Cooperative Credentials Stack

This is an overview of the Cooperative Credentials stack. This is intended as a reference for the technical staff (or equivalent) for participating cooperatives in the CoopCreds network. If anything is unclear in this guide please respond seeking any clarification required and I’ll respond promptly.


(click the picture to enlarge it)

Don’t worry! There’s a lot going on here, but participating cooperatives only need to implement the things in the purple box, which can be accomplished with off-the-shelf components. Read more about that below in the “Cooperative” section. You don’t actually have to build (code) anything if you don’t want to. This is a complete overview so you know how all the pieces fit together.

User

Users hold cooperative credentials. The most common way a user holds credentials is in a digital wallet on their phone. We will add support for physical credentials for those without phones, or for when phones are impracticable.

Digital Wallet

Our digital wallet is currently the MATTR wallet, which has iOS and Google Play clients. When MATTR release their SDK we may consider building our own wallet using that. We will also consider using an infrastructure-agnostic wallet (to the extent that is possible).

User Account Server

Coopcreds has an Auth0 tenant hosted in Europe where Coopcreds user accounts are created and user data is stored. There is currently a single Coopcreds user account system for all parts of the coopcreds network.

Pre Registration Flow

The Pre User Registration flow is where Coopcreds will perform any “Know Your Cooperator” (KYC) checks required by the CoopCreds network, and any checks required by specific cooperatives in the network. Auth0’s implementation of a pre registration flow is explained here

The only Pre User Registration check currently is email verification. These checks can be expanded to include the following:

  • Proof of existing cooperative membership
  • Verification by an appropriate existing member of the cooperative membership is claimed of
  • New cooperative membership creation (on behalf of a partner cooperative) and associated information verification, for example:
    • Proof of professional accreditation
    • Proof of address
    • Or anything else required from members by the partner cooperative.

These will be implemented by a combination of off the shelf Auth0 actions and hooks, and custom actions or hooks as needed.

Verifiable Credentials Infrastructure

We have a set up our verifiable credentials issuer and verifier using MATTR. Each piece of this infrastructure may be, all or individually, replaced for solutions provided by other providers, or by our own implementation(s).

Issuer

Our issuer is currently set up using the MATTR OIDC Bridge, integrated with Auth0, similar to that described in this guide. This means that credentials are issued after the user has logged in with their CoopCreds account so that relevant user data can be requested and interpolated from the CoopCreds auth0 tenant.

Verifier

Our verifier is currently set up using the MATTR OIDC Bridge following this guide. Each participant in the Coopcreds network is issued seperate client credentials which are used by verifier clients to verify credentials presented to them.

Verifiable Credentials Standards

CoopCreds is actively participating in the W3C Credentials Community Group and has started a sub-group of the CCG to focus specifically on the contents of the verifiable cooperative credential. Further details on how you can participate in this work will be coming soon.

Cooperative

Each participating cooperative in the CoopCreds network implements a verifier client which grants users access to resources or services upon successful verification of credentials. Start by reading the topic below on how to implement a verifier client.

5 Likes