
 
Health team collaboration pitch deck partner
Health team collaboration pitch deck partnerHealth team collaboration pitch deck partner
Health team collaboration pitch deck partner
 
Teams healthcare partner webinar ansuman partner
Teams healthcare partner webinar ansuman partnerTeams healthcare partner webinar ansuman partner
Teams healthcare partner webinar ansuman partner
 
Teams healthcare partner webinar virtual visits partner
Teams healthcare partner webinar virtual visits partnerTeams healthcare partner webinar virtual visits partner
Teams healthcare partner webinar virtual visits partner
 
Teams healthcare partner webinar srini partner
Teams healthcare partner webinar srini partnerTeams healthcare partner webinar srini partner
Teams healthcare partner webinar srini partner
 
Teams healthcare partner webinar paul partner
Teams healthcare partner webinar paul partnerTeams healthcare partner webinar paul partner
Teams healthcare partner webinar paul partner
 
Teams healthcare partner webinar keren partner
Teams healthcare partner webinar keren partnerTeams healthcare partner webinar keren partner
Teams healthcare partner webinar keren partner
 
Teams healthcare partner webinar daniel partner
Teams healthcare partner webinar daniel partnerTeams healthcare partner webinar daniel partner
Teams healthcare partner webinar daniel partner
 
Teams healthcare partner webinar andrew partner
Teams healthcare partner webinar andrew partnerTeams healthcare partner webinar andrew partner
Teams healthcare partner webinar andrew partner
 
Security and compliance for healthcare pitch deck partner
Security and compliance for healthcare pitch deck partnerSecurity and compliance for healthcare pitch deck partner
Security and compliance for healthcare pitch deck partner
 
Power Apps community call_April 2020
Power Apps community call_April 2020Power Apps community call_April 2020
Power Apps community call_April 2020
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020Microsoft Graph developer community call-March 2020
Microsoft Graph developer community call-March 2020
 

Recently uploaded

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 

Recently uploaded (20)

