Affinidi’s vision is to empower communities with control and ownership of their data, creating new business models and greater trust.

As the customer demand for control and ownership of data continues to grow, it is becoming increasingly important for developers to better manage data privacy and portability within their apps. With our tooling, you can start creating a privacy-preserving app within minutes.

What Are Privacy-Preserving Apps?

Privacy-preserving apps make it easy to give your customers more control over how their information is used and shared. We enable this data ownership and control through Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).

Learn more about VCs, trust triangle, Decentralized Identifiers (DIDs), and selective disclosure.

What Are the Affinidi VS Code Extension and the Affinidi CLI?

The Affinidi VS Code Extension provides access to Affinidi’s developer tools directly within the Visual Studio Code editor’s command palette. This extension is a one-stop place for Affinidi’s developer tools that enables you to build privacy-preserving applications, without having to leave your IDE.

The Affinidi Command Line Interface (CLI) provides access to Affinidi Developer Tools through your terminal or shell. You can leverage this tool to create a project, manage your API keys, access schemas, and more through commands and scripts.

You should update both tools regularly to benefit from our continuous additions and latest improvements.

Getting Started

We assume that you already have VS Code installed (if not, head over here). You can either get the Affinidi VS Code extension through VS Code’s sidebar or you can go to the extension page on the VS Code Marketplace.

First, you need to create an Affinidi account and a project.

To do that, click on Affinidi logo in sidebar, then click on “Create an account with Affinidi”, enter your email and the OTP code that you received in your inbox.

When you’re authenticated, just click on “Create project” button and enter a project’s name. That’s it!

We’ll automatically create a digital identity for you — your personal DID.

If you want an end-to-end example of an application, that uses Affinidi APIs, you can generate a reference app directly from the extension.

The reference app includes such features as: issuing a credential, claiming & storing it in your wallet, verifying it.

This feature requires the Affinidi CLI to be installed:

$ npm i -g @affinidi/cli

The Affinidi Reference App

These tools will allow you to generate the Affinidi Reference App with the click of a button. The app is actually three applications in one. It provides three independent user flows for issuing, claiming/holding VCs, and verifying VCs, all housed in the same code base, to facilitate developer experience. In a real world scenario, the three flows would never coincide in the same application but as a developer you may need to build simultaneously for the three corners of the trust triangle: issuer, holder and verifier.

The Reference App is tailored for a certification and verification use case, but the Holder and Verifier flows can be extended to other use cases.

Find out more about our tools here:

• https://github.com/affinidi/affinidi-cli
• https://github.com/affinidi/vscode-extension
• https://github.com/affinidi/elements-reference-app-frontend

We hope the above use case encourages you to build your own privacy-preserving applications. If you have any questions or issues, reach out to us on Discord. Also, if you have an idea and need help developing it, contact Marco Podien, our Dev Evangelist.

We can’t wait to see what you’ll build with the Affinidi VS Code Extension and the Affinidi CLI.

Please drop us some quick feedback here and help us shape the future of privacy-preserving applications.

• Explore documentation
• Give feedback
• Get conversations going with #teamaffinidi and the community on Discord
• Follow us on LinkedIn, Twitter, and Facebook
• Get the latest updates on what’s new at Affinidi; join our mailing list
• Interested in joining our team?
• For media inquiries, please get in touch with Affinidi’’s PR team via pr@affinidi.com

We participated in the Singapore Fintech Festival 2022 (“SFF 2022”) that took place from 2–4 November at Singapore Expo, attracting over 2,000 organizations from 110 countries.

During this premier fintech festival, which was attended by leading banks, government departments, policymakers, investors, and financial companies, Affinidi showcased products catered to enterprises, individuals and developers.

Products Showcased

Ceal, an all-in-one credentials wallet to securely store and share your personal, work and education -related credentials. Within the event, close to 3000 digital credentials were issued in respect of business cards, digital collectibles and testimonials. These credentials may then be stored in individual’s mobile devices via the Ceal mobile application, and shared with others with the individual’s consent.

Verifin, which enables trusted mobile device transfers through the verification of customer identities, thereby creating a secure and seamless mobile banking experience.

In addition to showcasing our solutions, we also participated in industry discussions, meet-up sessions and booth interactions.

Talks and Programs

During SFF 2022, Glenn Gore, CEO of Affinidi and LemmaTree, participated in a roundtable discussion on data portability where he talked about how organizations can leverage new data points to provide better services to end-users. He reiterated the need for trust and data ownership to get a holistic view of any problem.

Glenn also spoke at the open mic session by OCBC, where he shared the stage with Mr Lim Wei Ming, Head of Data Architecture, Group Technology Architecture, OCBC Group. Glenn spoke about Verifin, and also about Affinidi’s vision and solutions to solve the existing identity and data security problems.

