Digital Credentials in 2028
A reflection upon the challenges we had to solve
Katja Assaf
Hasso-Plattner-Institute, University of Potsdam
13th
January 2023

The year 2028…
In the research project DiBiHo (Digital Credentials for Higher Education
Institutions) the three partners TU Munich, DAAD (German Academic
Exchange Service) and Hasso-Plattner Institute investigated the challenges
of establishing digital credentials for learning achievements.
We have created a systematic mapping of requirements coming from the
literature to identify and prioritize challenges. This includes (technical)
interoperability, revocation of credentials and privacy enhancing
cryptography. To test the feasibility of our ideas, we have created a proof of
concept implementing our proposals. The presentation will discuss the
identified challenges, our approaches and the remaining open questions.

The year 2028…
Alice

… in the year 2028.
Alice
University of
Potsdam
Universidad
Carlos III de
Madrid
Interoperability
Transfer …

Alice
Universidad
Carlos III de
Madrid Interoperability
Student ID …
… in the year 2028.

Alice Hackerspace
Selective
Disclosure
… in the year 2028.
Student discount…

Alice Hackerspace
Selective
Disclosure
… in the year 2028.
Student discount…

Alice
Universidad
Carlos III de
Madrid
Pseudonymity
… in the year 2028.
Online voting …

Alice
Universidad
Carlos III de
Madrid
Pseudonymity
… in the year 2028.
Online voting …

Alice
Universidad
Carlos III de
Madrid
Privacy
… in the year 2028.
Privacy …

Alice
Privacy
Relying Party
… in the year 2028.
Privacy …

1. Digital Credentials
■ Digitalized or Digital
2. Requirements
■ DiBiHo Proof Of Concept
■ Requirements for Digital Credentials
3. Challenges and Future Work
■ Middle Ware (Technical Interoperability)
■ Revocation
■ Anonymous Credentials
Outline
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 12

DiBiHo Project Summary
Digital Credentials for Higher Education Institutions – DiBiHo
13
Consortium Project Goal
Exploration of a trusted, distributed, and internationally interoperable
infrastructure standard for issuing, storing, presenting, and verifying digital
academic credentials in a national and international context for German
Higher Education Institutions.
Project Period
11/2020 – 12/2022
Funding Contact
Felix Hoops (Lead TUM Team)
Alexander Mühle (Lead HPI Team)
Kathleen Clancy (Lead DAAD Team)
Website
www.dibiho.de
Ref. No.: M534800
DiBiHo Project

What is a digital credential?
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 14

Digitalization of Paper Credentials
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 15
● Same disadvantages
○ Copying
○ Verification requires lookup
● Same advantages
○ Same process
■ Simple transition
○ Simple implementation
■ Practicality
■ PDF with QR-code or
link

Digital Credentials as substitute
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 16
● Harder
○ Trustwise
● Requirements unclear
● Not always human readable
● More options
○ e.g. SSI
○ User control
○ Privacy

Requirements

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 18
Self-Sovereignty
Selective
Disclosure Sharing
Consent
Pseudonymity
Revocation
free-of-charge
Portability
Tamper
Evident
Auditability
Verifiability
Interoperability
Reflect Current
Onboarding Process
(Integration)

Digital Credentials - Framework
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 19
Trust
University
Processes
Legal
Constraints

Digital Credentials - Framework
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 20
Trust
University
Processes
Legal
Constraints
Self-Sovereignty
Selective
Disclosure Sharing
Consent
Pseudonymity
Revocation
free-of-charge
Portability
Tamper
Evident
Auditability
Verifiability
Interoperability
Reflect Current Onboarding
Process

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 21
• Systematic literature mapping (112 sources)
■ Journal and conference papers
■ Grey literature (e.g. project reports, company whitepapers)
■ GitHub projects
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 22
• Systematic literature mapping (112 sources)
• Categorization
■ Functionality
■ Privacy
■ Usability
■ Deployability
■ amongst others
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 23
• Systematic literature mapping (112 sources)
• Categorization
■ Functionality
■ Privacy
■ Usability
■ Deployability
■ amongst others
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Functionality
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 24
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Functionality
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 25
present
register/revoke
verify
Relying Party
Issuer
Trusted Data Registry
Learner
register
issue

Receiving Credentials from HPI & TUM
Digital Credentials - Proof of Concept

27
VP Metadata
Credential Verification Results
For all VCs included in the VP.
(can be expanded for more details)
Verification Result
Overview
Digital Credentials - Proof of Concept

Digital Credentials - Functionality
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 28
present
register/revoke
verify
Relying Party
Issuer
Trusted Data Registry
Learner
register
issue