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 

Decentralized Identities-July 2020 community call

  • 1. Microsoft identity platform July 16, 2020 Community call Decentralized Identities Matthijs Hoekstra Microsoft @mahoekst
  • 2. Introduction • First things first • Please note: We are recording this call so those unable to attend can benefit from the recording. • This call is designed for developers who implement or are interested in implementing Microsoft identity platform solutions. • What kind of topics will we discuss? • We will address development related topics submitted to us by the community for discussion. • We build a pipeline of topics for the next few weeks, please submit your feedback and topic suggestions - https://aka.ms/IDDevCommunityCallSurvey • View recordings on the Microsoft 365 Developer YouTube channel - https://aka.ms/M365DevYouTube • Follow us on Twitter @Microsoft365Dev and @azuread • This is NOT a support channel. Please use Stack Overflow to ask your immediate support related questions. • When is the next session? • Community Calls: Monthly – 3rd Thursday of every month • Next Identity Developer Community Call: Aug 20th
  • 3.
  • 4.
  • 5. Your Identity == App(username, password)
  • 6. u s e r n a m e l l l l l l l lYour Identity > App(username, password)
  • 7. Your Identity > App(username, password) play purchases education achievements interests work citizenship u s e r n a m e l l l l l l l l
  • 8. Your Identity > App(username, password) u s e r n a m e l l l l l l l l play purchases education achievements interests work citizenship
  • 9. Your Identity App(username, password) Endless breaches of personal data Billions spent on audits 1B+ displaced without any ID ? In some cases, disappear
  • 10. • Privacy and control of my identity and data • Protection from hacks • Protection from breaches Individuals • Trust, and Verify • Collaborate with everyone • Reduce risk for GDPR, KYC/AML Organizations • ID for cross border & agency • Digital ID for refugees • Social and financial inclusion for everyone Governments
  • 11. u s e r n a m e l l l l l l l l play purchases education achievements interests work citizenship
  • 12. u s e r n a m e l l l l l l l l
  • 13. Each of us needs digital identity we own and control, one which securely and privately stores all elements of our digital identity. This self-owned identity must seamlessly integrate into our lives and give us complete control over how our identity data is accessed and used.
  • 14.
  • 15.
  • 16. To: Alice Smith ContosoRegistrar 5/6/2020 9:30 AM YourDigital Student IT isavailable CR CR Add to Wallet Contoso Registrar Wed 9:30AMYourDigitalStudentITisavailable Hi Alice, Your digital student ID is here. Contoso
  • 17. To: Alice Smith ContosoRegistrar 5/6/2020 9:30 AM YourDigital Student IT isavailable CR CR Add to Wallet Contoso Registrar Wed 9:30AMYourDigitalStudentITisavailable Hi Alice, Your digital student ID is here. Contoso
  • 18. To: Alice Smith ContosoRegistrar 5/6/2020 9:30 AM YourDigital Student IT isavailable CR CR Add to Wallet Contoso Registrar Wed 9:30AMYourDigitalStudentITisavailable Hi Alice, Your digital student ID is here. Contoso
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41. Users Identity Hub Universal Resolver People,Apps, andDevices Stage: Working Implementations Stage: Working Implementations W3C Decentralized Identifiers Stage: Published Standard Decentralized Systems · Blockchains and Ledgers CCG DID Authentication W3C Verifiable Credentials Stage: Published Standard User Agent Stage: Working Implementations did:// Join, collaborate, and contribute
  • 42.
  • 44. What’s an Verifiable Credential?
  • 45. Configure credential issuance Administrator Contoso admin sets up an issuer that will produce verifiable credentials: 1. Provide an Azure Key Vault 2. Associate a verified DNS domain 3. A DID is registered
  • 46. Configure credential look and feel Administrator Contoso admin customizes branding of their credentials. 1. Choose a card color. 2. Upload icons & images. 3. Provide helpful text.
  • 47. Markup for defining look & feel of a card { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } }
  • 48. { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } } Markup for defining look & feel of a card Customize the look & feel of the card
  • 49. } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } } Markup for defining look & feel of a card Provide text strings for credential data { "locale": "en-US", "contract": "https://identity.microsoft.com/76B0B89D-4D7D...”, "card": { "title": "Student ID Card", "issuedBy": "Contoso University", "backgroundColor": "#000000", "textColor": "#FFFFFF", "logo": { "uri": "https://contosouniversity.edu/studentIdCard/logo.png", "description": “Student ID Card Logo" }, } "consent": { "title": "Do you want to be issued this card...?", "instructions": "You will need to sign into your school..." }, "claims": { "vc.credentialSubject.studentId": { "type": "Number", "label": “Student ID Number" }, "vc.credentialSubject.expiration": { "type": "Date", "label": "Card Expires At" }, "vc.credentialSubject.studentProfilePicture": { "type": "base64Image", "label": "Profile Picture", "description": "A student’s profile picture" } } }
  • 50. Contract describes requirements for issuance { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used by verifiers to request }, "validityInterval": 2592000, // expiration of a credential, in seconds "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], }, }
  • 51. { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used }, "validityInterval": 2592000, // expiration of a credential, in seconds "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used by verifiers to request }, "validityInterval": 2592000, // expiration of a credential, in seconds "signingKeys": [ // details of the signing keys used to issue credentials { "kid": "did:ion:test:EiBBk-jMkByqfJPKTSYJENy5XKRIq8p...", "key": "https://mykeyvault12.vault.azure.net/...", "authorization": { "method": "msi" } } ] "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], }, } Contract describes requirements for issuance Configure properties of the issued credential
