Not familiar with the EBSI or fr.EBSI acronyms? Not sure what a Verifiable Credential is?
Step by step, let’s discover the French governmental project fr.EBSI and its deliverables.
The players of the fr.EBSI project
The fr.EBSI project is a winner of the CEF Telecom 2020-FR-IA-0099 European call. This is the French governmental project within the European Blockchain Partnership for EBSI.
The project is led by the University of Lille: Perrine de Coëtlogon, University of Lille, representative of France at the European Blockchain Partnership (EBP) and Pierre Boulet, Vice-president for digital infrastructures at the University of Lille.
The project is carried out in consortium by the University of Lille, the GIP Renater and the company Blockchain Certified Data – BCdiploma.
GIP Renater and BCdiploma participated in the deployment of the French EBSI blockchain nodes, and the BCdiploma teams deployed the tools for issuing verifiable credentials, notably at the University of Lille.
This has led to a project to issue blockchain-based credentials of graduation that is unique in the international academic scene: the Dem-Attest-ULille project. More than 25 employees of the University of Lille participated in the implementation of an automated flow of blockchain diploma credentials. Bilingual, verifiable, and 100% digital credentials. Here, you can access: The University of Lille white paper “Blockchain Digital Credentials from the University of Lille“.
Verifiable Credentials, EBSI, fr.EBSI: a few definitions
- EBSI stands for European Blockchain Service Infrastructure. This infrastructure, deployed by the European Commission and the European Blockchain Partnership (EBP), provides a blockchain and trusted digital environment to enable the deployment of innovative national and transnational public services. Here, you can learn more about EBSI.
- fr.EBSI is the name of the French governmental project aiming at issuing “verifiable” digital diplomas on the EBSI blockchain, according to the new standards enacted by the W3C: the “Verifiable Credentials”. This project is led for France by the University of Lille, and BCdiploma is the technical operator.
- Verifiable Credential definition: a digital credential is said to be “verifiable” when its authenticity can be verified online directly by the person consulting it to achieve this purpose, a set of blockchain technologies and European trust registries are made available by EBSI. They allow the implementation of a new international standard called “Verifiable Credential”, which prefigures the object “digital diploma”.
Objectives of the fr.EBSI project
The fr.EBSI project, launched in January 2021 for two years, aims to:
- Deploy and maintain EBSI European blockchain nodes,
- Deploy and test a solution for issuing digital credentials that comply with international standards “Verifiable Credentials” on the EBSI blockchain,
- Deploy and test the necessary digital identity tools, namely wallets or digital identity portfolios of legal entities (a university issuing diplomas) and individuals (a student receiving a diploma).
The University of Lille has launched, in parallel to the fr.EBSI project, the Dem-Attest-ULille project, allowing the University to issue on a large scale in an automated way digital blockchain credentials for all its graduates… the credentials produced comply of course with EBSI standards! As a result, in the fall of 2022, the University’s first students will be able to test a student blockchain wallet embedding the latest digital identity technologies deployed by the European Commission.
The BCdiploma team, technical operator of the fr.EBSI project, is proud to present the deliverables of the fr.EBSI project. Here is a verifiable credentials issued to a student, “Jane DOE”: this article explains everything.
What is the purpose of Verifiable Credentials on the EBSI blockchain?
Here is a video from EBSI explaining what a Verifiable Credential is:
Here is how EBSI is presenting the diploma use case:
What is the purpose of a Verifiable Credential?
- Create a “digital diploma” item that all stakeholders can be sure is authentic;
- Facilitate all flows and processes requiring the request, production and verification of these documents.
Thus, EBSI offers a work environment that will allow, for example, any student to:
- request online a credential from a university;
- store it in a secure personal space (wallet);
- present them to any department of another university, administration or recruitment platform, with the assurance that they are instantly recognized as valid and authentic, without having to contact the issuing university.
What type of gains are expected?
On the scale of European exchanges between universities, the gains for all the players and administrative services are quite obvious, as well as the added value for graduates, who will finally be able to issue an authentic document in any situation, without having to take any steps.
