MATTR
Company
Name: Mattr
Main: Website, Blog, Docs, Socials: Twitter, Youtube, Crunchbase, Linkedin, Related: DHS, Sovrin Foundation Founders: Jack Holt, Kyle Leach, Murray McKerlie Founded: 2019 Location: USA, Texas, Austin Sector: Enterprise Industry: ID Market: SSI Tech: BBS Signatures Standard: DID, Verifiable Credentials, Schema.Org, JSON-LD, Linked DataRestoring trust in digital interactions
From business people to developers, from policy makers to individuals, Mattr is building tools and working alongside communities who want to transform the internet into a web of trust and restore trust and confidence in digital interactions.
We think the exciting new world of verifiable data and decentralised identity can be applied to solve many real-world problems we experience today, creating whole new opportunities for value creation. We make our products simple, accessible, and easy to use to help stimulate innovation by the people that understand their context best.
If you have a digital trust or verifiable data problem that you would like help with, let’s have a discussion on how we can help.
Product
- Adding DID ION to Mattr VII Type: Post Date: 2021-09-17 Standard: DID:ION
- Rendering credentials in a human-friendly way Type: Post Date: 2021-06-01
- Adding support for Secure DID Messaging Type: Post Date: 2021-05-06 Standard: DID
- Adding support for revocation of Verifiable Credentials leveraging the Revocation List 2020 draft from the CCG. Type: Post Date: 2020-10-21 Market: Revocation Tech: BBS+ Standard: OIDC, Verifiable Credentials
- DID Extensibility on the Mattr Platform Type: Post Date: 2020-10-07 Tech: DNS Standard: DID:WEB
- Introducing the Mattr Platform Type: Post Date: 2020-09-17 Projects: Mattr Platform
- Using privacy-preserving ZKP credentials on the Mattr Platform Type: Post Founder: Nader Helmy Date: 2020-09-17 Tech: ZKP Standard: JSON-LD, LinkedData
Different types of DIDs can be registered and anchored using unique rules specific to the set of infrastructure where they’re stored. Since DIDs provide provenance for keys which are controlled by DID owners, the rules and systems that govern each kind of DID method have a significant impact on the trust and maintenance model for these identifiers.
For example, this update formats address fields to make them more readable; formats names and proper nouns where possible; makes URLs, telephone numbers and email addresses clickable; highlights images and icons for better trust and brand signaling; and creates basic rules for language localization that adjust to a user’s device settings.
We are excited to announce a new addition to our Mattr VII platform capabilities. As we continue to build out an extensive suite of features to support the exchange of data such as Verifiable Credentials, we have now added secure Decentralized Identifier messaging capabilities to enable entirely new ways to communicate using our platform.
Integrating revocation into our platform brings us one step closer to building a fully realized verifiable data ecosystem, an environment where verifiers can have more confidence and trust in the decisions they’re making and people can participate in the sharing and exchange of information without eroding their basic privacy. We look forward to continuing to collaborate with the community and gathering feedback from industry to enhance and extend different ways to accomplish revocation while respecting users’ digital rights.
DID Web helps to bridge the gap between the way that trust is established on the internet today, namely using domains, and new and emerging ecosystems using DIDs. When using DID Web, rather than anchoring a DID to a decentralized ledger such as a blockchain, the DID is instead associated with a specific domain name, and subsequently anchored to the web host registered with that domain via DNS resolution. Effectively, this allows a DID using this scheme to be resolved as simply as one resolves a web URL, every time they click on a link. For example, we’ve set up a DID Web using our own domain, which can be resolved at did:web:Mattr.global.
Here at Mattr, we have been hard at work building a suite of products to serve the next generation of digital trust. We’ve designed our products based on a few key principles: extensible data formats, secure authentication protocols, a rigorous semantic data model, industry-standard cryptography, and the use of drivers and extensions to allow modular and configurable use of the platform over time. By combining our core capabilities with extensions and drivers, our platform offers developers convenience without compromising flexibility or choice.
