IOTA and walt.id

Open source decentralized identity and wallet infrastructure for developers and businesses on IOTA.

TLDR

In collaboration with the IOTA Foundation, we built a decentralized identity and wallet infrastructure for the IOTA ecosystem. As a result, developers now have holistic identity tools that enable four capabilities around Self-Sovereign Identity (SSI):

1. Create and issue Verifiable Credentials (to digitize identity information)

2. Manage and share Verifiable Credentials (to prove identity attributes via a app/wallet)

3. Verify Verifiable Credentials (for auth, identity verification, …)

4. Use Verifiable Credentials with traditional identity/CIAM infrastructure

These capabilities can be used to build a great variety of use cases such as in the public sector (passports, visas, proof of residence), education (diplomas, student IDs), employment (badges, organizational affiliation), banking (KYC, loans) and beyond.

Let’s dive in!

Why did we partner with IOTA?

Decentralized identity relies on so-called "identity ecosystems" to create trust between people and organizations, typically through "Trust Registries" , which act like a single source of truth for information that is required to reliably verify identity data. Distributed Ledger Technologies (DLT) or blockchains are often the preferred technology for implementing Trust Registries due to their decentralization, transparency and immutability, which allow for easy auditing and prevent manipulation by intermediaries.

IOTA is particularly interesting because of its work with public authorities like the European Commission, its strong community as well as its unique properties that result from IOTA being a DLT but not a blockchain, such as gasless/feeless transactions. Moreover, the IOTA identity framework is based on open standards for decentralized identity like W3C Decentralized Identifiers (DIDs) and W3C Verifiable Credentials (VCs).

You can read more about identity ecosystems, Trust Registries and the role of blockchain for decentralized identity here and here.

What our collaboration is about: Building Decentralized Identity infrastructure for IOTA

In collaboration with the IOTA Foundation we set out to make decentralized identity easier accessible for builders in the IOTA ecosystem by providing powerful open source libraries for developers and businesses.

Today, there are different decentralized identity technologies like

• Self-Sovereign Identity (SSI) which has been specifically designed for identity use cases, and is, therefore, suitable for sharing data-rich identity credentials privately and off-chain. SSI can be implemented with or without blockchains. If blockchains are used, their main purpose is typically to establish Trust Registries which are required for data verification.

• Non-Fungible and Soulbound Tokens (NFTs, SBTs) which have initially been designed for the tokenization of assets, not for identity use cases. As a result, this approach is suitable for data that is not protected by regulations (like public data, organizational data) or for use cases that require only minimal or anonymized data proofs (aligned with privacy considerations) or for use cases in which access to a service is not necessarily linked to one’s identity (like tickets). While certain data associated with NFTs/SBTs can be stored off-chain, this approach can only be implemented with blockchains.

• Mobile drivers license (MDL): This approach is the most traditional one and has been developed without considering blockchains as a native component.

Considering IOTA’s work with public authorities, its experience with SSI and its focus on enabling rich identity use cases across industries, we decided that SSI must definitely be supported. However, the significance of NFTs/SBTs and the fact that IOTA’s layer 2 is EVM-compatible - which we already support -, means that we will soon also support NFTs/SBTs on IOTA.

Why Decentralized Identity based on Self-Sovereign Identity ?

The internet lacks a native identity layer. As a result, digital identity has been built on top of centralized databases that created a digital world in which user data is siloed, fragmented and disconnected. However, the world is changing and identity data is moving from apps (traditional model) to users (wallet-centric model) based on technologies like Self-Sovereign Identity (SSI) which ensure that data is user-controlled, easy to share, reliably verifiable and always up to date. This shift - from closed data silos to open data ecosystems - is unfolding as follows:

Firstly, for identity information to become useful across different systems and domains it must be digitized and made “reusable”. In other words, organizations need the ability to transform existing identity information into digital Verifiable Credentials (VCs), which can be issued to and easily shared with their customers, users and other stakeholders.

Let’s call this the “VC supply side”. 

Secondly (as the “VC supply side” is ramping up), there is a growing need for organizations to be able to request, process and verify VCs of their stakeholders in order to authenticate and identify them such as in the context of access management.

Let’s call this the “VC demand side” (together with the next point).

Thirdly, we see more and more organizations (e.g. in the public sector, banking, health care, education as well as providers of payment or web3 wallets)  incorporating VCs into their applications so that their users can easily manage and share their identity information via the applications they already use. 

The open source developer tools built by walt.id and IOTA enable you to do all of these things and more!

Holistic open source developer tooling for decentralized identity

Our open source tools provide everything developers and organizations need to use Self-Sovereign Identity on IOTA aligned with industry standards standards: 

For Issuers

As outlined, Identity information must be transformed into Verifiable Credentials to be reusable and verifiable across systems. Developers can now do just that while all complexities are abstracted including, for example, the registration and management of W3C Decentralized Identifiers (did:iota), the utilization of Trust Registries on IOTA as well as the import of data from local or other sources and its transformation into signed W3C Verifiable Credentials (JSON-L or, JWT), which can then be shared via standardized protocols like OpenID Connect (OIDC4VCI). 

For Holders (“Identity Wallet”)

Apart from the issuance of Verifiable Credentials, our tools enable developers to build identity wallets. Anyone can now either build brand new identity wallets or extend existing applications with abilities like registering and managing Decentralized identifiers or requesting, storing, managing and sharing Verifiable Credentials with third parties (“Verifiers”) in order to authenticate or prove their identity. 

For Verifiers

Finally, our open source tools make it easy to verify Verifiable Credentials and by extension any identity information of people and organizations. Based on these capabilities developers can build user onboarding, authentication, identification and check-out flows into their applications in order to manage their stakeholders’ access to different products, services or communities based on Verifiable Credentials. Importantly, any type of identity attribute (e.g. core identity, education and employment records, financial and health data, …) can be verified and access rights can simply be configured with customizable verification policies (based REGO and the Open Policy Agent).

Backwards Compatibility (“Identity Provider”)

Finally, given that more and more traditional businesses are using Verifiable Credentials, we also built an “identity provider” (leveraging OpenID Connect) that integrates with traditional identity and access management tools (e.g. KeyCloak). As a result, developers and businesses benefit from backwards compatibility as they can now easily implement SSI and Verifiable Credentials with these traditional access management tools.

How to get started 

Depending on your preferences, start hands on with a demo or dive into the functionalities and the overall architecture.

Events & demos

• Login with  IOTA (webinar) - Learn more about IOTA, walt.id and our partnership. 

• Login with IOTA demo - Login with Verifiable Credentials based on IOTA DID

Deep dive 

• Architecture - See how IOTA was integrated into the SSI Kit

• OIDC4VP profile for Login with IOTA -Specifics of using the OIDC4VP protocol in the scope of Login-with-IOTA to ensure compatibility with the IOTA identity framework.
  

About walt.id

walt.id offers open source decentralized identity and wallet infrastructure for developers and businesses.

The company’s products are used by thousands of developers, governments, public authorities, enterprises, and decentralized autonomous organizations to build applications and use cases across industries.

For more information, visit walt.id or join them on Discord.