Getting Started: Issuing
One of the primary use cases for verifiable credentials is the ability to issue credentials to a "holder" of credentials. One common case is for the holder to be the identity wallet of an end user.
The Preparation only needs to be done once. The Create a connection needs to be performed for each holder to receive credential offers. Issue Credential can be used as many times as is necessary.
These actions only need to be taken once for each "type" of credential to be issued.
A schema is used to define a type of credential. It contains a list of attributes which must be included for any credential of this type. For example, to issue a street address credential, you might need a schema with attributes of street
, locality
, stateOrProvince
, postalCode
, country
.
A schema ultimately defines the structure that the verified credential will have. Once created, a schema cannot be modified. If an attribute needs to be added or removed, the only option is to create a new schema.
There are several options for choosing a schema:
- You can call this API to pull a short list of schema that have been cached by the Passport API.
- If you already have a schema in mind, you can look up the schema details using the schema id and this API.
- If the you are using a Sovrin network for issuing, you can lookup other available schema here
A credential definition is used to create verified credentials. It is a set of signing keys associated with a single schema. The schema associated with the credential definition is set at the definition's creation.
Multiple credential definitions can be created from the same schema. In order to tell the difference between one credential definition and another from the same schema is to specify a different tag
. A tag
is an alpha numeric value set at the creation of the definition. The combination of schema and tag must be unique. A tag
can be as simple as "tag".
- Provide the selected schema Id and a
tag
to the following API.- Create Credential Definition
- In the AspNetDemo, see CredentialApiService.CreateEmailCredDef()
- The API will return a new credential definition Id. This should be stored for future use.
Once the Preparation is done, you have a credential definition Id. This is used in combination with attribute values to issue a verified credential. In order to issue a credential to an identity wallet, a connection must be established. After that, the credential can be issued using that connection.
A connection is used to allow two agents to securely communicate. A connection can be used multiple times after it is created.
- Use the connection API to create a connection offer. This offer will need to be presented to an identity wallet.
- Create Connection
- In the AspNetDemo, see ConnectionApiService.CreateConnection()
- The API response will include an
id
for the connection, and acontents
field which will contain a URL. There are multiple options for presenting the offer. This includes embedding thecontents
as a QR code, or as a link which can be opened by a device with an identity wallet.- In the AspNetDemo, see Pages/Passport/Connect.cshtml
- It is possible to use any QR code generator and place the
contents
in it.
Using a credential definition and a set of attribute values, you can create a credential offer. This offer can be provided to the holder by including the connection Id from above.
- Use this API call along with the connection Id, the credential definition id, and attribute values, to create a credential offer.
- Create Credential
- In the AspNetDemo, see CredentialApiService.IssueEmailCredentialAsync(...)
- The API response will include an "id" for the credential offer. The offer itself will be sent to the identity wallet directly via the connection.