Varsha Jagdale, General Manager of Financial Services for Affinidi, participated in the Asian Digital bank CEO roundtable where she stressed the need for having open and trusted ecosystems through innovative technology architectures.

In addition, Mike Dunning, Director of Solutions Architect at Affinidi, moderated a fireside chat at OCBC’s booth. During this fireside chat, Mike showcased the Verifin solution and interacted with the enthusiastic crowd that had gathered around the booth.

In parallel, Summit Saurav, Product Manager at Affinidi, introduced Affinidi at the blockchain meet during SFF 2022 and shared our solutions across multiple industries like Financial Services, Recruitment, Travel, and Healthcare.

Issuance of digital certifications

Elevandi, the event organizers of SFF 2022, leveraged Affinidi’s technology to issue digital collectibles to participants to certify their attendance at various SFF 2022 activities.

Attendees of SFF 2022 were given a ‘Participation Digital Collectible’ that they could share on social media. Those who attended the ESG sessions were awarded a ‘House Laterem Digital Collectible’ while those who attended the Digital Assets plenary sessions were awarded the ‘House Arbor Digital Collectible.’

Participants who completed both the ‘ESG & Sustainable Finance’, and ‘Digital Assets & Web3 learning journeys at SFF 2022 were issued the ‘Valedictorian Digital Collectible’, and given the opportunity to win a free pass to Singapore FinTech Festival 2023.

Non-stop interactions at Affinidi’s booth

Meeting people face to face was the best part of the event for us! Interacting with best minds in the industry helped us to gather insights, observe emerging trends and get invaluable customer feedback. The lively discussions with current and potential partners validated our vision of ‘changing data ownership for good’. We are confident that these discussions could pave the way for a more open, streamlined, and transparent ecosystem with data ownership and user empowerment at its heart.

A huge shoutout to Elevandi, our partners, and everyone who made SFF 2022 a memorable one for all of us.

We look forward to seeing you at more such events.

In the meantime, please do reach out to us in case of any questions.

• Explore Ceal app
• Follow us on LinkedIn, Twitter, and Facebook
• Get the latest updates on what’s new at Affinidi; join our mailing list
• Interested in joining our team?
• Get conversations going with #teamaffinidi and the community on Discord
• For media inquiries, please get in touch with Affinidi’s PR team via pr@affinidi.com

Written by Denys Popov

SSI adoption has many layers of challenges and complexities. One of the problems that I want to address in this article is,

“How to have an enterprise Decentralized Identifier (DID) when an employee 👨‍💼👩‍💼 can act on behalf of this company 🏢 with flexible permissions layer in a decentralized or peer-to-peer way?”

There are several hack solutions for this, but all of them have at least one major problem, which limits the usage and implementation of existing solutions.

Before we go into my proposed solution, let’s look at the problem first.

Problem Statement

Let’s say an organization wants to issue power of attorney as a Verifiable Credential (VC) for an employee DID.

Such an issuance requires a custom method for VC verification, so there should be a custom flow. Here, the employee should pass any meaningful info/VC to prove his organization’s power of attorney VC, and the verifier must perform that extra check of authority VC.

This verification may not be as easy as it sounds because the verifier must know how to handle that.

Workflow

Here’s the workflow of the above problem.

• The founder/CEO/creator of the organization DID can add to the DID document public keys (with proper authority/access/entry points) of employees.
• Next, an employee can use his personal DID to issue a document/VC on behalf of the organization and set it to an issuer field organization DID before sharing it with the verifier.
• The verifier will resolve the Issuer DID (in this case, it’s the organization’s DID). To do this, the verifier will get the issuing organization’s DID Document, find the proper employee public key, and verify the signature.

Looks good so far.

However, we have a problem here. The founder, who created the organization DID, will have full control and access to the anchor/recovery key. Therefore, they can always update the organization’s DID document, and no CEO/Founder rotation is possible here.

Though some existing solutions include modifications to the DID document to have several controllers, they won’t solve the issue altogether.

Proposed solution

Here’s my solution to support the majority of DID methods without modifications/custom flows and simultaneously have the flexibility you need.

• Create a DAO smart contract. In the initialize phase, define a set of stakeholders (their crypto addresses/DIDs) and define a threshold number required to get the consensus/perform action (should be equal to or smaller than the number of stakeholders), and initially perform the anchoring of DID by this smart contract on initialization.
• Next, the smart contract (kind of DAO) interface should allow for the threshold number from that group of stakeholders to make a decision (change the smart contract state):

- Update the related DID Document (by adding/removing public keys of employees or some permissions of it)

- Change the threshold number for making future decisions

- Add/remove stakeholders

With this solution, an organization’s authorized employee can sign documents using their personal keys, but can mark the Issuer as organization DID. Then, the verifier will perform just the standard verification, and it will work.