By leveraging pairing-friendly elliptic-curve cryptography in the context of Linked Data Proofs, our approach provides an unprecedented way to perform zero-knowledge proofs using the semantics of JSON-LD. This allows credential issuers to tap into vast data vocabularies that exist on the web today, such as schema.org and Google Knowledge Graph, making user data more context-rich without sacrificing security and privacy of the user in the process. Not only is this approach more interoperable with existing implementations of the VC data model and semantic web technologies, it also doesn’t rely on any external dependencies to operate (like a distributed ledger), meaning it’s far more efficient than other approaches based on CL-signatures and zk-SNARKs. We’ve open-sourced our LD-Proofs suite for VCs including performance benchmarks so you can check it out yourself.
Meta
- Mattr has a series of Videos about their work with IATA Related: IATA Type: Post Date: 2022-01-01
- ARUCC is pleased to announce a partnership between Digitary, its service partner, and Mattr, a friend of MyCreds™ Related: ARUCC Parent: MyCreds Type: Post Date: 2021-04-14
- Why we’re launching Mattr VII Type: Post Founder: Nader Helmy Date: 2021-03-26 Tech: Mattr VII
- DHS Awards $200K for Issuing and Validating Essential Work and Task Licenses Parent: DHS Type: Post Date: 2020-10-09
This is a significant undertaking for both IATA and the other parties involved. As part of Mattr’s role in supporting this initiative, we developed a series of educational videos in partnership with IATA to explain the value and mechanics of a decentralised identity ecosystem.
These two international organizations are combining their talents to deliver SSI (self-sovereign identity) and Verifiable Credentials for the ARUCC MyCreds™ virtual wallet. This groundbreaking work means the Canadian MyCreds™ credential wallet along with other international members of the Digitary global network will be able to reach an even higher bar of service delivery for mobile learners, creating a triangle of trust that includes them and the Canadian colleges and universities.
Inspired by the seven states of matter, our platform gives builders and developers all the tools they need at their fingertips to create a whole new universe of decentralized products and applications. We provide all the raw technical building blocks to allow you to create exactly what you have in mind. Mattr VII is composable and configurable to fit your needs, whether you’re a well-established business with legacy systems or a start-up looking to build the next best thing in digital privacy. Best of all, Mattr VII is use-case-agnostic, meaning we’ve baked minimal dependencies into our products so you can use them the way that makes the most sense for you.
Mattr is currently building an extensive set of foundational capabilities in a software-as-a-service (SaaS) platform for verifiable credential issuance, verification, and storage. An essential worker or a person performing an essential task would receive various credentials and attestations from many issuers containing relevant assertions about their essential work or task status. Their solution also offers the option to validate the information further by using either public or private registries of authoritative verifiable information.
Ecosystem
- IIW32: BBS+ and Beyond Type: Post Founder: Nader Helmy Date: 2021-05-05 Market: Recap Tech: BBS+
One common theme this year was the continued development and adoption of BBS+ signatures, a type of multi-message cryptographic digital signature that enables selective disclosure of verifiable credentials. This development is possible due to the fact that BBS+ signatures is a ledger-independent approach to selective disclosure, effectively no custom logic or bespoke infrastructure is needed for these digital signatures to be created, used and understood.
