Skip to content

Demonstrating the use of SSI for a Digital Student ID on the IOTA Tangle.

Notifications You must be signed in to change notification settings

kkmarv/IOTA-Digital-Student-ID

Repository files navigation

Digital Student ID Demo

Newest efforts in Digital Identity and Self Sovereign Identity (SSI) leave the hope that digital governing may come true.
Organizations such as the IOTA Foundation are creating decentralized frameworks that make this possible. IOTA has the unique concept of the Tangle which makes SSI possible today.

To showcase a possible scenario where SSI would greatly benefit everyday life, this project aims to prototype a Digital Student ID for the use on a university website.

Contents

1. Verifiable StudentCredential

1.1. How it works

Some high-level explanation

The following steps expect that DIDs for both, the university and the Student, already exist on the Tangle. If you want to learn more about DID creation, see the Keeper documentation.

1.1.1. Registration | Matriculation

The process of enrollment via the StudentCredential.

%%---
%%title: Registration | Matriculation
%%---
sequenceDiagram

participant S as Student
participant U as University
participant T as Tangle

S ->> U: Hi University, I am did:iota:example:123<br>and I'd like to enroll myself.
Note over U: The uni needs to know <br> whether the Student has control <br> of did:iota:example:123. <br> So it sends a challenge <br> to the Student.
U ->> S: Authenticate yourself, please.
Note over S: The Student<br>signs the challenge <br> with their private <br> key and sends it back.
S --x U: Sure.
U ->> T: I need document with ID <br> did:iota:example:123
T --x U: Sure.
Note over U: The uni decrypts the signed <br> challenge with the Student's public key. <br> If it matches with the original challenge, <br> the Student has proven ownership of their DID.
U ->> S: I need your personal data.
Note over S: Now, the Student <br> can decide <br> whether to send <br> their data or not.
S --x U: Sure.
Note over U: With the Student's personal data, <br> the uni needs to verify its validity.
Note over U: If the data is valid, the uni creates <br> and signs a StudentCredential. <br> The uni also disposes all information <br> about the Student as everything is <br> contained within the StudentCredential.
U --x S: Here's your signed Student ID.
Note over S: With the StudentCredential <br> at hand, they are now able to <br> verify their status as a <br> student of University.
Loading

1.1.2. Login | Authentication

The process of authentication via the StudentCredential.

%%---
%%title: Login | Authentication
%%---
sequenceDiagram

participant S as Student
participant U as University
participant T as Tangle

S ->> U: Hi University, I am did:iota:example:123 <br> and I want to use your website.
Note over U: As with the registration, <br> the uni needs to know <br> whether the Student is <br> who they claim to be.
U --x S: Sure thing. <br> But first we need your matriculation status. <br> And please sign this challenge.
Note over S: The Student creates a <br> Verifiable Presentation <br> of their StudentCredential, <br> includes the challenge, <br>signs and sends it.
S ->> U: Here's proof of my matriculation.
U ->> T: I need document with ID <br> did:iota:example:123
T --x U: Sure.
Note over U: The uni is now able to <br> verify the Student's <br> matriculation status by verifying <br> the Presentation and the Credential.
Note over U: If the validation is successful, <br> the Student currently is enrolled.
U --x S: You may proceed.
Loading

1.2. Credential Contents

The StudentCredential makes several assertions about its holder.
For now it will contain a students personal information, which in a fully working ecosystem will not be necessary nor desirable. This will be done via official government issuers. But as such infrastructure does not exist yet, the design decision was to include personal information in the StudentCredential just for convenience.

Personal information

  • Full name
  • Address
  • Picture of the student

Study information

  • Name of the university
  • Current semester
  • Matriculation number
  • Name of the study subject
  • Degree (Bachelor | Master)

2. Design

2.1. System Architecture

The overall architecture of this framework.

%%---
%%title: System Architecture
%%---
flowchart
    subgraph University
        UniversityKeeper(Keeper)
        IssuanceService(Issuance Service)
    end
    
    subgraph Student
        StudentKeeper(Keeper)
        Browser(Browser)
    end
    
    StudentKeeper-.->Tangle
    UniversityKeeper-.->Tangle
    Browser-->IssuanceService
    Browser--->StudentKeeper
    IssuanceService-->UniversityKeeper
Loading

2.2. User Navigation

The simple user navigation in the web app.

%%---
%%title: User Navigation
%%---
stateDiagram-v2
    [*] --> Login/Registration

    state Login/Registration {
        direction LR

        state fork_state <<fork>>
        state join_state <<join>>

        [*] --> fork_state
        fork_state --> EnterUsername
        fork_state --> EnterPassword

        join_state --> [*]
        EnterUsername --> join_state
        EnterPassword --> join_state
    }   

    Login/Registration --> ActionSelect

    state ActionSelect {
        direction LR
        state if_state <<choice>>
        
        [*] --> if_state
        if_state --> ...
        ... --> [*]
        if_state --> [*]
        if_state --> Cafeteria
        Cafeteria --> [*]

        state Cafeteria {
            direction LR
            [*] --> SelectMeal
            SelectMeal --> Pay
            Pay --> [*]
        }
    }

    ActionSelect --> [*]    
Loading

3. Setting up your local environment

3.1. Quick Start Guide

If you don't already have node.js installed on your system, download and install it from here.

Next, after cloning/downloading the repository, open 3 different terminal sessions and and navigate to the following paths in one terminal each:

  • /university
  • /keeper
  • /gisa-did

Now go ahead and execute the following command in each of the terminals:

npm install

Finally, in the /university and /keeper teminals, execute

npm run dev

while in the /gisa-did terminal, execute

npm start

On localhost:4200 you should now have the fully functional web app running with the backend servers running as well.

3.2. Set up node.js using nodeenv

You can always go ahead and install node.js globally on your system from here.
The following steps will only guide you through the process of creating a virtual environment for node.js using nodeenv.

3.2.1. Create a virtual node environment

IMPORTANT This will require Python version 3 or greater and pip installed on your system.

First, open a shell inside the repo's root directory, then install the node.js environment manager nodeenv using pip.

pip install nodeenv

Now create an environment called .node.
For this environment, we will use node.js version 18.12.1. Your command line will need elevated privileges for this to work.

nodeenv .node --node=18.12.1
Good to know: Node.js versions that are known not to work:
Version Incompatibility
18.8.0 some problems with @iota/[email protected]

About

Demonstrating the use of SSI for a Digital Student ID on the IOTA Tangle.

Topics

Resources

Stars

Watchers

Forks