At any point, the stakeholders can remove an employee’s public key from an organization or change those permissions. Also, stakeholders can be changed when the required consensus is met. All this interaction is done and available in a decentralized way.

What do you think of this solution?

Join our community today

• Get conversations going with #teamaffinidi and the community on Discord
• Follow us on LinkedIn, Twitter, and Facebook
• Get the latest updates on what’s new at Affinidi; join our mailing list
• Interested in joining our team?
• Start building with the Affinidi tech stack now
• For media inquiries, please get in touch with Affinidi’s PR team via pr@affinidi.com

Affinidi Console is a one-stop shop that provides a suite of tools that make it easy for builders to create personalized and privacy-preserving applications. It provides data control and ownership to end-users, and empowers you to leverage the advantages of a decentralized data ecosystem.

With Affinidi Console, you can access many services that work on top of Affinidi’s APIs. Also, you can unlock and verify fully portable Verifiable Credentials (VCs) — tamper-evident and W3C-standard digital credentials that can be verified cryptographically.

Here’s an example of how you can use the Affinidi Console to build privacy-preserving apps.

Meet Kate — a rockstar software engineer who wants to build an app called MedScore that rewards people for healthy behavior. She envisages users to input their medical records into the app and qualify for special services and discounts based on certain conditions.

As her app deals with sensitive patient data, she wants to protect their privacy and comply with standards like GDPR. Based on these business goals, she lists her requirements.

Requirements

MedScore’s requirements include,

• Signup — At the time of registration, she wants to gather customers’ informed consent.
• Verification of patient records — Once the patient uploads their health records and documents, she wants her app to verify their authenticity.
• Qualification for rewards — Next, her app must compute a health score based on the entered records and decide if a patient qualifies for rewards or discounts.
• Storage — Kate wants to give users the option to store the digitized version of their patient records securely.
• Sharing — She wants users to be able to safely and securely share their sensitive data with healthcare providers.

As you can see, data management and privacy are some of the core tenets of MedScore, so she wants to understand how Affinidi Console can help.

Using Affinidi Console

Affinidi Console is the perfect no-dev tooling platform for Kate’s requirements, and let’s see how.

• Signup — Affinidi’s Consent Manager displays your terms and conditions and gathers user consent at signup. All she has to do is create a privacy policy and enter it on the Consent Manager’s admin widget.
• Verification — Digital Check and Paper Check can verify the data on both digital and paper records, respectively.
• Assessing Qualification — Kate can leverage the superpowers of Rules Builder to set the criteria for qualification.
• Storage — Edge and cloud wallets securely store patients’ data and put users in control of their information.
• Sharing — Bulk Issuance and Schema Manager enable her customers to share their data in a standardized format with healthcare providers.

By leveraging Affinidi Console, Kate saves hours of development, and at the same time, she builds her dream project in a few hours.

Building privacy-preserving apps doesn’t get easier than this.

Sign up for early access to Affinidi Console today. For further questions, reach out to our Dev Evangelist, Marco Podien.

Join our community today

• Get conversations going with #teamaffinidi and the community on Discord
• Follow us on LinkedIn, Twitter, and Facebook
• Get the latest updates on what’s new at Affinidi; join our mailing list
• Interested in joining our team?
• Start building with the Affinidi tech stack now
• For media inquiries, please contact Affinidi’s PR team via pr@affinidi.com

Affinidi Console is a one-stop shop that provides a suite of tools that make it easy for builders to create personalized and privacy-preserving applications. It provides data control and ownership to end-users and empowers you to leverage the advantages of a decentralized data ecosystem.

With Affinidi Console, you can access many services that work on top of Affinidi’s APIs. Also, you can unlock and verify fully portable Verifiable Credentials (VCs) — tamper-evident and W3C-standard digital credentials that can be verified cryptographically. So far, Affinidi Console consists of nine services/components:

• Schema Manager
• Bulk Issuance
• Registry
• Cloud Wallet
• Edge Wallet
• Paper Check
• Digital Check
• Rules Engine
• Consent Manager

Let’s take a detailed look at each of these components.

Schema Manager

Schema Manager is a tool to manage, create, clone, update, and reuse credential types and existing schemas.

It can come in handy for developers, product managers, or engineers tasked with building an SSI application and face the problem of ensuring trust between actors (mainly, Issuers and Verifiers).

Bulk Issuance

Bulk Issuance is for you if you’re someone who issues VCs frequently and in large numbers. Our Bulk Issuance component allows you to issue VCs in batches, based on the contents of a CSV file and structured according to the selected VC schema.

Bulk issuance saves you a lot of time and effort.