  • 52. "validityInterval": 2592000, // expiration of a credential, in seconds "signingKeys": [ // details of the signing keys used to issue credentials { "kid": "did:ion:test:EiBBk-jMkByqfJPKTSYJENy5XKRIq8p...", "key": "https://mykeyvault12.vault.azure.net/...", "authorization": { "method": "msi" } } ] "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], { "credentialIssuer": "https://portableidentitycards.azure-api...", "issuer": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "vc": { "type": [ "https://contosouniversity.edu/StudentIdCredential" ] // the type of the credential, used by verifiers to request }, "validityInterval": 2592000, // expiration of a credential, in seconds "signingKeys": [ // details of the signing keys used to issue credentials { "kid": "did:ion:test:EiBBk-jMkByqfJPKTSYJENy5XKRIq8p...", "key": "https://mykeyvault12.vault.azure.net/...", "authorization": { "method": "msi" } } ] "attestations": { "selfIssued": {}, // values the user can provide directly "presentations": {}, // credentials the user must provide "idTokens": [ // identity providers the user must authenticate with { "mapping": { // define which claims should be included in credentials "studentId": { "claim": “studentId" }, "firstName": { "claim": "given_name" }, "lastName": { "claim": "family_name" } }, "configuration": "https://contoso.edu/.well-known/openid-configuration", "client_id": "40be4fb5-7f3a-470b-aa37-66ed43821bd7", "redirect_uri": “https://contosouniversity.edu/verify" } ], }, } Contract describes requirements for issuance Define requirements to issue a new credential
  • 57. Request issuance of a credential · OpenID request // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniversity.edu/presentation/request", "redirect_uri": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "prompt": "create", "registration" : { "client_name": "Contoso University", "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential", "contracts": ["https://credentials.msidentity.microsoft.com/.../studentId"] } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_...
  • 58. "client_id": "https://contosouniversity.edu/presentation/request", "redirect_uri": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "prompt": "create", "registration" : { "client_name": "Contoso University", "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential", "contracts": ["https://credentials.msidentity.microsoft.com/.../studentId"] } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_... // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request issuance of a credential · OpenID request
  • 59. { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential", "contracts": ["https://credentials.msidentity.microsoft.com/.../studentId"] } ] } } . KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request issuance of a credential · OpenID request Request points to a specific contract
  • 60. "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd#veri-key1" } . // JWT payload { "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd", "response_type": "id_token", "client_id": "https://contosouniveristy.edu/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "contract": "https://credentials.msidentity.microsoft.com/.../studentId" } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request issuance of a credential · OpenID request Request is signed by the issuer
  • 61. Sign in Student Student browses to the Contoso U portal and installs the PIC. 1. Go to the portal 2. Scan the code 3. Authenticate
  • 62. OpenID request & response to university identity provider https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO
  • 63. https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO OpenID request & response to university identity provider A standard OpenID Connect authorize request
  • 64. // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO https://contosouniversity.edu/openid/authorize? client_id=eae8b7f2-dd72-4f63-98f0-2d5399d61508 &redirect_uri=openid://response &state=ajflafn3o2n651oh56161631 &response_mode=fragment &response_type=id_token &scope=openid // JWT header { "alg": "ES256K", "typ": "JWT", "kid": “fjaklnk3n153n15" } . // JWT payload { "iss": "https://contosouniversity.edu", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "firstName": "Alice", "lastName": "Smith" "studentId": “21905716" } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO OpenID request & response to university identity provider An id_token is returned to Authenticator as a proof
  • 67. Format of an issued verifiable credential // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY...
  • 68. // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential Follows W3C standard for Decentralized Identifiers. // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Format of an issued verifiable credential
  • 69. "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Follows W3C standard for verifiable credentials. // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Format of an issued verifiable credential
  • 70. "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Credential is signed by issuer’s DID // Verifiable Credential as a JWT { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", // The user’s DID "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", // The issuer’s DID "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, // The expiration of the credential "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], // The type of the credential "credentialSubject": { // The claims in the credential "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... Format of an issued verifiable credential
  • 74. Request presentation of a credential: OpenID request // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/request", "redirect_uri": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "client_name": "Fabrikam Bookstore", "jwks_uri" : "https://uniresolver.io/1.0/identifiers/did:ion:z6MkjR...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential" } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq
