The RCL Digital Identity solution will enable private and government Agencies to verify the identity of a User and issue a Digital Identity to the user as a W3C Verifiable Credential.
The user will use this Digital Identity to access secured services, prevent fraud and to accept other W3C Verifiable Credentials provided by the agencies.
The solution is comprised of two web applications developed by RCL for Enrollment and Identity Proofing available on GitHub. Both applications are dependent on and deeply integrated with several Microsoft Azure Cloud services.
The applications will be installed and hosted in the agency’s Microsoft Azure account. The agency will have full control of all the data and both applications in the solution.
This solution is an approved SaaS offer in the Azure Marketplace. To view or get this offer, click on the following link :
A user will sign-up for a Digital Identity using an Enrollment application installed and hosted by the agency in the cloud.
The user’s email will be verified, they will then provide their name , country and government ID as part of the sign-up process. The government id should be a unique code that identifies each adult and child citizen and is used by the system as the identifier for the user. The label for the government id can be customized by the agency.
Once the initial sign-up request is completed, the user will need to provide proof of who they say they are before the sign-up process is approved.
Identity proofing is the process of verifying that a person is really who they say they are in real-life.
To accomplish this, a user will submit ‘selfies’ with their government id card, passport, driver’s license or other reputable photo ID to an approver from the agency.
Once the approver has verified the user’s identity, the user sign-up will be approved in an Identity Proofing application and a federated user account will be created.
When the sign-up process is completed, the user will claim for a Digital Identity in the form of a W3C Verifiable Credential in the Enrollment application.
The user will scan a QR Code with their mobile application to receive the credential.
They will sign in with their federated account that will provide the claims for the verified credential.
–Image Courtesy Microsoft
The user will store this verifiable credential in a mobile wallet app. The digital identity should accommodate for both manual display and machine-readable presentation. Manually displaying the credential to a relying party should be simply showing the credential in the wallet. An internet connection or other verification hardware and software should not be required. This makes it simple to use the digital identity in a similar fashion to a manual id card. The digital identity is fully owned and managed by the user. They will decide what information to provide to a relying party. The identity is rooted in the Bitcoin block chain.
The main uses of the verifiable credential are:
Accessing online services provided by the agency by the user presenting a machine readable verifiable credential to an online application
Accessing physical services provided by the agency by the user displaying their verifiable credential from their mobile wallet application
Preventing fraudulent activity and user impersonations
Claiming other W3C Verifiable Credentials issued by the agency by the presenting their Digital Identity to receive the credential
Signing in to online applications by the user presenting a verifiable credential
The Agency will install and host the ‘Enrollment’ and ‘Identity Proofing’ application in their own Microsoft Azure Cloud account.
The agency will create subscriptions and configure their approvers to use the applications in the Azure Marketplace through the RCL Digital Identity SaaS offer.
Both applications are ASP.NET Core apps that will be hosted as Azure App Services. The agency will also create an Azure SQL Database to store data for the apps.
Azure Active Directory and Azure Active Directory B2C will be used to manage federated user accounts.
These B2C federated account is used by the user to provide claims for their verifiable credential.
The AAD account is used by the agency approvers to sign in to the Identity Proofing application.
Azure Active Directory Verifiable Credential will be used to generate the Digital Identity as a W3C Verifiable credential.
All data, software, and applications will be fully controlled by the Agency in their own cloud account. RCL has absolutely no access to the data and applications in an agency’s cloud account.
The verifiable credential will be accepted and stored by the user in the Microsoft Authenticator mobile wallet app.
” Microsoft’s verifiable credential solution uses decentralized credentials (DIDs) to cryptographically sign as proof that a relying party (verifier) is attesting to information proving they are the owners of a verifiable credential.
W3C Decentralized Identifiers (DIDs) are IDs that users create, own, and control independently of any organization or government. DIDs are globally unique identifiers linked to Decentralized Public Key Infrastructure (DPKI) metadata composed of JSON documents that contain public key material, authentication descriptors, and service endpoints.
DIDs are user-generated, self-owned, globally unique identifiers rooted in decentralized systems like ION. They possess unique characteristics, like greater assurance of immutability, censorship resistance, and tamper evasiveness.
ION is a Layer 2 open, permissionless network based on the purely deterministic Sidetree protocol, which requires no special tokens, trusted validators, or other consensus mechanisms; the linear progression of Bitcoin’s time chain is all that’s required for its operation.
Microsoft is actively collaborating with members of the Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community “
–Image Courtesy Microsoft