8. Issue verifiable credentials to learners#
8.1. Status#
Accepted
8.2. Context#
As of July 2023, the Credentials Service is used as backend to support programs certificates. Administrators can configure certificates, and learners can view and share earned certificates with anyone to prove their achievements on the Open edX platform. However, the sharing options for earned credentials is very limited, also it’s hard to verify printed credentials or get any additional information beyond the data explicitly included on the earned certificate.
We want to adopt verifiable credentials (VC) to improve the sharing of the earned credentials, and enhance interoperability with external digital credentials platforms and wallets. This will allow learners to receive high-value credentials they can use in the real world.
Every verifiable credential is a set of one or more claims made by an issuer about a subject – learner in the Open edX context. A verifiable credential is a tamper-evident credential that has authorship and can be cryptographically verified. After issuing a verifiable credential, it can be used to build a verifiable presentation, which can also be cryptographically verified.
Verifiable credentials are closely related to decentralized digital identities and decentralized identifiers (DIDs). DID is a portable URL-based identifier, associated with an entity, a thing with distinct and independent existence such as person, organization, or device. DIDs are used in a verifiable credential to associate it with a subject, so that a verifiable credential itself can be easily ported from one repository to another without the need to reissue the credential. You can find more information on DIDs in the W3C DID-core specification.
Except Verifiable Credentials Data Model v1.1, there are other standards that are based on the Verifiable Credentials, and therefore are fully compatible with it. The most prominent are 1EdTech Open Badges v3.0 and The European Blockchain Services Infrastructure (EBSI) Verifiable Credentials.
The ecosystem of verifiable credentials is growing rapidly, and they are becoming more common in all types of education, including the formal, informal, and non-formal education. The Digital Credentials Consortium (DCC), and The European Blockchain Services Infrastructure (EBSI) are working towards making Verifiable Credentials accessible to anyone.
This ADR describes the implementation of the Verifiable Credentials issuing mechanism, that will add the possibility to create and sign a verifiable credential, based on the user’s achievements on the Open edX system.
8.3. Decision#
To issue verifiable credentials, it is decided to create a new Django application in the Credentials Service named verifiable_credentials. It will provide configuration options for verifiable credentials, interfaces, and utilities for verifiable credentials issuing.
The new application should be optional to run for the deployers of the Open edX system, it should be toggled using DjangoSetting toggle.
The application should provide extensibility options using plugins and other instruments, that will allow the Open edX deployers and contributors to easily implement and enable new verifiable credentials backends. These backends can be used to:
build JSON-LD documents based on several VC based standards, e.g., Verifiable Credentials Data Model v1.1, Open Badges v3.0, EBSI Verifiable Credentials;
implement integrations with different verifiable credentials signing services, such as SpruceID’s didkit-python, DCC’s sign-and-verify, and other open-source and proprietary solutions.
issue credentials directly to different mobile and web digital credentials wallets, such as DCC’s Learner Credentials Wallet (LCW).
In addition to the new application, it was decided to implement three initial issuing and composition backends to:
transform user credentials as programs certificates, that are stored in the Credentials Service to JSON-LD according to Open Badges v3.0 specification;
issue verifiable credentials directly to DCC’s Learner Credentials Wallet (LCW);
sign verifiable credentials with the library didkit-python, the python bindings for the open-source Rust-based DIDKit library maintained by SpruceID.
We want to focus on the implementation of issuing the program certificates in the form of verifiable credentials, and eventually support other credentials types that are available in the Credentials Service as well.
The issuer configuration would be set on the site or organization level. Administrator would have an option to enable verifiable credentials generation for some user credentials instances, and disable it for others.
Learners will see the list of all earned credentials that can be issued in a form of the verifiable credentials upon learners’ request.
8.4. Consequences#
Implementation of the verifiable credentials issuing mechanism in the Credentials Service will open new ways for learners to share and prove their achievements outside the Open edX platform.
8.5. Rejected Alternatives#
Using Open Badges v2.0 as the main digital credentials standard for sharing digital credentials.
Integration with Europass Digital Credentials Infrastructure (EDCI), the verifiable credentials standard based on XML documents.
Using JWT instead of JSON-LD as verifiable credentials assertion format.
Integrate with the DCC’s sign-and-verify REST API signing Node.JS server.
8.6. References#
Design for verifiable credentials integration into the Open edX
Verifiable Credentials for Education, Employment, and Achievement Use Cases