Paper Check

Paper Check enables you to extract information from documents that cannot be digitally verified (paper certificates, PDF reports, etc.). This tool standardizes the extracted data into defined schemas and reviews the authenticity of the documents. (Note: We can’t fully guarantee the authenticity of paper documents).

Digital Check

Digital Check is similar to Paper Check but extracts information from digital documents. Specifically, you can use this product to extract information from digitally verifiable documents, standardize the extracted data into defined schemas, and verify the authenticity of these documents.

Rules Engine

Rules Engine is a service that allows customers to check the data/documents submitted by end-users against their business rules for further processing and decision-making. These business rules are configurable using a web-based frontend.

Registry

Affinidi Registry is a secure place to store a list of trusted and verified data providers for your organization.

Cloud Wallet

Affinidi’s Cloud Wallet is a centralized storage solution for storing and sharing verifiable credentials. Also, this end-to-end solution can fit well into decentralized environments as well.

Edge Wallet

Edge Wallet is a decentralized wallet storage service that stores all data on a customer’s device.

Consent Manager

Affinidi’s Consent Manager is a privacy and data protection solution that enables application owners and organizations to manage end-customers’ consent through VCs. It is a plug-and-play solution that can integrate with your existing or future applications and scale well with your business growth.

Stay tuned to know more about these products.

In the meantime, sign up for early access to Affinidi Console today to try these products.

For further questions, reach out to our Dev Evangelist, Marco Podien.

Join our community today

• Get conversations going with #teamaffinidi and the community on Discord
• Follow us on LinkedIn, Twitter, and Facebook
• Please get the latest updates on what’s new at Affinidi; join our mailing list
• Interested in joining our team?
• Start building with the Affinidi tech stack now
• For media inquiries, please get in touch with Affinidi’s PR team via pr@affinidi.com

All that will likely change with the introduction of a new technology standard called ORGANS. In particular, ORGANS enables individuals to give their consent for using their data in a specific way. In addition, it empowers individuals to own their data and selectively share it with just the entities they want, thereby preserving their data’s privacy and security.

Read on to know all about the ORGANS standard and how it can change the way companies collect data from individuals.

What is the ORGANS Framework?

ORGANS is an acronym for,

• O -> Open Standards
• R -> Revocable by individuals
• G -> Granular
• A -> Auditable
• N -> Notice to all parties involved
• S -> Secure

Let’s talk a bit about each of these attributes.

Open Standards

Interoperability is a crucial building block as it enables different systems and organizations to “talk” to each other and better process the information that flows through them. This interoperability is essential in our current Web 2.0 and future Web 3.0 apps because it enables data to be shared easily across systems. When all organizations embrace the open standards envisioned in ORGANS, data flow and usability will be seamless.

Revocable

Data privacy is all about putting individuals in control of their data. With ORGANS, every user can determine their data usage and, more importantly, enjoy the choice to revoke access to their data anytime.

Granular

Personal data comes in many forms, from email addresses to employment letters. Users must have the option to selectively share only data that’s pertinent for a specific use case. For example, if a user has to submit proof of age to enter a nightclub, then date of birth alone is enough. The user doesn’t even have to share their first and last name.

This ability to share just the required data is an essential part of preserving the data privacy of individuals.

Auditable

The data shared by individuals should be readable by humans and machines for quick, easy, and cost-effective verification. Also, the organization collecting the data can store the confirmations in secure records/logs (machine and human-readable form) for easy reference and auditing.

Notice

ORGANS advocates transparency and accountability in data sharing and handling. To this end, ORGANS emphasizes sending notices to all concerned parties if data changes, is revoked, etc.

Secure

Any application built on the ORGANS framework must be secure by design. Though ORGANS doesn’t lay down specific technologies for implementing security, it’s safe to say that many next-gen technologies like verifiable credentials fit this requirement.

In a nutshell, ORGANS is a framework for creating applications that promote data ownership, privacy, and security.

What does ORGANS mean for you?

You may wonder how ORGANS can change your data privacy and security as a user. Simply put, you go from accepting the terms and conditions of an online service to determining what data organizations can use, for how long, and for what purpose. As a result, you create and share portable digital identities and credentials while staying in control of your data continuously.

Source: NITI

From an organization’s standpoint, building applications based on ORGANS can be a game-changer for your business. These futuristic applications not only put data privacy at the heart of your operations, but can also help you earn the trust of your customers. Not to mention that such applications will meet future compliance standards and can, overall, provide a competitive advantage for your organization.

Affinidi’s Consent Manager

Affinidi’s Consent Manager follows the ORGANS principles to empower you to create consent policies and handle your customers’ consent for using your services and applications. This plug-and-play solution can integrate with your existing or future applications and scale well with your business growth.

For more details on how you can use Affinidi’s Consent Manager, please reach out to us.

