hydra
hydra copied to clipboard
ory
OIDC4VC - novel standards for
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Network project.
- [ ] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Describe your problem
A set of emergent standards are being developed by for handling Verifiable Credentials.
OpenID Foundation is developing a set of standards for handling verifiable credentials. They are being developed under the name OIDC4VC - OpenId Connect for Verifiable Credentials, and they include standards for issuing and presenting credentials under what is called the issuer-holder-verifier model, which attempts to avoid IDPs auditing every authentication by users.
Those standars are still emergent, but they are likely to get great adoption due to being required for certain use cases by EU eIDAS v2: European Digital Identity Architecture and Reference Framework.
Describe your ideal solution
Ory Hydra implements those standars, facilitating the integration of systems accepting those novel authentication and attestation exchange methods.
Workarounds or alternatives
There are some implementations listed here. Also Microsof has released a set of services under Microsoft Entra VerifiedId product.
In some existing Demos, novel standards are integrated with existing IAMs (Keycloak) via OIDC standard methods, and new services are in charge of issuing and verifying credentials according to novel standards. But that adds an integration step that could be avoided if OIDC implementors (isolated or included in IDPs) implement and accept those standards.
Version
2.1.1
Additional Context
No response
Thanks for the issue, we're very interested in VC. Are you planning/willing to contribute a PR for the feature, or is it just a request at this point?
@misamu @hperl FYI as we've been discussing this
@kmherrmann, this is an exploration request.
Currently we rely on Keycloak for much of our IDP needs. It has a very attractive license model for us, and it can be extended it with our biometric technologies (yes, with some pain :-). Some emergent prototypes for hybrid combination between administrative IDPs and verifiable credentials exchange use Keycloak as example, so our first shots still go in that direction.
Nevertheless, we are also analyzing if Keycloak is the best approach for all our needs. We have a lot of different scenarios to tackle. I find the modular organization of Ory products very appealing and probably best architected for large scale.
That is why I added the issue, to know if you had any plans in the roadmap for these novel approaches to digital identity management. Just in case we move to Ory-ecosystem, we foresee an aligned roadmap with these novel approaches to digital identity.
Thanks for this context. We do have plans to support verifiable credentials in the coming months, so stay tuned!
https://www.ory.sh/docs/hydra/reference/api#tag/oidc/operation/createVerifiableCredential
We now support the draft spec, feel free to give it a spin. It's live on Ory Network. Please consider this beta at this stage - the spec isn't final, and we're working with our partners on validation and integration.
https://www.ory.sh/docs/hydra/reference/api#tag/oidc/operation/createVerifiableCredential
We now support the draft spec, feel free to give it a spin. It's live on Ory Network. Please consider this beta at this stage - the spec isn't final, and we're working with our partners on validation and integration.
I will give this a try! Thanks for the work and the plans to support this @kmherrmann . Do you have some public roadmap for this plan?
