A Credential Definition is a structured list of attributes defined in the Credential Schema. More information about credential schemas can be found in https://zaka.atlassian.net/wiki/spaces/PSM/pages/2032173057. Credential Definitions may be of two types: self-attested and service-attested. Self-attested means that a client should fill in the information in the app to send it to a service. Service-attested means that a credential will be created, signed, and issued by the service to a client.
Create Credential Definition
To create the Credential Definition, click the “Schemas” button on the main menu on the left side of the screen.
Choose the schema
Click on the “My schemas” tab to use a schema intended for this service only, or click on the “Public schemas” tab to use a schema made by/for other services.
Create the credential definition
Click the “Create” button next to the selected schema’s name in the schema list.
Check the “Self-attested” option to allow the client of the mobile app to fill in the information and send it to the service on their own.
Click the “Service-attested” option for client credentials to be created, signed, and issued by the service.
Select the one-off checkbox to have the client of a mobile application fill in the credential attributes each time an interaction that requires this credential is executed. This option is only accessible forself-attested credentials.
Third-party (external) verification
An additional external (third-party) verification hook can be optionally specified and called during the interaction execution for the service-attested credentials. For example:anchoring of the credential hash can be additionally verified in third-party blockchain.
To set an external verification hook, click on the field with the corresponding name. The "Edit webhook" pop-up window will appear. In the "URL Template" field, enter the URL for the webhook request, then choose the key and authentication (auth) type for the webhook from the drop-down lists.
Please note that the key type “SHA secret“ can be used only in auth type “Bearer Token“.
Set the authorized keys and IP prefixes for incoming credential issuing webhook requests from the third-party systems.
To configure the list of authorized IP prefixes and keys for web-hook requests to this service from third-party systems, click the "Add" button in the "Web hook accepted keys" area.
The "Edit external web hook access" pop-up window will appear. Add allowed IP prefixes (e.g. 192.168) by clicking the "Add IP prefix" button. Choose the key type and authentication type from the drop-down lists. Note that the key type “SHA secret“ can be used only in auth type “Bearer Token“.
The "Schema details" section contains the details that have previously been saved.
In this section, the attribute metadata and the order of the schema attributes may be changed.
Change attribute metadata
The attribute ”Credential Issue Date” cannot be changed.
The options for changing metadata include:
Modify or add a description to the attribute.
Check the “Multi line” checkbox to enable “Text” attribute editing with multi-line support (new line).
QR codes can be used as a data source. Check the relevant checkbox.
Change attribute metadata (continue)
To make changes, click the "Edit" icon in the "My Credential Definitions" tab. The "Update Credential Definition Meta Data" page will appear. Make all the necessary changes.
Change attribute metadata (Updating “Enum“ type attribute)
If Data type “Enumerated type (E-num)” was used for the current attribute, values can be edited or deleted.
On the “Edit attribute” pop-up window, click the “Enumerated type (E-num)” data type attribute which value needs to be updated. Make all necessary changes and click “Change.“
Change the order of the attributes
To rearrange the schema attributes, move the mouse cursor to the attribute you want to move, click and drag the attribute to the desired location without releasing it.
Save Credential Definition
If all details are correct, click the “Create” button.
After the “Create” button has been clicked, this credential definition cannot be deleted.
Find Credential Definition
This credential definition can be found in the section "My Credential Definitions" of the main menu "Schemas" page.
Adjust attributes metadata after Credential Definition has been created
After saving the credential definition, the credential definition's metadata and external verification hook can be adjusted.
Click the “Schemas” tab of the main menu, select the “My credential Definitions“ tab and choose the credential definition you want to change by clicking on the “Edit“ icon. Make all necessary changes and click “Save.“
Deprecate Credential Definition
If for any reason, you don't want the particular credential definition to be visible in the list of credential definitions, you may deprecate it.
Click the "Edit" icon next to the credential definition’s name and tick the "Deprecate" checkbox in the "Update Credential Definition Meta Data" page.
To see ALL credential definitions in those lists again, check the "Show deprecated" checkbox on the "Schemas" page. If a deprecated credential definition is already used for issuing credentials by your service or any other service, it will keep functioning as it previously did.
However, if you try to edit such an interaction, the system automatically removes the credentials based on a deprecated credential definition from the interaction's settings. To avoid it, tick the checkbox "Show deprecated."