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 29
• Systematic literature mapping (112 sources)
• Categorization
■ Functionality
■ Privacy
■ Usability
■ Deployability
■ amongst others
• Prioritization according to
■ frequency
■ feasibility
■ and scientific interestingness.
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 30
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 31
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Digital Credentials - Features
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 32
• Systematic literature mapping (112 sources)
• Categorization
■ Functionality
■ Privacy
■ Usability
■ Deployability
• Prioritization according to
■ Frequency
■ Feasibility
■ And scientific interestingness.
⇒ Revocation
⇒ Pseudonymity & Selective Disclosure
⇒ Portability
⇒ Integration & Interoperability
Mühle et al., ‘Requirements of a Digital Education Credential System’,
submitted for EduCon 2023

Early Design Decisions

• Design paradigm based on Allens blog post1
Design Decisions: Self-Sovereign Identity
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 34
1
- https://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
2
- Tobin, Andrew, and Drummond Reed. "The inevitable rise of self-sovereign identity." The Sovrin Foundation 29.2016 (2016): 18.
Figure: The principles of Self-Sovereign Identity2

Technology Standards for SSI
35
Identifier Standard Claim Standard
Decentralized Identifiers (DID)
● Globally unique identification
● Interoperability layer for different
identification implementations
● Transparent resolution of identifier to key
material
● Allowing free choice in technology and
provider
Verifiable Credentials (VC)
● Verifiable claims about an entity
● JSON-LD document for generic structure
○ Metadata
○ Claim (arbitrary content and structure)
○ Proof
Design Decisions: W3C Verifiable Credentials

• An Identity Verifiable Credential (VCident
) is a VC containing
Personal Identifiable Information (PII).
• An Identity VC is especially deserving privacy protection.
• Design Decision to make a distinction between VCdiploma
and VCident
Design Decisions: Verifiable Identity Credentials
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 36

Challenges Considered

• An Self-Sovereign Identity System requires enough
■ Issuers
■ Relying Party (Verifiers)
■ Learners (Users)
• Generating Verifiable Credentials (VCs) from existing data is easy
• We show concept is feasible
• Future Work:
■ Real-world applicability
■ Evaluation
Middle Ware - Let’s work together
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 38
Interoperability
Portability
Assaf et al., ‘Prison Break: from proprietary data sources to SSI
Verifiable Credentials’, accepted for AINA 2023

• Straightforward solution for revocation:
■ Credential Status (active, revoked, suspended)
• But:
■ Defragmented issuer landscape
• Idea:
■ Introduce middleware similar to Universal Resolver
Revocation - What we do in case of error
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 39
Revocation
Mühle et al., ‘Universal StatusList:
Making a Case for more Middleware in
Self-Sovereign Identity’, planned for
2023

• An anonymous credentials scheme consists of three protocols:
■ Key generation,
■ Issuance,
■ And showing respectively verification
• With the following properties:
■ Credentials can be obtained anonymously,
■ Credentials can be shown
anonymously,
■ Credentials
cannot be linked.
Anonymity, Pseudonymity and Selective Disclosure
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 40
Selective
Disclosure
Pseudonymity
Assaf et al., ‘Anonymous Credentials and Self-Sovereign
Identity - two perspectives on privacy enhancing
authentication’, planned for SECRYPT 2023

Future Work

• An Identity Verifiable Credential (VCident
) is a VC containing
Personal Identifiable Information (PII).
• An Identity VC is especially deserving privacy protection.
• Design Decision to make a distinction between VCdiploma
and VCident
But:
• Sometimes binding a Diploma VC (VCdiploma
) to an Identity VC is
necessary.
• Student seminar exploring Merkle Trees
• Option to use cryptographic commitments - not done
Future Work: Credential Binding
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 42

• Where does trust originate?
■ Accredited universities
hierarchical
■ MOOC providers
decentralised / web of trust
● Does everyone need to trust everyone else?
Future Work: Root of Trust
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 43

• Revocation
■ Advanced cryptographic methods
■ e.g. accumulators
• Restricted Verifier
■ e.g. view only once
• Trust Anchor / Source of Trust
■ Organizational issue
■ Trust network (hierarchical vs decentralised)
• Credential binding
■ Difference Identity VC and Diploma VC
Future Work
Katja Assaf
13.01.2023
Digital Credentials
in 2028
Chart 44

Thank you for your attention! Ask away!
Katja Assaf
University of Potsdam - Hasso-Plattner Institute - Chair Internet Technologies and Systems
13. January 2023