Technical group
Technical Working Group of the Education and Skills Data Space
Änderungen an „Work on DID and login on the Portal“
Beschreibung (Français)
-
-
Many ways exist to log in a saas.
The "business as usual" way could be summed up as : once upon a time a user, he creates an account which is stored in a database, he chooses an e-mail and a password, then he logs in to the saas and do the jobs he wants to do.
It's an "easy" way (yet not so easy when considering 2 factors authentications e.g. but I simplified it) because it became the "common" way. Many documentation and services exist to provide this login system and the ecosystem (I mean the developers and designers) is quite mature.
But it does not fit with a decentralized ecosystem that works without user databases. So let's see how it could work on a decentralized ecosystem, let's call it the "Blockchain way".
With the "Blockchain way" the user uses a wallet to instantiate a private and a public keys, and a DID associates these public/private keys to an access to the portal services. Put another way, the user does not has an "account" "stored" on a "database" : he has an identity registered on a blockchain, and an instance of this identity (a DID) is made up from his pubic/private keys on the saas, so that he can access the service and do his job. It's quite a brand new way of login which can be quite discombobulating for people (like me) used to the classic login/pwd, which make it look like "magic". The UX is better in many ways.
Easy to say, hard to do. As always, the easiest for the user, the toughest for the developers.
That's why we currently work on how it may look like on the portal by making a prototype. To work, this prototype admits that :
- The user has 2 wallets : one for the entity, one for him. Why ? Because an entity can have many people that manage their services so we need to differentiate the entity from the user that publishes in its name, and because a user can act for several entities.
- The user already has a user wallet with the correct VC linked to it (with the help of an identity card e.g.)
- The user already has an entity wallet with the correct VC linked to it (with the help of a KBIS extract e.g.)
- These VCs have been issued within EIDAS
- The entity issued a VC linking the user to him
Enough talking, here is the video :
Here is the link to the prototype (that will be discussed with BC Diploma 12/16/2021) which with you can interact : https://gr2lxo.axshare.com/
Feel free to comment and share your opinion of this UX/tech problem.
-
+
Many ways exist to log in a saas.
The "business as usual" way could be summed up as : once upon a time a user, he creates an account which is stored in a database, he chooses an e-mail and a password, then he logs in to the saas and do the jobs he wants to do.
It's an "easy" way (yet not so easy when considering 2 factors authentications e.g. but I simplified it) because it became the "common" way. Many documentation and services exist to provide this login system and the ecosystem (I mean the developers and designers) is quite mature.
But it does not fit with a decentralized ecosystem that works without user databases. So let's see how it could work on a decentralized ecosystem, let's call it the "Blockchain way".
With the "Blockchain way" the user uses a wallet to instantiate a private and a public keys, and a DID associates these public/private keys to an access to the portal services. Put another way, the user does not has an "account" "stored" on a "database" : he has an identity registered on a blockchain, and an instance of this identity (a DID) is made up from his pubic/private keys on the saas, so that he can access the service and do his job. It's quite a brand new way of login which can be quite discombobulating for people (like me) used to the classic login/pwd, which make it look like "magic". The UX is better in many ways.
Easy to say, hard to do. As always, the easiest for the user, the toughest for the developers.
That's why we currently work on how it may look like on the portal by making a prototype. To work, this prototype admits that :
- The user has 2 wallets : one for the entity, one for him. Why ? Because an entity can have many people that manage their services so we need to differentiate the entity from the user that publishes in its name, and because a user can act for several entities.
- The user already has a user wallet with the correct VC linked to it (with the help of an identity card e.g.)
- The user already has an entity wallet with the correct VC linked to it (with the help of a KBIS extract e.g.)
- These VCs have been issued within EIDAS
- The entity issued a VC linking the user to it
Enough talking, here is the video :
Here is the link to the prototype (that will be discussed with BC Diploma 12/16/2021) which with you can interact : https://gr2lxo.axshare.com/
Feel free to comment and share your opinion of this UX/tech problem.