  • 75. "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential" } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request presentation of a credential: OpenID request
  • 76. "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, "attestations": { "presentations": [ { "credentialType": "https://contosouniversity.edu/StudentIdCredential" } ] } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request describes the requested credentials. // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request presentation of a credential: OpenID request
  • 77. "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request is signed by verifier’s DID // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1#veri-key1" } . // JWT payload { "iss": "did:ion:nmafdanafdaf12jkln1ln1hazhjanfu1", "response_type": "id_token", "client_id": "https://bookstore.com/presentation/response", "scope": "openid did_authn", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "response_mode" : "form_post", "registration" : { "jwks_uri" : "https://uniresolver.io/1.0/identifiers/ did:ion:nmaf...", "id_token_signed_response_alg" : [ "ES256K", "EdDSA", "RS256" ] }, “attestations": "id_token": { "https://contosouniversity.edu/StudentIdCredential": { "essential": "true", "purpose": "To prove you are a student.", } } } . // JWT signature KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp 8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB 1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdq Request presentation of a credential: OpenID request
  • 79. Presentation of a credential: OpenID Response // Verifiable Credential included in presentation { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], "credentialSubject": { "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... // Sent via HTTP POST // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:example:subject#key-1" } . // JWT payload { "iss": "https://self-issued.me", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "sub_jwk" : { "crv":"secp256k1", "kid":"did:example:subject#verikey-1", "kty":"EC", "x":"7KEKZa5xJPh7WVqHJyUpb2MgEe3nA8Rk7eUlXsmBl-M", "y":"3zIgl_ml4RhapyEm5J7lvU-4f5jiBvZr4KgxUjEhl9o" }, "sub": "9-aYUQ7mgL2SWQ_LNTeVN2rtw7xFP-3Y2EO9WV22cF0", "did": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "vp": "eyJhbGciOiJIUzI1NiIsI..." // Verifiable Presentation see content to the right } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY 29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd
  • 80. // Sent via HTTP POST // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:example:subject#key-1" } . // JWT payload { "iss": "https://self-issued.me", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "sub_jwk" : { "crv":"secp256k1", "kid":"did:example:subject#verikey-1", "kty":"EC", "x":"7KEKZa5xJPh7WVqHJyUpb2MgEe3nA8Rk7eUlXsmBl-M", "y":"3zIgl_ml4RhapyEm5J7lvU-4f5jiBvZr4KgxUjEhl9o" }, "sub": "9-aYUQ7mgL2SWQ_LNTeVN2rtw7xFP-3Y2EO9WV22cF0", "did": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "vp": { "@context": [ "https://www.w3.org/2018/credentials/v1"], "type": ["VerifiablePresentation"], "verifiableCredential": ["eyJhbGciOiJIUzI1NiIsI..."] } } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY 29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd // Verifiable Credential included in presentation { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], "credentialSubject": { "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status” } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY... DID in presentation matches subject of issued credential "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1" "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1" // Sent via HTTP POST // JWT header { "alg": "ES256K", "typ": "JWT", "kid": "did:example:subject#key-1" } . // JWT payload { "iss": "https://self-issued.me", "state": "af0ifjsldkj", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "sub_jwk" : { "crv":"secp256k1", "kid":"did:example:subject#verikey-1", "kty":"EC", "x":"7KEKZa5xJPh7WVqHJyUpb2MgEe3nA8Rk7eUlXsmBl-M", "y":"3zIgl_ml4RhapyEm5J7lvU-4f5jiBvZr4KgxUjEhl9o" }, "sub": "9-aYUQ7mgL2SWQ_LNTeVN2rtw7xFP-3Y2EO9WV22cF0", "did": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "vp": { "@context": [ "https://www.w3.org/2018/credentials/v1"], "type": ["VerifiablePresentation"], "verifiableCredential": ["eyJhbGciOiJIUzI1NiIsI..."] } } . // JWT signature hhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY 29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd Presentation of a credential: OpenID Response // Verifiable Credential included in presentation { "alg": "RS256", "typ": "JWT", "kid": "did:example:issuer#keys-1" }. { "sub": "did:ion:njn9416416zgf1qp316n1lkjl5n1jap980h1", "jti": "http://contosouniversity.edu/credentials/3732", "iss": "did:ion:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd ", "nbf": 1541493724, "iat": 1541493724, "exp": 1573029723, "nonce": "660!6345FSer", "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1", "https://contosouniversity.edu" ], "type": ["VerifiableCredential", "StudentIDCredential"], "credentialSubject": { "studentId": "21905716" }, "credentialStatus": { "type": "CredentialRevocatinMechanism", "id": "https://credentials.msidentity.microsoft.com/api/v1.0/portable/status } } }. KLJo5GAyBND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTY...
  • 82.
  • 83.
  • 85. Help RPs to work with Verifiable Credentials Validate tokens (SI, id tokens, VCs, VPs, Issuance and Present SIOP) Create SIOP requests Supports signing with/or without Key Vault Serves as a specification for customers using other stacks
  • 86.
  • 87.
  • 90. Recording will be available soon on our Microsoft 365 Developer YouTube channel https://aka.ms/M365DevYouTube (subscribe today) Follow us on Twitter @Microsoft365Dev and @azuread Next call: August 20th at 9:00am PST https://aka.ms/IDDevCommunityCalendar Thank you

