DICE Developer Docs
  • Developer Docs
    • DICE Test Drive
      • Sign-up for Issuer Portal
      • Issue Credentials
      • Verify Credentials
    • Key Concepts
      • DID & Verifiable Credentials
      • DICE ID Architecture
    • Platform Console
      • Dashboard
      • Customers
        • Onboard Customer
      • Credentials
        • Issue Credentials to New Customer
      • Schema
      • Batch Issuance
        • Batch Issuance - Useful Tips
      • Verifications
        • Verification Template
      • Templates
        • Certificate Template
          • Create Template
          • Manage Template
        • Email Template
          • Create Template
          • Manage Template
      • Organization
      • Departments
      • Organization Users
      • API Access
      • Callback Configuration
      • Tutorials
        • Credential Issuance from DICE ID Console
        • Credential Issuance using DICE ID APIs
        • Credential Verification using QR code
        • Credential Verification from DICE ID console
        • Batch Credential Issuance from DICE ID Console
    • Integrations
      • Auth0 Integration
        • Login using OIDC (First Factor Authentication)
        • Custom MFA Rule (For 2FA)
    • DICE ID SDK
      • DICE ID
        • DID & Verifiable Credentials
        • DICE ID Architecture
      • SDK Functionalities
      • Create Wallet
      • Create Connection
      • Creating a Schema
      • Issue a Credential
      • Send Presentation Request
      • Get Verification State
      • Configuration and Customization
      • Error Handling & Troubleshooting
      • Conclusion
      • Additional Resources
  • Getting Started with DICE ID Skill Credentials
    • Building Trust Ecosystems Powered by Credentials
    • DICE ID Integration for Issuers
    • DICE ID Integration for Verifiers
    • DICE ID Brand Usage Guidelines
    • DICE ID Onboarding Confirmation
    • Helpful Q&A
    • Troubleshooting Guide
Powered by GitBook
On this page
  • DICE ID API Layer
  • DICE ID Exchange Layer
  • Blockchain Layer
  1. Developer Docs
  2. Key Concepts

DICE ID Architecture

Dive into DICE ID's functional architecture, a robust platform with verifiable credentials and seamless integration. Unleash trusted digital identities' potential.

PreviousDID & Verifiable CredentialsNextPlatform Console

Last updated 1 year ago

DICE platform provides a holistic solution for self-sovereign identity that will encompass the following high-level components, which are segregated based on layers and functionality provided. This view comprises of the current and future capabilities of DICE platform.

This layer comprises of the core components of DICE platform that provides the following functional components:

  • Issuer / Verifier Portal – Organizations onboarded to DICE platform as either issuer or verifier will leverage the web-based portal to manage the credential schema, definitions, proof requests and associated workflows. The portal will also provide dashboard and reports to track the issued, verified and revoked credentials.

  • Identity Holder Mobile App – Individuals, entities and devices that need self-sovereign identity features and credentials need to use the mobile application that provides wallet functionality for secure communication and locally maintaining the credentials which can be shared based on user's consent.

  • OIDC Verifier Application – Identity Verifiers can leverage Open ID Connect based approach to request for proof and verify credentials presented by Identity holders, for which a web application with configurable verification templates is available.

  • Platform Management Console – Platform console will provide ability for issuer and verifier organizations to get onboarded, setup role based access and monitoring capabilities.

DICE ID API Layer

API Layer that provides capability to manage credential schema, definition, issuance, revocation etc. as well provide ability to integrate OpenID based identities so that the corresponding credentials can be issued seamlessly. This layer comprising of orchestration APIs that leverage the underlying fine-grained APIs and the ability to register callbacks to support asynchronous communication. Detailed information of DICE APIs are available in API Reference

DICE ID Exchange Layer

This layer facilitates secured, asynchronous communication between Identity Issuer, Verifier and Holder which enables:

  • DID & VC Message Cryptography – The communication protocol to enable the exchange of messages comprising of DID document, credentials, proof presentation etc. conforming to the W3C standards. Validation rules and cryptographic techniques to ensure encrypted exchange are also available.

  • Agent P2P Transport – Libraries that support the authentication and authorization for peer to peer agent handshake.

  • DID SDK – Comprises of SDKs which facilitates the DID specific operations so that DID documents, schemas, credential definitions, revocation registry etc. can be recorded and updated on blockchain.

  • Interoperability Bridge – This component will facilitate seamless interaction for issuers, verifiers and identity holders with multiple blockchain identity ledgers through DID & VC resolvers and adapters to facilitate DID operations on different blockchain platform

Blockchain Layer

The layer comprises of the different DLT and blockchain platforms supported by DICE platform. Currently all Hyperledger Indy based blockchain platforms are supported.

Unlike typical blockchain solutions where all business transactions are recorded on blockchain, DICE platform stores only the metadata of the credentials and PII data never gets stored on blockchain

The ledger will comprise of:

  • Public DIDs and associated DID documents with verification keys and endpoints. DIDs & DID Document of the issuer, verifier organization needs to be discoverable within the ecosystem participants. Blockchain ledger here acts as an shared ledger for storing the DID & the DID Document.

  • Schemas and credential definitions - Schema & credential definitions defines the structure of the credentials based on which credentials are issued. It needs to be on blockchain shared ledger, so that the ecosystem participants can independently issuer and verify the credentials.

  • Revocation registries – In real life use cases, as the credentials are issued, they will also get revoked either because they are getting expired or needs to be explicitly revoked because of some compliance requirement, or because of some breach, violation by the identity holder. For example driving license issued for 5 years will have to be revoked after 5 years or in case of traffic violation it has to be revoked much earlier. Revocation registry published in the shared blockchain ledger helps achieve credential revocation by the issuer. Verifier of the credentials will also validate the credentials presented against the revocation registry

DICE Logical Architecture
DICE Architecture