Understanding Verifiable Credentials on Algorand with Gora and GoPlausible
The World Wide Web Consortium (W3C) sets standards for the web, including Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). These act as verifiable information packages about a subject (holder) with identifiers, attributes, properties, and credentials. Those follow an Issuer-Holder-Verifier model, which may differentiate a little in blockchain deployments since verification in the decentralized world makes use of features like cryptography suites and delegated logic (Smart Contracts).
VCs are increasingly used in education, E-Governments, healthcare (EHRs), and many more.
Why are VCs Important? Because of its broader acceptance; W3C VCs are acceptable by a wide variety of digital services and systems (banking, health, governments, tourism, transportation, etc). The future of identity and credentials is 100% digital and eventually decentralized since blockchains are the most fit-for-purpose solutions addressing identity and credential-specific requirements like provenance, tamperproof-ness, trust establishment, verifiable timestamping, privacy, and more.
Verifiable Credentials (VCs) are essentially digital versions of real-world credentials like diplomas, certificates, permits, or licenses. They offer a secure and verifiable way to manage these credentials mostly in an inclusive and decentralized way. Here are some of the key features of Verifiable Credentials:
- Standardized format: Proposed and matured under DIF ( Decentralized Identity Foundation) working groups then reviewed and published as standards by the World Wide Web Consortium (W3C), ensuring consistency across all platforms on the web.
- Verifiable information: Cryptographic proofs guarantee the authenticity and integrity of the data within a VC.
- User-controlled: Individuals maintain ownership and decide who can access their VCs.
- Shareable: VCs can be easily shared with institutions or individuals who need to verify them via Verifiable Presentations, enjoying selective disclosure for privacy preservation.
How are VCs Stored?
VCs storage is defined by two major factors:
- Storage feasible (not technical) limitations
- Credential information privacy
Given these two decisive factors, VC storage may be implemented by one of these approaches:
- Blockchain Stores VCs Identifiers and some Metadata, Digital Wallets store VCs.
The blockchain stores identifiers and some metadata associated with the VC, such as the issuer, subject, and a cryptographic hash of the VC itself. However, the actual VC document is stored in a digital wallet app on the user’s device. These wallets are designed to be user-friendly and offer features like selective disclosure, allowing users to share only specific information within a VC. - Decentralized storage (e.g. IPFS) stores VC identifiers and complete documents and Metadata, Digital Wallets store VC representations and identifiers (e.g. NFTs)
Verifiable Credentials provide a secure and private way to manage digital credentials. While the core information is stored securely in your digital wallet, the blockchain serves as a trusted record-keeping system for verifying their authenticity.
Verifiable Credentials and NFTs:
It’s important to understand the distinction between VCs and NFTs. VCs are not NFTs themselves, the NFTs here are a tool that can be used to represent or link to VCs. This misconception is quite common. NFTs can be part of the VC system but are not mandatory. In the case of GoPlausible VC system distribution and Gora verifiers, NFTs are part of the Verifiable Credentials microsystem which is called #PLAUS within the PLAUSIBLE protocol context. Verifiable Presentations (VP) as well can also be used with NFTs.
NFTs are linked to Verifiable Credentials in a well-known structure named Linked Data and are not mandatory in Verifiable Credential scenarios, but since the Web 3.0 community leans toward NFTs as means of non-fungible data blocks and also because NFTs are cool and fun, those are used within the PLAUSIBLE protocol to present Verifiable Credentials. Gora verifiers, although supporting the NFTs for DIDs and VCs, do not necessarily require them to operate (e.g contract based NFTs or even non-NFT VC implementations are as well supported by Gora thanks to cutting-edge multi-chain data layer I/O Gora has created.
Verifiable Credentials are not “minted” or “mintable” because those are not tokens. However, it is NFTs within Verifiable Credential systems that are minted and mintable during the VC operations. In many VC operational scenarios without NFTs, no minting occurs at all (smart contract-only micro-credentials for example).
Gora’s Role in Verifying VCs and the Partnership with GoPlausible:
Gora, in collaboration with GoPlausible, has implemented the tech stack to verify issued VCs in the Algorand blockchain. This verification occurs by checking the validity, authenticity, and assertions of the DIDs, VCs, or VPs separately from the GoPlausible and PLAUSIBLE protocol, using one of these two types of verification approaches:
- General Document Verification (Implemented): This is a free and simple verification method suitable for regular users. Gora checks the DID, VC, and transaction validity using Algorand nodes and hosted implementation of DIF universal resolvers and VC verifiers.
- Active Authenticity and Proof Verification (In Development): Users can pay a fee for active verification. Gora sends verifiability data objects as a transaction to Gora smart contracts including the holder’s public key for signature verification, time, and state attestation responding with details like transaction IDs and results. (Used by organizations like employers or universities who need to verify actively and maintain records of it).