Editor's Notes

  1. This is all about trust and privacy Ease of use and security, fido, mfa, passwordless Don’t do much in assurance privacy, data etc. This is the next set of technologies to do this at scale. The need of trust, cross domain trust Compliance training, inside domain boundary, compliant or not compliant. 3rd party giving training giving your, every system is special, We are standardizing on protocol not API. NHS, 2 scenarios together, don’t want to use 2 stacks to complete this.. Common need is trust verification across trust boundaries. In some scenarios it might require privacy.
  2. Key points to land are lots of progress on open standards. The core parts of the scenario can now be built using published standards: Credential format: Verifiable Credentials https://www.w3.org/TR/vc-data-model/ Decentralized Identifiers https://w3c.github.io/did-core/ Authentication based on Open ID Connect (OIDC) Self-issued Open ID Provider (SIOP) https://identity.foundation/did-siop/ Credential exchange based on existing OIDC https://en.wikipedia.org/wiki/OpenID_Connect
  3. Highlights: This document is hosted at /.well-known/did-configuration Contains DID with signature
  4. Highlights: This document is hosted at /.well-known/did-configuration Contains DID with signature
  5. Highlights: This document is hosted at /.well-known/did-configuration Contains DID with signature
  6. Highlights: Card color, title, text (in bold)
  7. Highlights: Card color, title, text (in bold)
  8. Highlights: Card color, title, text (in bold)
  9. Highlihgts: Data source is the OpenID provider described in the “configuration” property Credential contents described in “mapping” section.
  10. Highlights: Card color, title, text (in bold)
  11. Highlights: Card color, title, text (in bold)
  12. Highlights: Request is signed by contoso university’s DID Request includes “contract”, which instructs Authenticator on how to get the credential
  13. Highlights: Card color, title, text (in bold)
  14. Highlights: Card color, title, text (in bold)
  15. Highlights: Card color, title, text (in bold)
  16. Highlights: This is just your typical OpenID Connect federation flow, nothing special here. Claims are returned in resulting id_token, pictured above.
  17. Highlights: This is just your typical OpenID Connect federation flow, nothing special here. Claims are returned in resulting id_token, pictured above.
  18. Highlights: This is just your typical OpenID Connect federation flow, nothing special here. Claims are returned in resulting id_token, pictured above.
  19. Highlights: Iss=Contoso University, Subject=Alice Claims are provided in “credentialSubject”, according to VC standard.
  20. Highlights: Iss=Contoso University, Subject=Alice Claims are provided in “credentialSubject”, according to VC standard.
  21. Highlights: Iss=Contoso University, Subject=Alice Claims are provided in “credentialSubject”, according to VC standard.
  22. Highlights: Iss=Contoso University, Subject=Alice Claims are provided in “credentialSubject”, according to VC standard.
  23. Card Added
  24. Allow and Deny Permission Requested Consistent
  25. Highlihgts: Request issued by Bookstore “Attestations” contains criteria for requested credentials, in this case, type=Student ID https://identity.foundation/presentation-exchange/
  26. Highlihgts: Request issued by Bookstore “Attestations” contains criteria for requested credentials, in this case, type=Student ID
  27. Highlihgts: Request issued by Bookstore “Attestations” contains criteria for requested credentials, in this case, type=Student ID
  28. Highlihgts: Request issued by Bookstore “Attestations” contains criteria for requested credentials, in this case, type=Student ID
  29. Highlights: Credential returned to bookstore in “_claim_sources” field according to OpenID standard
  30. Highlights: Credential returned to bookstore in “_claim_sources” field according to OpenID standard