Explainer
- The State of Identity on the Web Type: Post Date: 2021-03-14 Standard: OIDC
- Web of Trust 101 Type: Post Date: 2020-12-27 Tech: web of trust
- Verifiable Data Type: Post Date: 2020-12-23 Tech: Verifiable Relationships, Verifiable Processes, Semantics, Schemas Standard: Verifiable Credentials
- Digital Wallets Type: Post Date: 2020-12-23 Focus: Wallets
- Selective Disclosure Type: Post Date: 2020-12-23
- Semantic Web Type: Post Date: 2020-12-23 Tech: Semantic web
This cycle perpetuates the dominance of a few major IdPs and likewise forces users to keep choosing from the same set of options or risk losing access to all of their online accounts. In addition, many of these IdPs have leveraged their role as central intermediaries to increase surveillance and user behavior tracking, not just across their proprietary services, but across a user’s entire web experience. OIDC Credential Provider allows you to extend OIDC to allow IdPs to issue reusable VCs about the end-user instead of simple identity tokens with limited functionality. It allows end-users to request credentials from an OpenID Provider and manage their own credentials in a digital wallet under their control. This article discusses how the success of Open ID Connect shaped the state of identity on the web, how new web standards enable a new model, and describes a bridge between those worlds: OIDC Credential provider.
The emerging “Web of Trust” is an idea that has been around since the dawn of the internet. To explain what motivated its creation, let’s take a look at how trust on the internet functions today.
refers to the authenticity and integrity of the actual data elements being shared. Also covers Verifiable Relationships, Verifiable Processes, Verifiable Credentials, along with Semantics and Schemas.
The reframing of the user as a first-class citizen and their empowerment as ‘holder’ represents a shift towards a new paradigm. Such a paradigm offers users greater sovereignty of their own information and empowerment to manage their digital identity. Users are able to exercise their new role in this ecosystem by utilizing a new class of software known as digital wallets.
An important principle that we want to achieve when designing any system that involves handling Personally Identifiable Information (PII) is to minimize the data disclosed in a given interaction. When users share information, they should be able to choose what and how much they share on a case-by-case basis, while the relying parties receiving the information must be able to maintain assurances about the presented information’s origin and integrity.
The semantic web is a set of technologies whose goal is to make all data on the web machine-readable. Its usage allows for a shared understanding around data that enables a variety of real-world applications and use cases.
Standards
- OIDC Credential Provider
Type: Spec
Authors: T. Looker , J. Thompson , A. Lemmon , K. Cameron
Date: 2021-04-20 Standard: OIDC - BBS+ signatures Type: Post Date: 2021-04-20 Event: IIW30 Tech: BBS+
- credential definitions, credential manifests, BBS+, etc Parent: CCG Type: Archive Founder: Daniel Hardman Date: 2021-01-30 Tech: BBS+
- OpenID Connect Credential Provider Type: Post Date: 2020-12-15 Standard: OIDC
- A solution for privacy-preserving Verifiable Credentials Type: Post Founder: Nader Helmy Date: 2020-07-17 Tech: BBS+, ZKP
- JWT vs Linked Data Proofs: comparing Verifiable Credentials Type: Post Founder: Nader Helmy Date: 2020-05-09 Standard: JWT, LinkedData
- Revocation List 2020 Related: Mattr Parent: CCG Type: Spec Authors: Dave Longley , Manu Sporny Date: 2020-04-05 Market: Revocation Tech: VC
- Verifiable Credential based Authentication via OpenID Connect Type: Post Date: 2019-12-10
is “an extension to OpenID Connect which enables the end-user to request credentials from an OpenID Provider and manage their own credentials in a digital wallet.”
Mattr is proud to announce we’ve added support for privacy-preserving verifiable credentials on our platform using BBS+ signatures. Using a technique to implement selective disclosure, we’ve added the ability to generate credentials that support zero knowledge proofs without revealing any unnecessary information about the end-user, or placing any added burden on issuers, in the process. Since we first introduced and open-sourced JSON-LD BBS+ Signatures at IIW30 in April of this year, we’ve received lots of engagement, feedback and contributions from the broader technical community to further develop the implementations and specifications we presented. You can read more about our approach to privacy-preserving verifiable credentials on our introductory blog post.
When Tobias first described Mattr’s approach to BBS+ signatures, one of my takeaways was that this changed the Indy mechanism of cred defs in two wonderful ways:
1. It eliminated the need for lots of keys (only one key, Y, needs to be declared as a credential signing key, instead of a set of keys, Y[0]..Y[n])
2. It made it possible to store a cred def somewhere other than a ledger
I was very happy about this.
