Self-Sovereign Identity (SSI) is an emerging concept associated with the way identity is managed in the digital world. Users should be able to create and control their own identity, without relying on any centralized authority.
When interacting in the digital world, we can consider three different situations concerning the possibility of disclosing the real identity of the parties:
- Fully anonymous interaction, when there is no (or extremely remote) chance of linking the digital identity to the actual identity of person in the real world.
- Anonymous identity, but verifiable under certain conditions (for example, the use of pseudonyms that can be traced to the real identity under judiciary request)
- Fully disclosed real identity, when attributes allowing identifying uniquely the person (e.g. full name and surname, date of birth, national identification number) are provided.
What are Verifiable Claims (VC)
To support digital interactions in which information about the identity must be shared with third parties the identity needs to proof that it has has ownership of certain attestations or attributes. (claims)
Those third parties can then use the presented cryptographically protected proof (claims) to verify the ownership and trustworthiness of the claims about the identity.
As the presentation of the Verifiable Claims is managed totally by the users, they can decide on which specific pieces of information about themselves they want to share with third parties. With this selective disclosure of attributes privacy and personal data protection is reinforced.
In short: A claim is a statement about a subject (identity). A subject (identity) is a thing about which claims can be made.
What types of claims exist?
As claims are assertions or attestations made by a party about itself or another. Claims are digitally signed so that anyone receiving the claim can know who issued it.
There are self-asserted claims created by the subject (identity) itself. The identity might, for example, create a claim that asserts it’s gender or that it’s name is John Doe.
For example if you logon to the test wallet: https://ssi.codeb.io/addclaim.aspx?ba=0x8274d660759f3baba9c9f1aa748c1dae956966f1&pass=test and you add a claim then it is self-asserted as it is signed with your very own private key.
If you go to https://ssi.codeb.io/checkclaims.aspx?ba=0x8274d660759f3baba9c9f1aa748c1dae956966f1&pass=test and check firstname, surname, fullname or mobile number you can see that there are more than one claim as the claims have been signed also by others (verifiable claims).
Verifiable Claims are made by others about the subject (identity). For example the local government can assert (and sign) a claim. This claim might be a birth date, name or driver’s license. Now the identity could use this verifiable claim to prove to someone else that it is authorized to drive.
Identity Namespace API’s
In our identity namespace we offer a couple of public API’s to add or verify claims.
AddClaim
The function AddClaim requires 9 input parameters:
SSIAddress: Self-Sovereign Identity Address to add claim to.
ChainAddress: Blockchain address used to add claim.
Password: Password to unlock above address.
ClaimType: Type of claim (uint256) being added. For example 1 for email, 2 for full name, 3 for residence and 4 for biometric, etc.
When using a dot notation for the ClaimType number (like OIDs) a claim becomes an entry in the Capabilities Matrix. For example number 1.1, 1.4.5, 2.1343.1, etc.
Scheme: The scheme with which this claim should be verified or how it should be processed. Its a uint256 for different schemes. It can mean different key types e.g. 1 = ECDSA, 2 = RSA, etc. It could also mean contract verification, where the data will be call data, and the issuer a contract address to call.
DataHEX: The hash of the claim data, sitting in another location, a bit-mask, call data, or actual data based on the claim scheme.
signatureHEX: Signature which is the proof that the claim issuer issued a claim of topic for this identity. It MUST be a signed message of the following structure: keccak256(address identityHolder_address, uint256 _ ClaimType, bytes Data).
URI: The location of the claim, this can be HTTP links, swarm hashes, IPFS hashes, and such.
Issuer: The issuers identity contract address, or the address used to sign the above signature. If an identity contract, it should hold the key with which the above message was signed, if the key is not present anymore, the claim SHOULD be treated as invalid. The issuer can also be a contract address itself, at which the claim can be verified using the call data.
You might also opt for the API: AddClaimMini as that requires less input parameters and does hashing, signing, etc fully automatic.
SignDataAndAddAsClaim
The function SignDataAndAddAsClaim creates a self-asserted claim as it signs the data itself and uses ChainAddress as issuer. It requires 7 parameters:
SSIAddress: Self-Sovereign Identity Address to add claim to.
ChainAddress: Blockchain address used to add claim.
Password: Password to unlock above address.
ClaimType: Type of claim (uint256) being added. For example 1 for email, 2 for full name, 3 for residence and 4 for biometric, etc.
When using a dot notation for the ClaimType number (like OIDs) a claim becomes an entry in the Capabilities Matrix. For example number 1.1, 1.4.5, 2.1343.1, etc.
Scheme: The scheme with which this claim should be verified or how it should be processed. Its a uint256 for different schemes. It can mean different key types e.g. 1 = ECDSA, 2 = RSA, etc. It could also mean contract verification, where the data will be call data, and the issuer a contract address to call.
Data: The claim data, sitting in another location, a bit-mask, call data, or actual data based on the claim scheme. This function signs the data automatically and makes it a self-asserted claim.
URI: The location of the claim, this can be HTTP links, swarm hashes, IPFS hashes, and such.
GetClaimsByType
The function GetClaimsByType returns all claimID’s of an identity with the given ClaimType. It requires 2 parameters.
GetClaim
The function GetClaim retrieves all properties of a given claim as a comma separated list. It requires 2 parameters
RemoveClaim
The function RemoveClaim removes a claim from the given identity.