Of course, the use cases of “Verifiable Credentials” are numerous and go far beyond the diploma. For example, we can point out the multiple direct applications for digital identity by considering that the “verifiable document” can contain a set of identity attributes, sovereign or not. As you can see, this technological revolution will serve as the basis for our future digital documents: identity card, passport, driver’s license, access to financial services, etc.
What is a “verifiable credential” and what can be verified?
The verifiable credential we present here uses a standard format called “Verifiable Presentation”: a data format that allows a graduate, from their personal wallet, to transmit to a third party (recruiter, university or automated credential verification service) information about both their degree and identity.
This “Verifiable Presentation” digital object is therefore an envelope signed by the graduate and containing two objects, known as “credentials”:
- a verifiable digital diploma,
- a verifiable digital identity.
But… How do we access this data and verify that it is valid? Using any online open-source “Verifiable Credentials” verification/validation service. Within the fr.EBSI project, in partnership with the Walt.id open-source library and co-funded by NGI eSSIF-Lab, BCdiploma’s teams have put online such a service, based on the Walt.id SSI Kit open-source libraries, to which BCdiploma actively contributes.
For example, if you click on the “Verifiable Credential” link at the top right of the credential, you will be directed to a Verifiable Credentials validation service that allows you to verify that the credential is valid. Why can we trust this service? As it uses an open-source library recognized by EBSI, i.e. Walt.id, we can see all the code used.
This service analyzes the content and validity of the data, according to the standards established by EBSI:
What does this verification tell us and what does “Your credential is valid” mean?
- Signature: A valid signature means that the character string provided to the validation service has been signed by the sender, in this case the Jane DOE student. Here the string is leyJraWQiOiJkaWQ6ZWJzaTp6eVJ2TFZqQ2hlajFmWlFZVEs1TGtiN… These data are presented in the “Content of your credential” section… but to make things worse, the plain text content of a Verifiable Presentation contains two credentials in JWT format that will have to be verified using the same method as presented here (the identity of the graduate and the content of the diploma).
Why is this signature tamper-proof? As it is a cryptographic signature that can be verified by algorithm, the signature is made by the student Jane DOE from her Decentralized IDentifier (DID), which the University of Lille has validated as being Jane DOE’s, and which only Jane DOE can manipulate via her “Student Wallet”. Do you get it? We’ll talk about the Wallet below.
- DID of the issuer: to be valid, the credential must be issued by an individual or an entity with a Decentralized Identifier duly registered in an EBSI blockchain registry. The rules for registering such an identifier in the registry are defined by the EBSI ecosystem. For example, the registration of a student’s DID is done by the University, and the registration of the University’s DID is done by its department.
- DID of the subject: when applicable, for example for a diploma credential, the DID of the issuer differs from that of the subject (the issuer is the university, and the “subject” is the holder of the credential, the student).
- Issue date, Validity date, Expiry date: this is mandatory information in a credential.
What information does a “verifiable digital diploma” provide?
Let’s now click on “Check the validity of the diploma on the EBSI blockchain”, and let’s detail the information obtained.
First of all, we are consulting a Verifiable Credentials issued by a University for a student “Jane DOE”, a VerifiableAttestation Europass credential. This type of credential must follow a pattern developed by EBSI to describe a diploma, this term being used in its most generic sense possible: a learning outcome.
The pattern, or data model, proposed here by EBSI, respects two standards: the Europass standard, and the W3C standard. This ensures that this information is properly recognized by other ecosystems than EBSI. This model is very complete: you can see its functional coverage here. The pattern is publicly accessible on the EBSI blockchain, and a data issuer, e.g. a university, must be authorized to use this pattern.
In this example, the fr.EBSI project group focused on the essential attributes of the University of Lille’s diplomas, and in addition to the decentralized identifiers of the issuer (the university) and the graduate, we find the following data:
In a future version, EBSI will handle several languages.
What identity attributes are presented in the “Verifiable Presentation”?
