Technical Architecture

My Data Activation provides the full infrastructure to support decentralized credentials lifecycle—from issuance to verification. It supports a wide variety of standards, ensuring interoperability across platforms. The solutions has four key components: issuer, verifier, registry, and wallet.

• The issuer plays a crucial role in decentralized identity systems by providing holders with verifiable credentials (VCs). Its main purpose is to provide a trusted proof of information, such as confirming a student's status. By generating VCs and sending them to the holder's digital wallet, the issuer allows holders to manage and use their identity data securely. Additionally, to maintain trust and accuracy, the issuer can amend or revoke credentials by updating the credential's metadata using the registry, ensuring that only valid and current information is used for verification. My Data Activation supports credentials with selective disclosure, which means that a holder can disclose only part of the credential information while keeping the rest private.
• The wallet serves as the holder's personal digital vault for managing their identity data. Its primary purpose is to provide holders with a tool to securely store and control the verifiable credentials received from issuers. When needed, the wallet enables users to share these credentials as verifiable presentations with third parties, allowing them to prove claims about themselves while protecting their privacy.
• The verifier's purpose is to confirm the validity and authenticity of credentials presented by a holder. By checking the cryptographic signatures on credentials and presentations, the verifier ensures that the information is accurate, trustworthy, and hasn't been tampered with.
• The registry is the mediator that makes a truly decentralized verification system possible. Its purpose is to provide trust by storing public keys and essential metadata from issuers and wallets. These keys are used by verifiers to authenticate presentations and credentials. The registry helps maintain the trustworthiness and validity of identity exchanges within the system.

An Example: Student IDs

Consider a scenario where a student, Alice, needs to prove her enrollment status to access a bookshop discount. Here's how the process would work using My Data Activation.

The school acts as the issuer, creating and cryptographically signing a verifiable credential that asserts the student's enrollment status, among other pieces of personal information. This credential is sent to Alice, who stores it in a digital wallet on her smartphone. When Alice wants to claim a discount at a bookshop, which acts as a verifier, she can use selective disclosure to share only the part of the credential that confirms her student status, without revealing unrelated personal details. Without DIDs, Alice would need to disclose her full student card, revealing all the data contained in it.

Alice approves the disclosure of her student status on her wallet. This generates a verifiable presentation of her credential, which is cryptographically signed by her wallet. This presentation is sent to the bookshop's verifier, which checks the authenticity of the issuer and wallet's signatures, as well as the credential validity by looking up the relevant public keys and credential meta-data in the registry. The results of these checks are communicated to the bookshop so they can decide whether to provide the requested discount.

Decentralized Identities

In My Data Activation, decentralized identities (DIDs) serve as unique identifiers assigned to users, giving them full control over their digital identities and linked credentials. The verifiable credentials generated by the issuer contain information about the holder and are associated to a specific person through their DID. Verifiers can independently confirm a credential's validity—without issuer involvement—by using a decentralized registry, which stores the cryptographic data needed for verification.