However, I have since heard several smart people summarize the breakthrough as: “We don’t need credential definitions at all. You just use the assertionMethod key in your DID doc to sign credentials, and that’s all you need.” I believe this is oversimplifying in a way that loses something important, so I wanted to open a conversation
Introducing OpenID Connect Credential Provider, an extension to OpenID Connect which enables the end-user to request credentials from an OpenID Provider and manage their own credentials in a digital wallet. This specification defines how an OpenID Provider can be extended beyond being the provider of simple identity assertions into being the provider of credentials, effectively turning these Identity Providers into Credential Providers.
Here at Mattr, we are piloting an approach to ZKPs based on BBS+ signatures. Beyond the privacy and security benefits of ZKPs in general, this approach has a number of additional benefits compared to the ZKP implementations that exist today.
Linked Data Proofs offer more flexibility and are thus more scalable for global decentralized networks. Plus, because they natively work with JSON-LD, they encourage adoption of an open-world data model and re-usage of schemas that makes JSON-LD so powerful. JWTs, in contrast, offer a simple and straightforward way to express data with a limited semantic vocabulary. Using JWTs with JSON-LD provides a potential compromise between the two approaches, but loses much of the flexibility provided by Linked Data Security.
This specification describes a privacy-preserving, space-efficient, and high-performance mechanism for publishing the revocation status of Verifiable Credentials.
At MATTR, we’ve been working hard on an exciting opportunity with the Government of British Columbia (BC Gov) in Canada. In June 2019, the BC Gov Verifiable Organisations Network team put out a “Code With Us” development bounty to integrate KeyCloak, their chosen enterprise Identity and Access Management (IAM) solution, with a new W3C standard called Verifiable Credentials. This work led to a solution that enables the use of Verifiable Credentials (VC) as a means of authentication that is interoperable with OpenID Connect (OIDC). We call this work VC-AuthN-OIDC. The output is an adapter that bridges these standards and enables a whole new set of capabilities through a simple extension of most modern IAM solutions.
Howto
- Issuing credentials directly to the Mattr mobile wallet Type: Post Date: 2021-08-13
- Present and and Verify Verifiable Credentials in ASP.NET Core Using Decentralized Identities and Mattr Parent: Personal Type: Post Founder: Damien Bowden Date: 2021-05-10 Focus: Wallets Tech: Aspnet Standard: Verifiable Credentials
- CREATE AN OIDC CREDENTIAL ISSUER WITH Mattr AND ASP.NET CORE Parent: Personal Type: Post Founder: Damien Bowden Date: 2021-05-03 Projects: aspnet Standard: OIDC
If you’re already using a secure mechanism to authenticate your users, then setting up OIDC capability isn’t necessary. As we’ve explored, sending credentials using secure DID messaging directly or via a QR code or deep-link is safe, convenient and allows users to obtain their credentials directly.
This article shows how use verifiable credentials stored on a digital wallet to verify a digital identity and use in an application. For this to work, a trust needs to exist between the verifiable credential issuer and the application which requires the verifiable credentials to verify. A blockchain decentralized database is used and Mattr is used as a access layer to this ledger and blockchain. The applications are implemented in ASP.NET Core.
This article shows how to create and issue verifiable credentials using Mattr and an ASP.NET Core. The ASP.NET Core application allows an admin user to create an OIDC credential issuer using the Mattr service. The credentials are displayed in an ASP.NET Core Razor Page web UI as a QR code for the users of the application.