Many people are wary of looking for and applying to jobs online, and rightly so, as job scammers are on the rise, targeting their prey more creatively than before.

So, how can we help people quickly ascertain genuine opportunities while matching their skills and experience to suitable roles? About 70 students from the Nanyang Technological University (NTU) in Singapore attempted to answer this question during the LemmaTree x NTU POCathon.

They came up with impressive submissions, ranging from job portals showcasing verified jobs and companies to scam alert verification features. The 17 teams that participated in this event wowed the judges with their amazing POCs, created in less than four weeks. The top 6 teams were shortlisted for an in-person demonstration in NTU, where all four judges cracked their heads to select the top 3 winning teams.

Here are the great ideas of the top 6:

1235

1235 proposed a verified and optimized human resources platform for companies and applicants to create verified customizable profiles. Their POC, powered by Affinidi’s APIs, strives to help companies verify their job applicants’ backgrounds and vice versa. It was awe-inspiring for the judges to see a product coded within such a short time.

BYTEMASTERS

BYTEMASTERS’ proposed solution grants access only to verified companies, ensuring that job-seekers do not have to deal with any job scams while receiving a curated list of suitable roles powered by AI technologies. Although they did not manage to create a fully functional application, they made an interesting comparison of current solutions and their loopholes before crafting an all-rounded solution. Kudos to the team.

localhost404

localhost404 created a functional portal that accurately detects unverified companies and job postings besides curating a list of suitable job opportunities for users. The judges were impressed with the ready application.

Newbility

Team Newbility proposed a web service solution that could verify company accounts, review job posts, and provide tailored talent and job recommendations to companies and applicants. A unique feature of their proposed solution was to feature job openings from other sources instead of having the companies post their roles from scratch.

noTurningBackSistas

One of the most out-of-the-box ideas goes to this all-women team. Their solution focused on helping remote employees, including freelancers, by creating smart contracts, a digital wallet, and automated scam detections. They even included an introductory tutorial for users — putting themselves in the shoes of users, indeed.

ThesePeopleAreOnTime

Another all-women team, these people were not only on time but also on point. Their solution revolved around matching verified companies with verified talents, and vice-versa, to create a trusted environment for everyone involved.

These teams presented their solutions to our judges:

• Alex Albano, Marketing & Ecosystem Growth, Affinidi
• Tan Min Min, Director of Product, Affinidi
• Duy Dang, Head of Engineering, Trustana
• Dilparinder Singh, Strategy Lead, LemmaTree

The winning teams to walk away with cash prizes and an exclusive internship were:

• Newbility
• 1235
• ThesePeopleAreOnTime

We thank all the participants of this PoCathon for their enthusiastic participation, and we hope to see these solutions launching soon.

Contact us if you’d like to discuss specific use cases or learn more about creating solutions using trusted data.

Join our Community today

Get conversations going with #teamaffinidi and community on Discord

Follow us on LinkedIn, Twitter, and Facebook

Get latest updates on what’s new at Affinidi, join our mailing list

Interested in joining our team?

Start building with the Affinidi tech stack now

For media enquiries, please contact Affinidi’s PR team via pr@affinidi.com

Fake social accounts negatively impact users’ trust in social media platforms. Many times, users are forced to ignore or reject genuine connections because of the inherent inability to verify a connection’s personal data. Further, this has dented the trust in social media platforms. Predatory behavior, scams, fake news, and more problems are the result of such fake social accounts, so it’s a pressing problem that each of us can relate to.

So, how do we address this problem of fake social accounts? Is it possible to create a social platform with only genuine users?

At LemmaTree, we asked these questions to our interns — brilliant minds who were welcomed under our inaugural Internship Program.

This ideathon was specially designed as an exciting challenge for the Singapore interns and centered around trusted data. Here are some of the incredible solutions that the five teams came up with.

Group #1: Team Podium

Team Podium divided the problem into three distinct processes, namely, account creation, account maintenance, and user behavior, and produced a solution for each. They also crafted a module to eliminate fake news and false information on the news feed. The team understood the potential limitations of their proposed solutions and presented ways to address them, making their solution a well-thought-out one that spanned across different aspects of prominent social media platforms.

Team #2: Ups

The team had a noble idea of addressing predatory behavior commonly seen on social media which not only reduces the trust among users, but could cause permanent trauma to minors.

To address this behavior and to enhance the trust and safety of other users, the Ups Team proposed a VC-based solution to verify personal information and an API that should effectively filter inappropriate messages sent on social media. Both solutions would combine to enhance social networks to penalize users with malicious intent and safeguard users from predators, resulting in the strengthening of trusted connections on such platforms.

