Required and issued credentials

Owned by Olesya Kershaw
Last updated: Feb 03, 2024
6 min read

Features

Description

Screenshots

Required credentials

You can set up the credential issuance process in such a way that a client (mobile app user) needs to provide specific credentials before receiving a new credential. For example, a school might require that a student shares their certificate of completion for a specific course before being issued a credential that enables them to proceed with their education. This ensures that the student meets certain prerequisites before obtaining the new credential.

 

Select Required credentials

To select the credentials that a client (mobile app user) must share to complete this interaction (required credentials), navigate to the “Details“ tab of the specific interaction. Click “Select” next to the “Required credential definitions” field. This will open the “Required credentials” pop-up window.

 

Screen Shot 2024-02-03 at 00.41.00-20240202-224124.png

 

Selecting Required credentials from the “Credential definitions” or “Schemas” lists

You can choose the required credentials from either the list of "Credential Definitions" or the list of "Schemas."

If you choose "Schemas," clients can share any credential issued by any service based on that schema.
If you choose a specific credential definition, clients

  1. will share a credential issued by a particular service based on that specified credential definition.

Please note that If the trust level of the credential definition created by this service based on a particular schema is "Self-attested," selecting the required credential based on the same schema is not possible.

Screen Shot 2024-02-03 at 00.42.34-20240202-224322.png

 

 

On the new pop-up window, choose either "Credential definitions" or "Schemas."

Find the name of the service that provides the required credential. Select the credential definition/schema, and then choose the version of the schema based on which the required credential needs to be issued.

After selecting the credential definition/schema, the details of the selected option will appear on the right side of the current pop-up window.

 

Notification ID required credential

 

We recommend requesting the “Notification ID” (the credential provided by the ProofSpace ID service) oduring the initial interaction with each client. This ensures the capability of sending push notifications to the client from your service.

 

 

Saving a required credentials list

When you have added all the required credentials, click "OK."

Configuring selected Required credentials

 

Click on the selected required credential.

This will allow you to specify the selective disclosure and zero-knowledge predicates.

Note that the Atala PRISM credentials cannot be issued with configured zero-knowledge predicates and selective disclosure.

 

 

Selecting attributes to be disclosed

 

 

 

 

Claim last credential

After clicking on the specific required credential, the “Edit required credential” pop-up window will appear.

In this window, select the attributes you want to disclose from the “Attributes” list. If no attributes are selected, all attributes will be disclosed.

 

Select the "Claim last credential" checkbox to prompt for the most recent available client credential if they have multiple credentials of the same type.

Fill in an attribute by scanning QR code

 

 

 

 

 

Check the "Pre-filled from interaction QR code" checkbox to allow the client to scan a QR code and automatically fill in the attributes of the self-attested credential. This data will not be editable for your clients in the app.

Note that this option is only available for self-attested credential definitions that are set as required for interactions with initiation media "QR."

Add zero-knowledge predicates (ZKP)

 

A predicate is a logical expression that uses one or more parameters and returns a boolean result.

In other words, a predicate is an expression that determines whether something is true or false.

Predicates can only be configured on attributes with data types "Number," "Date," and “Enum“ for service-attested credentials.

The term "zero-knowledge" means that an interaction is not require a client to reveal the actual value of a credential attribute but instead prove the predicate upon the attribute.

For example, a client can prove that they are over 18 years old without disclosing their actual age or date of birth.

To set required proofs upon credential attributes, click on selected required credential. Then, on the “Edit required credential“ pop-up window, select the "Predicates" tab and click "+ Predicate." Select the attribute name from the drop-down list. Set up the necessary preconditions and click “Submit.“

You can edit or delete existing predicates later.

Attributes used in predicates cannot be selected for disclosure.

 

 

 

Select Issued credentials

If you want to issue a credential to the client during this interaction, click "Select" next to the "Issued credentials" field.

 

After clicking "Select" next to the "Issued credentials" field, choose the credential definition that will be the basis for issuing the credential to your client. Once selected, the details of the chosen issued credential definition will appear on the right side of the pop-up window.

Click "OK" to save the selection of the issued credential.

Remember that only one credential can be issued in each interaction.

 

Edit issued credential template

 

 

 

 

Once you've selected the issued credential, you can configure the credential project by setting rules for pre-filling attributes in it. Click on the chosen issued credential’s name to open the "Edit issued credential template" pop-up window.

 

Pre-fill Rules for Attributes

 

Select the checkbox next to the issued credential's attribute name that you want to be automatically pre-filled. Two additional fields will then appear next to this attribute name.

Select the source for the attribute's pre-filled data from the drop-down list.

There are five different data sources for pre-filling the attribute:

Constant:

If you select “Constant,” the attribute will be pre-filled with the constant value specified in the adjacent field;

Parameter:

If you choose "Parameter," an additional field will be added. Select the parameter as a value to pre-fill this attribute;

See more information in the “Parameters and instances“ section of our Knowledge base.

From existing credential:

When selecting the “From existing credential” option, two additional fields will appear. In the first field, enter the data input source, and in the second field, specify the attribute name from which the issued project attribute will receive the pre-filled value.

Unique autogenerated:

If “Unique autogenerated” is selected, the pre-filled attribute value will be a unique numerical value starting from 1.

Random:

If "Random" is selected, the pre-filled attribute value will be random (depending on the attribute data type).

 

Attributes without pre-filled data

If the checkbox next to the attribute name is not selected, the corresponding attribute will not receive a pre-filled value. In this case, the data can be automatically received from the webhook or be manually entered by the dashboard operator.

 

Manual credential issuance

If the “Manual review” checkbox is not selected and pre-fill rules are set for all attributes, the credential will be issued automatically.

To issue the credential manually, select the “Manual review” checkbox.

 

 

When all the details are added on this page, click "Submit."