Link Search Menu Expand Document

RCL Digital Identity

The RCL Digital Identity solution will enable private and government Agencies to verify the identity of a User and issue a Digital Identity to the user as a W3C Verifiable Credential.

The user will use this Digital Identity to access secured services, prevent fraud and to accept other W3C Verifiable Credentials provided by the agencies.

The solution is comprised of two web applications developed by RCL for Enrollment and Identity Proofing available on GitHub. Both applications are dependent on and deeply integrated with several Microsoft Azure Cloud services.

The applications will be installed and hosted in the agency’s Microsoft Azure account. The agency will have full control of all the data and both applications in the solution.

Azure Marketplace

This solution is an approved SaaS offer in the Azure Marketplace. To view or get this offer, click on the following link :

RCL Digital Identity SaaS Offer

User Enrollment

A user will sign-up for a Digital Identity using an Enrollment application installed and hosted by the agency in the cloud.

Enrollment Application

The user’s email will be verified, they will then provide their name , country and government ID as part of the sign-up process. The government id should be a unique code that identifies each adult and child citizen and is used by the system as the identifier for the user. The label for the government id can be customized by the agency.

Once the initial sign-up request is completed, the user will need to provide proof of who they say they are before the sign-up process is approved.

Enrollment Application

Identity Proofing

Identity proofing is the process of verifying that a person is really who they say they are in real-life.

To accomplish this, a user will submit ‘selfies’ with their government id card, passport, driver’s license or other reputable photo ID to an approver from the agency.

Once the approver has verified the user’s identity, the user sign-up will be approved in an Identity Proofing application and a federated user account will be created.

Enrollment Application

Digital Identity

When the sign-up process is completed, the user will claim for a Digital Identity in the form of a W3C Verifiable Credential in the Enrollment application.

The user will scan a QR Code with their mobile application to receive the credential.

They will sign in with their federated account that will provide the claims for the verified credential.

Enrollment Application

–Image Courtesy Microsoft

The user will store this verifiable credential in a mobile wallet app. The digital identity should accommodate for both manual display and machine-readable presentation. Manually displaying the credential to a relying party should be simply showing the credential in the wallet. An internet connection or other verification hardware and software should not be required. This makes it simple to use the digital identity in a similar fashion to a manual id card. The digital identity is fully owned and managed by the user. They will decide what information to provide to a relying party. The identity is rooted in the Bitcoin block chain.

Uses of Digital Identity

The main uses of the verifiable credential are:

  • Accessing online services provided by the agency by the user presenting a machine readable verifiable credential to an online application

  • Accessing physical services provided by the agency by the user displaying their verifiable credential from their mobile wallet application

  • Preventing fraudulent activity and user impersonations

  • Claiming other W3C Verifiable Credentials issued by the agency by the presenting their Digital Identity to receive the credential

  • Signing in to online applications by the user presenting a verifiable credential

Architecture

The Agency will install and host the ‘Enrollment’ and ‘Identity Proofing’ application in their own Microsoft Azure Cloud account.

Azure Marketplace

The agency will create subscriptions and configure their approvers to use the applications in the Azure Marketplace through the RCL Digital Identity SaaS offer.

Azure App Service and SQL

Both applications are ASP.NET Core apps that will be hosted as Azure App Services. The agency will also create an Azure SQL Database to store data for the apps.

Azure Active Directory and B2C

Azure Active Directory and Azure Active Directory B2C will be used to manage federated user accounts.

B2C

These B2C federated account is used by the user to provide claims for their verifiable credential.

AAD

The AAD account is used by the agency approvers to sign in to the Identity Proofing application.

Azure Active Directory Verifiable Credential

Azure Active Directory Verifiable Credential will be used to generate the Digital Identity as a W3C Verifiable credential.

All data, software, and applications will be fully controlled by the Agency in their own cloud account. RCL has absolutely no access to the data and applications in an agency’s cloud account.

Microsoft Authenticator Wallet Mobile App

The verifiable credential will be accepted and stored by the user in the Microsoft Authenticator mobile wallet app.

W3C Verifiable Credential

” Microsoft’s verifiable credential solution uses decentralized credentials (DIDs) to cryptographically sign as proof that a relying party (verifier) is attesting to information proving they are the owners of a verifiable credential.

W3C Decentralized Identifiers (DIDs) are IDs that users create, own, and control independently of any organization or government. DIDs are globally unique identifiers linked to Decentralized Public Key Infrastructure (DPKI) metadata composed of JSON documents that contain public key material, authentication descriptors, and service endpoints.

DIDs are user-generated, self-owned, globally unique identifiers rooted in decentralized systems like ION. They possess unique characteristics, like greater assurance of immutability, censorship resistance, and tamper evasiveness.

ION is a Layer 2 open, permissionless network based on the purely deterministic Sidetree protocol, which requires no special tokens, trusted validators, or other consensus mechanisms; the linear progression of Bitcoin’s time chain is all that’s required for its operation.

Microsoft is actively collaborating with members of the Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community “

– Microsoft

Enrollment Application

–Image Courtesy Microsoft

Quick Start