Team #3: Reliabae

As the name perfectly reflects it, Reliabae is the solution by the team that seeks to address the trust and reliability issues in online dating applications, returning reliability of the applications to users looking for genuine connections. Reliable is a VC-based dating app that eliminates fake accounts and identities using a two-pronged approach — incorporating APIs to fetch verified data and the use of deep neural networks for image recognition.

Team #4: Super Identity

Also looking to solve the challenge of fake accounts on dating applications is Team #4. And they’re doing it through their super solution, Super Identity. It is a Single Sign-On (SSO) application that provides an easy and secure way for users to verify their identity on social media. One of the key highlights of Super Identity is that it is scalable and can be used on other social media platforms beyond the dating scene.

Team #5: Protego

Team #5’s Protego is a community-based social media application, which requires users to verify their identity to access the full set of features on the platform, and helped to eliminate fake news using an NLP model. Users can request for Verifiable Credentials from trusted organizations like schools and institutions. The solution proposed by the team also had an elaborate timeline which showcased the thoroughness of the team in ensuring this solution’s success from launch.

All five solutions were well presented to the judge — Duy Dang, the Head of Engineering of Trustana, one of the entities under LemmaTree. Duy gave great advice and comments to the teams based on the judging criteria provided:

• Creativity and usability of the solution.
• Does the solution leverage the concept of trusted data?
• Were Lemmatree employees’ opinions incorporated into the solution?
• Quality of presentation
• Bonus: Practicality of the Solution

In all, these solutions provide a glimpse into the power of trusted data and the limitless possibilities of what you can do with trusted data. We would like to thank all participants of the ideathon and we’re excited to see some of these solutions getting launched in the near future!

If you’d like to talk about specific use -cases or learn more about creating and using trusted data, reach out to us.

Today, we are announcing the deprecation of support for Bloom Vault in the latest version of our Affinidi SDK.

This blog outlines the updates in the new versions of Affinidi stack and the required steps developers should take to avoid any disruptions in our SDK’s functionality.

What’s new in Affinidi SDK v6.0.4 and above?

At a glance, here’s what changes from Affinidi SDK v6.0.4 and above.

• Migrating from Bloom Vault to Affinidi Vault for improved performance
• Server-side search by credential Id
• Server-side search by credential types

Read on to know why we are migrating to Affinidi Vault, what’s in it for you, and what steps you must take.

What are we changing?

The earlier versions of Affinidi SDK (below v6) use Bloom Vault as the end-to-end provider-agnostic storage. Undoubtedly, this has helped our customers to securely store verifiable credentials when using Affinidi’s open-source SDK. But starting from Affinidi SDK v6.0.4, we are migrating from Bloom Vault to our in-house built Affinidi Vault.

Why are we changing it?

It is our goal at Affinidi to provide an easy-to-use, secure, reliable, and high-performing set of functionalities within our Affinidi SDK. As a part of our continuous performance improvement activities, the engineering team has identified a need to replace the Bloom Vault with something that provides better performance and more advanced functionality. Thus, we have implemented Affinidi Vault as a replacement for Bloom within our SDK.

If you’re wondering why, here’s a comparison chart of the performance of Bloom vault vs Affinidi vault.

Comparison of vault performance

As you can see, there is a huge time-saving by switching to the Affinidi Vault, and this is why we made the change.

Why should you upgrade?

If you are using the earlier Affinidi SDK versions (lower than v6), your application won’t support the Affinidi Vault, and hence we can’t migrate you out of the Bloom Vault.

From Affinidi SDK v6.0.4 onwards, we have introduced an automatic migration trigger to the Affinidi Vault and that is why we ask you to upgrade to that version or above. Otherwise, your credentials will never be migrated and will eventually be wiped from the Bloom vault.

Please note that this migration will NOT impact the SDK performance negatively. On the contrary, if you have more than 100 credentials in Bloom Vault, you’re sure to see a big jump in performance after the migration.

Action points for you

• Update your services to use Affinidi SDK v6.0.4 or above.
• Please pay attention to the changelog while upgrading the SDK version as some methods may be changed or deprecated.

How to upgrade to the latest version of Affinidi SDK?

Go to GitHub and upgrade to version v6.0.4 or above.

When you send your first API request to get all the credentials using the new SDK, our system will start the asynchronous migration of your data from Bloom to the Affinidi Vault. No more action is required from you.

Once the migration is complete, your services will automatically start using only Affinidi Vault for both the write and read operations.

What is the timeline for this upgrade?

Starting from 8th July 2022, we will block writes to the Bloom Vault. All users must update their services to use the Affinidi SDK v6.0.4 or above by then. From 25th July 2022, we will block both reads and writes to Bloom Vault and depreciate support for the same.

For further questions/doubts, reach out to us at developers@affinidi.com, or drop us a note on Discord.

Visit GitHub to download Affinidi SDK v6.0.4.