Let’s now address digital identity issues. You have already understood that each student is identified by a Decentralized Identifier (DID) registered in a trusted EBSI registry by the students from their wallet, and this with the authorization issued by the University that authenticated them. The University then issues a “credential” of a particular type, called “VerifiableId”, which allows it to mention the identity attributes that it guarantees and that the students can use from their wallet to share them.
Let’s click on “Verify graduate’s identity on the EBSI blockchain”.
The data pattern proposed by EBSI strictly respects international standards, and allows to specify the type(s) of identifiers the issuer wishes to use.
In the fr.EBSI project, in order to promote interoperability at the European level, the University of Lille, which is the issuer here, has chosen the “European student identifier” to identify the student. Thus, this decentralized identifier will allow the student to prove their identity to any service accepting the “European student identifier”, with one click via their wallet.
The following is the data issued by the University as identity attributes for a student:
What is presented here can easily be generalized to any sovereign attribute, which can thus be made available to citizens by the institution that has the power to do so. It is easy to understand the potential for simplification that this will allow for the generalization of e-administration services.
What is the life cycle of a Verifiable Credential?
Let’s briefly review the complete life cycle of a verifiable credential:
The roles and information flows forming the basis for this specification
The three key players are:
- An Issuer: for example, a university,
- A Holder: for example, a student,
- A Verifier: for example, another university or a job search site
The infrastructure that creates the trust is called “Verifiable Data Registry“: it is deemed unfalsifiable and always available, hence the use of blockchain technologies.
In order to function, this system needs to identify the actors and allow them to perform the necessary actions. For this, the technology chosen is “Self Sovereign Identity“, allowing individuals to act from a Wallet with verifiable identity attributes.
For a more theoretical view, here are the diagrams provided by EBSI.
Learn more about this
A/ Make sure to check out these two white papers:
B/ Do you want to better understand the concepts of Self Sovereign Identity (SSI)? Here are the resources from our partner Walt.id:
C/ Link to EBSI
Annex: details of the deliverables of the fr.EBSI project
Open source contributions to deploy applications based on EBSI
Contributions to the SSI Kit library of Walt.id, of which France is the first external contributor: https://github.com/walt-id/waltid-ssikit/graphs/contributors (contributor atuffreau-bcd).
- Integration of EBSI API and verifiable identity, diploma and presentation credentials schemas, onboarding client with SIOPv2/OIDCv2, implementation of JSON schema validation, contributions to trusted schema did and issuer verification policies,
- EVM signature client to submit jsonrpc transactions to EBSI,
- HSM key store implementation with Cloud Key Vault,
- Contribution to the architecture of Walt.id wallet API (to be implemented).
Deployment of an EBSI Credentials validation service
Open source development and release of a VC and VP validation service for early adopters, to allow them to verify their VC during their development phase.
Direct contributions to EBSI ecosystem
- Extensive validation and debugging of Verifiable ID and Europass data models used by multi-university pilots,
- MU pilots support in validating and debugging issued VC/VP and with Europass data model.
Preparation of the automated production of EBSI credentials at the University of Lille
Development and deployment of an open source tool for the whole school administration of the University of Lille, which allows to issue credentials in an automated way from the French Universities IT tool.
Thus, as soon as EBSI is in production, France is able to produce in an automated way the diplomas in EBSI format for its graduates, and the French universities that wish to do so have a tool at their disposal.
Deployment of an ESSIF/EBSI compliant wallet: funded by NGI ESSIF Lab
Based on the SSI Kit from walt.id and fully adapted to the academic context.
Work is in progress: at the beginning of the academic year 2022, the students of the University of Lille will receive in their wallet the credentials issued in continuous flow by the University. This wallet will be used by the European University CIVIS for the badges of competence delivered by the Universities of their network.
This wallet is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 871932
Dissemination and training
- Conferences in the French and European ecosystem,
- Participation in EBSILUX – Designathon, may 2022, to present the fr.EBSI work.
The contents of this publication are the sole responsibility of BCdiploma and do not necessarily reflect the opinion of the European Union.