Resources
- Implement Compound Proof BBS+ Verifiable Credentials Using ASP.NET Core and Mattr Parent: Personal Type: Post Founder: Damien Bowden Date: 2021-12-13 Tech: BBS+ Standard: Verifiable Credentials, SOIP, OIDC
- New to JSON-LD? Introducing JSON-LD Lint Type: Post Authors: Emily Fry, Tobias Looker Date: 2020-10-09 Standard: JSON-LD
The ZKP BBS+ verifiable credentials are issued and stored on a digital wallet using a Self-Issued Identity Provider (SIOP) and OpenID Connect. A compound proof presentation template is created to verify the user data in a single verify. Code: https://GitHub.com/swiss-ssi-group/MattrAspNetCoreCompoundProofBBS
The rise in popularity of javascript (due to its natural language monopoly in web-browsers) led to a mass exile from XML and shift over to JSON as the prefered data representation format. In the process, certain valuable features of XML were lost, in particular those that provide a standardised semantic syntax. JSON-LD defines this missing layer of syntax, which improves semantic reasoning around data. This is critical for maintaining data quality and trust in data, which is particularly important as we increase our reliance on digital infrastructure, IOT and AI.
Related
From other pages on this site. (Beta)
- Name: Create an OIDC credential Issuer with Mattr and ASP.NET Core
Parent: Personal Type: Post Author: Damien Bowden Related: Mattr Date: 2021-05-03 Related: Mattr Tech: ASP.NET - Name: Present and Verify Verifiable Credentials in ASP.NET Core using Decentralized Identities and Mattr
Parent: Personal Type: Post Author: Damien Bowden Related: Mattr Date: 2021-05-10 Related: Mattr Tech: ASP.NET - Name: Verify Vaccination Data Using Zero Knowldege Proofs with ASP.Net Core and Mattr
Parent: Personal Type: Post Author: Damien Bowden Related: Mattr Date: 2021-05-31 Related: Mattr Tech: ASP.NET Standard: Verifiable Credentials - Name: Challenges to Self Sovereign Identity
Parent: Personal Type: Post Author: Damien Bowden Related: Trinsic, Mattr, Evernym Date: 2021-10-11 Related: Trinsic, Mattr, Evernym, Market: Critique
Whilst in Damien’s blog post he showed how a verifiable credential can be issued to a so called credential holder, this blog post will be about how we can verify such credentials as part of a business workflow. After an issuer has issued credentials to the holder and they have stored these into their wallet, a verifier can now ask a holder to verify them self with a certain credential. A verifier can add policies to check for certain attributes but also add restrictions like a specific issuer DID. With this in place a verifier can create a verification request which will be sent to the credential holder. This step is very important because it is where a cryptographic challenge is generated that the holder must respond to. This guarantees that the holder is responding to exactly this specific verification request. After the verification request gets returned to the verifier, it needs to be verified against the ledger to make sure it is valid. The verification record does not only contain the attributes, but also some metadata such as the digital signature of the issuer of the credentials, revocation details, verification policies etc. which then get validated against their sources. The image below describes this trust-triangle between the issuer, holder and verifier.
This article shows how use verifiable credentials stored on a digital wallet to verify a digital identity and use in an application. For this to work, a trust needs to exist between the verifiable credential issuer and the application which requires the verifiable credentials to verify. A blockchain decentralized database is used and Mattr is used as a access layer to this ledger and blockchain. The applications are implemented in ASP.NET Core.
This article shows how Zero Knowledge Proofs ZKP verifiable credentia can be used to verify a persons vaccination data implemented in ASP.NET Core and Mattr. The ZKP BBS+ verifiable credentials are issued and stored on a digital wallet using a Self-Issued Identity Provider (SIOP) and Open ID Connect. The data can then be used to verify if the holder has the required credentials, but only the required data is used and returned to the verification application.
Authentication using SSI credentials would have to same level of security as the authenticator apps which you have for existing systems. This is not as safe as using FIDO2 in your authentication process as FIDO2 is the only solution which protects against phishing. The SSI Authentication is also only as good as the fallback process, so if the fallback process, recovery process allows a username or password login, then the level would be passwords.