Introduction

There is a greater emphasis on privacy and security today than ever before as more people strive to preserve their digital identities from misuse by cybercriminals and organizations that harvest personal data for advertising purposes.

In parallel, governments and regulators are pushing to improve online privacy , resulting in the proliferation of data protection legislations like the GDPR in the EU. As a result, both from a legal and ethical perspective, there is a growing urgency among companies to protect individuals’ privacy by empowering them to decide how and where their data is used.

An integral part of this process is a consent management system that explicitly informs users about how their data will be used, so users can make an informed decision about which data usage policies they agree to. While there are many consent management systems available today, not all of them are geared for Web 3.0 — widely regarded as the future of the Internet.

In this blog, we will be talking about the benefits of implementing consent management using an emerging standard known as Verifiable Credentials (VCs). We will also dive deep into Affinidi’s consent manager and what it can do for you.

What is Consent Management?

Consent management is the process or system where customers determine what personal data they are willing to share with a business and/or third parties. This user empowerment is a central theme of Self-Sovereign Identity, a powerful framework that allows users to be the ultimate administrators of their personal data. Further, they can determine what parts of their data are shared, thereby bringing users to the center of the data transaction.

Currently, much of consent management is managed through browser cookies. But this method is far from perfect because users can’t granularly choose to disclose only some parts of their information. Moreover, some browsers are planning to phase out certain types of cookies as early as 2023, due in part to concerns about customer privacy.

Bridging this gap is essential, and this is where Verifiable Credentials (VCs) come into play.

Why Consent Management through Verifiable Credentials?

Verifiable credentials are a machine-readable and tamper-evident W3C standard specification for storing and managing personal information. They come with features that are designed for managing digital identity in a web 3.0 infrastructure. This is why implementing consent management through VCs can help create a streamlined system for the future.

Also, here are more reasons why VCs are ideal for a consent management system.

Machine-readable

One of the key applications of web 3.0 is the Semantic Web, an advanced metadata system that structures and arranges all kinds of data in such a way that it’s readable by both machines and humans.

VCs fit this bill perfectly as they can be read by both machines and humans. Moreover, machine readability enables a host of opportunities for automating business logic surrounding user content and data sharing.

Supports Selective Disclosure

VCs support selective disclosure, in which a user can disclose only the selected data that he or she wants to. For example, if a user wants to disclose just their email ID and not their name or gender, VCs enable this.

Tamper-evident

VCs are tamper-evident and can’t be altered unilaterally without destroying the contents. However, they can be revoked by the issuer or the VCs can expire, and both situations require the issuance of a new VC.

As a verifier or manager of user consents, you can rest assured that if the VC is valid and not expired, then it is authentic.

Follows the Principles of Decentralized Identity

Managing consent through VCs follows the principle of decentralized identity as there are no central authorities involved. Further, these VCs are capable of being shared without using a single repository or database.

Every VC is stored by the user in his or her wallet — either custodially or on the edge — and hence can be highly decentralized.

Compliant with Privacy Laws

Established by the EU, the GDPR aims to give individuals complete control over their personal data, including with whom and how they are shared. Three important data protection and privacy principles of GDPR are:

• Giving users control over the transactional aspects of their digital identity including its monetization.
• Free movement of data across the union to enable commerce.
• The right to be forgotten.

VCs adhere to these principles as users control their data and the same can be shared with anyone in any part of the world securely by the user.

Customer-centric Solution

Existing identity solutions such as federated identity, are designed to give businesses control over all their users’ data rather than putting control in the hands of the customer.

VCs reverse this by putting customers at the center of every data transaction. Such customer-centric solutions are increasingly demanded in the world of web 3.0, and expectations of privacy and portability are expected to continue to rise as the widespread adoption of cryptography shifts the balance of ownership towards end customers.

Secure

VCs use public-key cryptography to secure the contents, making them well-protected from hackers and untrusted third parties.

Further, the effort and resources needed to expose the data of a single VC are extremely high in proportion to the reward. Compare this to the traditional system of centralized database, in which, gaining access to one database provides access to potentially millions of customers’ information.

All these make it clear why the concepts of decentralized identity provide a far safer option for storing sensitive data.

Introducing Affinidi’s Consent Manager

Affinidi’s Consent Manager is a privacy and data protection solution that enables application owners and organizations to manage end-customers’ consent through VCs.

Our consent manager is designed as a plug-and-play solution that can integrate with your existing or future applications, and can scale well with your business growth as well.

Broadly speaking, Affinidi’s consent manager empowers administrators to create consent policies and surface them to users to get their consent. Once the user agrees, a VC is generated and stored automatically in the user’s wallet and is also shared with the administrator.

In turn, the administrator can generate a verifiable presentation with some or all of the VCs, and even share proofs of consent with regulatory authorities if required in an audit.