GoPlausible has been collaborating with Gora on several fronts for quite some time now and one of those is the implementation of DID and VC verification by Gora (as of separation of concerns required in ID and Credentials ecosystems) to achieve a 100% separated yet integrated and interoperable service under Gora to verify DIDs and VCs independently.
The air-gapped registration, distribution (happens on the GoPlausible side), and verification (happens on the Gora side) guarantee the security, integrity, and authenticity of W3C identifiers and credentials ecosystem on the Algorand blockchain as well as advocating the spirit of collaboration and #togetherness in the Web 3.0 ecosystem.
According to Gora’s innovative multi-chain efforts, GoPlausible is confidently planning on harnessing Gora nodes for future expansions to Multi-chain and other Web 3.0 ecosystems because of the proven and reliable technology delivered by Gora.
Verifiable Credentials costs:
- Currently receiving and claiming VCs does not include any specific costs or $ALGO to be specified. Just normal MBRs are applied in VC operations as well. Transaction fees are 0.
- Active Verification on Gora (coming soon) costs a few $ALGO.
- KYC and KYB on GoPlausible and Gora (coming soon) cost a few dozen $ALGO but as a one-time pay, lifetime re-use scenario, thanks to using DIDs and VCs.
- Active claiming of a Verifiable Credential needs at least 0.25 $ALGO remaining usable (not balance only) $ALGO in the claimer’s wallet.
Ownership security and anonymity:
While Verifiable Credentials are hard linked to a recipient’s Algorand account, losing control or access to the wallet containing that account (through hacking or other means) doesn’t necessarily mean losing the VC itself.
Here’s why:
- VCs are immutably stored on the blockchain, not solely within the wallet. Losing access to the wallet wouldn’t erase or change the VC from the blockchain.
- Recovery options may exist for wallets. Many wallets offer recovery methods to regain access in case of lost private keys or passwords.
- You could potentially transfer the VC to another wallet if recovery is not possible.
However, losing access to the account does create some problems:
- You wouldn’t be able to readily prove ownership of the VC without access to the associated account and its private key.
- This could hinder your ability to use the VC for its intended purpose if you do not use any of the remedies mentioned earlier (e.g., proving your identity or recovery operations).
In summary, while losing a wallet or account access doesn’t directly erase or change the VC, it limits your ability to demonstrate its ownership (till you regain control using one of the remediation methods mentioned earlier).
None of the PLAUSIBLE and Gora protocols are concerned with the security of Algorand accounts as they both just work with Algorand wallets for accounts and signatures and rely on their account security as both are interop protocols only. So in terms of security, seed phrase, account recovery, and other account and private key-related concerns, wallet providers are the sole resource and source of action.
These being clearly stated and regarding Verifiable Credentials, the good news is that soon and by the emergence of SSI (self-sovereign Identity) service by GoPlausible and Gora, if the private key (or its seed phrase) gets compromised in any way, then by acknowledging GoPlausible there are ways (using real identity verification through KYC, KYB,…) that will lead to revocation and re-issuance of all credentials to new accounts but the process include fees and presentation of at least one of verified ID documents included under SSI (e.g. there may be an ID card, Driving license, passports,…) with user’s picture and the actual user being in possession of the device requesting this (Camera for face verification will be activated).
Blockchains are not just about anonymity and crypto trading in the shadows! One of the main advantages of blockchains is real-world usage scenarios and utilities for which users need to present real identity and credentials (for example, you will not be able to obtain a driver’s license, a diploma, or a passport anonymously). That being said, Verifiable Credentials are designed to preserve privacy to the most possible extent through features like ZK proofs, selective encryption, and selective disclosure, all coming soon to the Algorand DID and VC ecosystem very soon by GoPlausible and Gora collaborations.
About GoPlausible
GoPlausible is a decentralized protocol on the Algorand blockchain that provides tools for the issuance, registration, and distribution of W3C-compliant DIDs, Verifiable Credentials, and smart utility NFTs in a permissionless and user-friendly manner. GoPlausible aims to expand transparent Web 3.0 services to Web 2.0 through the innovative development of new features in Identity, Credentials, Authentication, Authorization, and Smart utility NFT domains in accordance and compliance with living web standards.
For more info visit: https://goplausible.com/
About Gora Network
Gora Network is a next-gen decentralized Oracle platform that provides secure and reliable access to real-world data for blockchain-based applications. By leveraging decentralized consensus mechanisms, post-quantum-resistant cryptography, and cutting-edge security, Gora Network ensures the integrity and reliability of data feeds, authenticity, and delivery, empowering developers to build scalable, secure, and decentralized applications across various industries with different data requirements.
For more info visit: https://www.gora.io