Introducing: Condatis SSI OIDC Bridge

17 September 2020

Condatis has developed a bridge that allows services already using OIDC to connect with holders of SSI wallets when requesting the data required to grant users access to their services.

 

Systems that can readily accept consumers/customers or staff identity are readily available in corporations.

Photo of Chris Eckl, CTO
Author: Chris Eckl, CTO

The bridge integrates digital wallets to federation sources without changing the underlying services.

To the service, the bridge looks like an Identity Provider, whereas to the digital wallet, the bridge looks just like another verifier.

Since the bridge codifies the enterprise’s trust framework, all the service has to do is to call this new Identity Provider with a reference to the data it wants.

The figure below references a data model with a proof request template as well as an allowed values filter.

 

Multi SSI Stack

A significant advantage of multi SSI stack model is that the SSI bridge interacts with the two primary SSI technology stacks currently in the community.

The bridge has a built-in agent for Hyperledger Aries using Evernym’s Verity product and supports the. This model allows holders to use an Aries compatible wallet like Evernym’s Connect.Me, as well as Microsoft’s Authenticator app.

 

 

The Condatis SSI package

The OIDC bridge builds on the experience of Condatis’ team to abstract SSI technology and makes it more useable and quicker to deploy. The OIDC bridge sits on top of the Condatis SSI Middleware that orchestrates interoperability and abstracts the underlying protocol stacks.

Other modules in the Condatis’ SSI package that also build on the same middleware are:

  • Condatis SSI Issuer: the issuer allows simple issuing of verifiable credentials
  • Condatis SSI Verifier: the verifier allows verification based on a given proof request template
  • Condatis SSI Protocol Handshake Provider: this module makes it possible to offer either protocol to the consuming user and provides mediation between the Hyperledger Aries and OIDC SIOP protocol families

 

Features & Benefits

Features

  • Bring Your Own Wallet (BYOW)
    • Hyperledger Aries
    • Microsoft Decentralized
  • Interoperate with your existing systems
  • SSI credentials as OIDC claims
  • OIDC authentication as SSI proof requests
  • SSI proof responses as OIDC claims
  • Build on existing Azure infrastructure

Benefits

  • Support the widest customer base, now and in the future
  • Minimise re-work
    • Interoperate with your relying party applications
    • Just on-board a new identity provider (SSI Bridge)
  • Minimise time to deploy: integrate in a sprint

Benefits to service providers

  • makes existing OIDC-based applications available to a wider audience without the need for recoding
  • removes the need for developer training in SSI protocols
  • provides access to new wallet vendors as soon as support by the bridge is released
  • enhanced trust in returned data through cryptographic verification and dynamic revocation checking

Benefits to service users

  • supports multiple wallet vendors, giving end-users control over their choice of technology
  • maintains privacy by ensuring that only the minimum data required by the service provider is disclosed (e.g. meets age restriction without disclosing date of birth)

Unlock your business’ potential with Self-Sovereign Identity

Self-sovereign is a new and exciting identity paradigm. We can help you evaluate SSI technologies and where SSI fits in your business.

Trust in Self-Sovereign Identity

What are the differences and similarities between a Trust setup with Federated Identity versus a Self-Sovereign (SSI) Trust setup? We break down the features of each in our blog post, 'Trust in Self-Sovereign Identity'.