Designing credential journeys your way: Enabling flexibility with OpenID4VCI
MATTR • May 25, 2023 • 7 min read
The next generation of credential issuance
Credential generation capabilities have always been a key focus for MATTR. If we want to use credentials to solve problems, first we need a standard way of generating and issuing them. In the early days, we pioneered a bridge solution from our platform to the OpenID Connect (OIDC) protocol.
The OIDC Bridge was designed to integrate with user authentication providers to provide basic identity assurance and leverage claims from the provider to issue verifiable credentials on the MATTR VII platform.
This brought credential issuance to early adopters but came with some challenges, which we have been diligently working on solving with the broader standards community as well as customers and partners. We are excited to share the progress we’ve made in overcoming some of these challenges with the introduction of our all-new OpenID Credential Issuance flow on the MATTR VII platform. This new flow represents the next evolution of credential issuance for the platform, stacked with heaps of benefits for issuers and holders of credentials alike.
While this flow is built on the OpenID for Verifiable Credential Issuance (OpenID4VCI) draft standard, we have built a host of additional features that make generating and issuing credentials easier than ever before. Not only will issuers be able to create credentials with more flexibility, but users of those credentials will also have an enhanced experience when collecting them.
When it comes down to it, we want to enable MATTR customers to work seamlessly with their existing and new systems, never locking them into one vendor. In addition, we want to give our customers the flexibility to create the user journeys that work for their specific needs, enabling their unique business logic.
- How credential issuance standards started and how they’re evolving to create better technology.
- Tools in the MATTR universe that will help you create world-class credential issuance flows in your solutions.
Evolving standards, evolving technology
When we began building the preview version of MATTR VII, we needed to implement a credential issuance flow that would tap into the technologies that had been maturing in the space and that would work with the systems customers were already using. We decided to leverage the existing infrastructure of the OpenID Connect authentication protocol from the OpenID Foundation (OIDF) because it was a tried and tested protocol. In 2021, we authored a spec called OIDC Credential Provider to provide issuance capabilities for our platform.
The OIDC Bridge that we built for our MATTR VII platform provided a way for developers familiar with legacy identity systems to integrate digital trust capabilities into their existing applications and services. As technology, architectures and standards evolve, MATTR is committed to pioneering new solutions and working with the community to create products that meet the industry where they are.
We have learned quite a bit about what works and how to address pain points for customers when it came to architecting the protocol. The initial OIDC Credential Provider spec and the work that went into creating it has paved the way for the new OpenID4VCI draft to emerge.
Within our own MATTR products, our developers have been evolving credential issuance so credentials can be more natively supported by the systems and organisations that provide the infrastructure for authentication on the internet today. We wanted to make issuance seamless for both MATTR customers and end users. Our customer insights and work with the wider internet standards community led to the creation of the OpenID4VCI draft standard, which MATTR Chief Technical Officer Tobias Looker co-authors alongside Kristina Yasuda from Microsoft and Torsten Lodderstedt of yes.com, with input from others in the community.
The OpenID4VCI protocol was developed in close collaboration with the global standards community and builds upon World Wide Web Consortium (WC3) Verifiable Credential (VC) technology that has now become standard and a widely used data model in this space. There is now a growing recognition of the value of such a protocol and its power to simplify the credential generation and issuance experience, including supporting multiple credential formats at once. We are proud to begin implementing this protocol in our solutions along with a growing group of supporters across working groups within both the OIDF as well as the International Organization for Standardization (ISO).
Interoperability at the core
MATTR’s OpenID Credential Issuance feature unlocks possibilities for customers who want to issue credentials into a digital wallet. It demonstrates our core design principles of interoperability and meeting people where they are. We’ve invested in this standard because we believe it will enable our customers to work with many of the current and emerging digital wallets.
The OpenID4VCI standard, which provides a basis for this credential issuance flow, has seen positive signs of adoption in recent months, including its recent recommendation as the credential issuance standard for the European Digital Identity (EUDI) Wallet solution. The EUDI’s Architecture Reference Framework (ARF), published last month, recommends OpenID4VCI as a requirement for high-assurance credentials issued within the EU ecosystem.
One of the key elements driving this market adoption is the ability for OpenID4VCI to bridge across credential formats. This enables it to serve as a common issuance layer, even being able to issue multiple credential formats in a single journey. Dive deeper into the EUDI ARF and what it means for verifiable data with our Demystifying the EUDI ARF series.
MATTR’s tools for credential issuance
Issuing credentials is a key part of creating working ecosystems of trust, and with our newly available features and even more tools to come, we’re making credential issuance more powerful across business systems.
With the MATTR VII platform today using the new OpenID Credential Issuance flow, customers can incorporate more of their business logic into one user journey for an enhanced experience.
In our latest release, we’ve introduced:
- Interaction hooks: This allows issuers to add extra steps after the login or authentication step. Ask for extra identity assurance, deep link to a second app or browser and more to ensure that you gain all the information you need from users in a single flow.
- Claims source extensibility: Customers can retrieve data for credential configuration from your existing databases as well as integrate additional information from inside their MATTR tenant and an authentication provider or identity provider (IDP).
Throughout 2023, enabling greater flexibility in credential generation and management is a key focus of our investment roadmap. We will be working to bring you even more features like:
- Multi-format issuance: Issue multiple credentials of different Credential Profiles in one user journey or flow.
- Credential refresh to enable issuers to offer new versions of a credential to a holder using existing connections and automated flows
Try MATTR VII for free
Try out the new OpenID Credential Issuance features for yourself by signing up for a free trial.