Over the past few months, we’ve continued building new features on our products to make it as easy as possible for people to share and consume verifiable data.

This post summarizes some of the new features that we’ve implemented between July – September, 2022.

(1) NB Orbit Enterprise

Orbit Enterprise is a No Code Self Sovereign Identity platform that facilitates the storage, issuance and verification of verifiable credentials that are held and owned by end users in digital wallets.

Orbit Edge is built entirely on open standards, such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). We pride ourselves on respecting open-source project specification in our implementations, such as Hyperledger Aries, to which we not only consume, but contribute to.

(1a) Privacy Preserving Proofs

Northern Block is currently focused on building use cases which are privacy-preserving, thus best suited for AnonCreds (for those interested, we wrote recently about our learnings from Aries, Indy and AnonCreds here).

The AnonCreds specification is being developed to address a privacy-preserving specific use case with participation from the community.

It allows us to use Zero-knowledge Proof (ZKP). In cryptography, the ZKP is a method by which an entity can prove that they know a certain value without disclosing the value itself. 

AnonCred ZKP verifiable credentials provide capabilities that many see as important for digital identity use cases in particular, and verifiable data in general. 

We have implemented some of these capabilities into Orbit Enterprise. They include:

• Restrictions – the ability for verifiers to restrict proofs to specific Schemas of CreDefs
• Data Minimization – the ability to disclose only necessary claims to a verifier, while creating a Proposal or Proof Request
• Compounding Proofs – the ability to combine multiple credentials into a single proof to present to a verifier without revealing any correlatable identifier
• Predicate Proofs – the ability to reduce the sharing of PII by enclosing logical expressions, and potentially correlating data, especially dates (birth, credential issuance/expiry, etc.)

(1b) Self-attested Attributes as Proofs

Within a proof request, verifiers can ask for the holder to provide self-attested attributes. These are quite useful for low integrity/risk use cases, where a self-attestation meets a verifier’s policy. 

For example: as an organization, when I onboard a vendor, I want to verify their verifiable business credentials, but also their banking information (self-attested) to set them up for payments in our accounts payable system.

(1c) Holder-driven Presentation Proposals

We’ve written a blog post about why credential issuance should be holder-driven (here). We think that the same is true for verifications and other functions.

For this reason, we added a Presentation Proposals function in Orbit Enterprise to allow for an Organizational Holder to send a proposal to a verifier entity (more here)

Presentation Proposals allow an organization to initiate the workflow rather than waiting on a verifier to send a proof request. We have implemented the orchestration provided by Aries RFC 0037: Present Proof Protocol 1.0 to enable all this to happen.

(1d) Image Attributes as Schema Attributes 

One of the things that organizations can do through Orbit Enterprise is to create schema definitions with attributes. These attributes can be restricted by the data formats they must comply with. 

Until now, we supported formats such as Text, Number and Date. 

Recently, we added the support for Images Formats (more here).

(1e) Delete Connections

We added the functionality to Delete Connections within the Existing Connections page. It makes it a bit easier for users to keep a desired list of connections.

(1f) Out of Band APIs

In Orbit Enterprise, when an organizational administrator is onboarded, they establish a connection to the organization. Once established, they are offered a credential which delegates administrative functions to them, so that they can act on behalf of the organization (e.g., issue, verify, revoke, etc.).

The above is a good example of a two-step process within Orbit Enterprise which is made into one because of built in business logic.

But if we were outside of Orbit Enterprise, and if we want to combine a similar two-step process into one, we would use the Out-of-band Protocol (out-of-band was one of the items we listed as exciting us as part of AIP 2.0 here).

The advantage is that if a connection isn’t established, Aries RFC 0434 (Out-of-Band Protocol 1.1) can now combine two processes into one (e.g, Connection + Credential Offer). 

We’ve now exposed these out-of-band APIs for our customers needing to consume them inside of their systems:

1. Cred Offer 
2. Proof Presentation 
3. Proof Verification

(1g) Email Notifications to Peers

Our customers needed a way to be notified about various offers and requests they receive in Orbit Enterprise. 

We added Email Notifications as a way to keep them aware of activity.

You can see this feature in action within this video showcasing a pilot project Northern Block participated in.

https://youtu.be/GYDh9ACiDNw?t=80

(2) NB Orbit Edge

Orbit Edge is a digital wallet app from the Northern Block. It allows users to securely and privately receive, store and present digital credentials, build direct and secure peer-to-peer connections​, use private messaging functions and leverage holder-driven workflows (e.g., request to be issued a credential, ID proofing).

Orbit Edge is built entirely on open standards, such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). We pride ourselves on respecting open-source project specification in our implementations, such as Hyperledger Aries, to which we not only consume, but contribute to.

(2a) Notifications Inbox

We added a Notifications Inbox feature within the digital wallet app.

It enhances the product by:

1. Providing an inbox type capability which lists all the credential exchange transactions.
2. Visually notifying the mobile wallet holder that a proof request or a credential offer has been received.

(2b) Hide Credentials Attributes

Sometimes a holder simply wants to show a credential within their wallet to a verifier, who will examine the credential by looking at it.

For example, I don’t think we can expect every small bar owner to be set up with a verifier app at the entrance. 

Instead of showing a physical ID, you can gain further privacy by showing an identity credential from within your digital wallet, while hiding certain attributes which you may not wish the verifier to see.

We added this privacy feature in the Orbit Edge Wallet to ensure the above scenario can be achieved.