Digital Credentials: The Right Way To Do It

How can Educational Institutions leverage Verifiable Credentials to build sustainable, scalable digital credentials distribution abilities

Over the last couple of years, more and more educational institutions are adopting digital means of delivering credentials to their students. These include certificates of accomplishments, degree certificates, identity and admit cards, among others.

While most institutions have implemented systems that just suffice the need, a number of gaps in terms of security, privacy, functionality can be identified. In addition, opportunities for the organizations to improve their outreach, empower their students, build better interfaces with other stakeholders are not being utilized.

Many of these systems which are built to address specific functions — download and print admit cards, download and share course certificates, copy and share accomplishments on social media — have structural design and architectural deficiencies like -

• No authentication: access to credentials allowed using only a registration number. Anybody can access, view info and download information aiding social problems for vulnerable students.
• No privacy: Not much attention is provided to students’ privacy. For example, registration numbers are usually serially numbered and makes it easy for identity harvesters to gather students details very easily.
• Purpose: Basic premise of providing online access (to ensure convenience, scale of distribution and management efficiency) are defeated when these credentials are used for process manipulation, impersonation, access denial, etc. For eg. Certificate holder who has the same name as another (with better grades) can potentially use the credentials issued to the latter for the former’s benefit.

Verifiable Credentials Infrastructure built with a Decentralized Identity environment at its center can play a very vital role, not only to overcome above deficiencies but also to provide a highly reliable, extensible, feature-rich, privacy first experience to the students.

Some basic traits of the system -

• The integrity and authenticity of the identity is derived from well-defined foundational IDs.
• Scope for information leaks are completely eliminated by using multiple authorization methods.
• Impersonation and fraud are eliminated by exchanging credentials which are end-to-end encrypted and stored in tamper proof encrypted wallets on the holder’s mobile phone. Or, the credentials are encrypted and stored in cloud wallets which are invoked by scanning a QR code printed on the credentials paper artifact (certificates, admit cards, ID cards) which are held by the holders.
• The whole experience of interacting and managing the end-to-end workflow and life-cycle are orchestrated using a secure dashboard driven tool. Password-less authentication and a role based access control system provide a convenient yet fool-proof system that can be deployed across organizations with minimum hand holding and on-boarding activities.

The Verifiable Credentials Infrastructure are based on both established and upcoming standards recommended by bodies like W3C, Trust Over IP Foundation, ISO, MEITY — GOI, etc.

While the Verifiable Credentials Infrastructure envisages making life easier for institutions, the ecosystem opens up a portal of possibilities for the students and other holders.

For Institutions -

• Secure, Privacy honoring, flexible identity solutions
• Platform to deliver customised benefits and enables high levels of engagement
• Infra that supports auditable actions (including audits of the issuing authorities, issued credentials and the process of issuance etc)
• Increased reputation and institutional credibility
• Standardized mode of information interchange in a Decentralized Identity ecosystem (with other Educational Institutions, Government Organizations, Employers, Facility providers, Financial Institutions, etc)

For Students -

• Identity, Admit card credentials in their digital wallet on their mobile devices or on QR enabled ID cards.
• Certificates of accomplishments
• Badges of recognition
• Single instrument that can be used to encash different types of entitlements

Decentralized Identity, password-less logins, verifiable credentials — these are going to become integral to applications and web services design. Providing well thought methods to the users to govern their identity and data is the key. The recent set of reports indicate that organisations need expert guidance when making the digital transformation. The CB insights report is a snapshot of the trends and validates the combination of data exchange built around digital identity — a goal that Dhiway is pursuing.