Who should use the Consent Manager?

Affinidi’s consent manager is a generic application that can be used by different entities to get the benefits that matter to them.

It is a good choice for,

• Developers who prefer to use a plug-and-play module for managing consent across their websites and applications.
• Users who want to control what information they share and with whom, in order to avail specific services from providers.
• Communities and individuals who want to build applications in web 3.0.
• Web apps that require authentication, so users can consent to avail the services offered through the app.
• Organizations that need to generate reports/audit trails for consent management

If you fall into any of the above categories, you may wonder why you should use Affinidi’s consent manager over other solutions.

Why Use Affinidi’ s Consent Manager?

Affinidi’s consent manager offers many unique features and benefits. Here’s a look at some of them.

• Provides a tamper-evident and secure way to manage consent
• Makes it easy to create, update and delete policies, in runtime
• Follows the principles of decentralized identity management
• All modules can be reused across applications
• Integrates with Web and ReactJS
• Meets compliance with GDPR and other privacy and security regulations
• Comes with extensive documentation to quickly find all that you need.
• Backed by technical support on Discord
• Future-ready and scalable for all web 3.0 applications
• Supports extensive audits for different internal and external stakeholders.

Now that you know what you gain with our consent manager, let’s get down to the technical aspects.

High-Level Architecture

Affinidi’s consent manager has a simple architecture as it comprises only a small number of modules. This is what makes it easy to implement across any application stack.

Here’s an overview of the architecture.

Components of the Consent Manager

As you can see, the consent manager comprises of two important modules and they are:

• Consent Manager UI Widget — A pop-up widget that allows users to view the consent policy and approve it. The user can determine the start date for the consent. This is stored as a VC in the user’s cloud wallet first, and on approval, a signed VC is sent to the admin.
• Consent Manager Admin UI Widget — A UI that allows the admin to create the consent policy. The signed VC from the user is stored in the admin’s wallet for future reference.

Other than these two, we have the optional Consent Management Admin Backend where you can store consent templates to simplify the dev experience. This module also connects to the underlying database. Depending on your implementation, you can choose to connect the Consent Manager UI Widget directly with the Consent Management Admin Backend.

Workflow of the Consent Manager

Moving on, let’s see the consent manager workflow.

Step 1: Create a Consent

The workflow for the consent manager starts with the Admin widget. This is where the Admin of a website or application creates a consent policy for the users.

In this widget, you can create the contents of the consent, the country of jurisdiction, and any other attributes that come with it.

Once you’re happy with the consent, save it.

You can also copy it to a clipboard if you have to collaborate with other team members or get approval from others.

Step 2: Users View the Consent

After the admin saves the content, every user who visits the website or web app can see the consent through the Consent Manager UI Widget. This will pop-up as soon as a user visits the website or wants to use a web app for the first time.

The attributes mentioned by the Admin will be visible to the user, and he or she can choose which of the attributes must be sent to the Admin. Further, the user can determine the start date of the consent and the same will be included in the VC.

After entering these details and reading through the consent, the user can choose to press the “Next” or “Close” button.

If the user chooses the “Close” button, it will be construed that the user has not consented to the terms and conditions mentioned. On the other hand, if the user consents, he or she can press the “Next” button.

Step 3: Enter the Phone Number or Email Address

When the user chooses the “Next” button from the previous screen, he/she will be prompted to enter the email address or phone number associated with their digital wallet, as the VC will be created and stored automatically in it.

A quick note here. A digital wallet is a mobile/desktop app where a user can safely and securely store his or her digital credentials.

After entering the email address or phone number associated with the wallet, the user clicks the “Next” button. If the user doesn’t have a wallet, a new wallet will be created automatically in Affinidi’s cloud wallet.

The consent VC will be shared in this wallet and the user can subsequently access it with the email address or phone number. While logging in the first time, a confirmation code will be sent to the user, and this has to be entered in the next screen.

If the confirmation code matches, a “Success” message is displayed.

As soon as the VC is created, it is also shared with the administrator, and this entity can choose to store it in its wallet. This is later sent to verifiers like regulatory authorities to prove compliance with existing legislation. This VC will contain the DID of the administrator to prove that consent was given to the website/web app maintained by the admin.

Thus, this is the workflow in Affinidi’s consent manager.

Upcoming features

At Affinidi, we constantly strive to create impactful applications. Our roadmap for this product includes the following features

• End date of consent
• Automating data sharing or storing based on consent and revocation of consent.
• Customizing the look and feel
• Localization support
• Consent management without email id/phone number
• Report generation
• Revocation
• Customer-facing widgets can be made open source for the community to work on.

If you’re looking for specific features, please reach out to us on Discord, and we will be happy to include them as well.

To learn more about such Web 3.0 and digital identity-based products, join our mailing list.