The Credential Attestation Process

A Decentralized Identity (DID) is the starting point for building reputation on the Toto Chain, but it's the credentials attached to that DID that give it meaning and trust. The process of formally linking a verified credential to a user's account on the blockchain is called attestation.

This document outlines the step-by-step process for credential attestation on the Toto Chain.

The Participants

The attestation process involves two primary parties:

  1. The User (or Claimer): The individual who wants to add a verifiable credential to their DID to build their reputation.

  2. The Attestation Provider (AP): A trusted entity, approved by the Technical Committee, that is responsible for verifying the user's claim and recording it on the chain.

The Attestation Flow: From Claim to On-Chain Record

The process involves both off-chain communication and a final on-chain transaction.

Step 1: Off-Chain Verification

The process begins off-chain, directly between the User and the Attestation Provider's service (e.g., their website or application).

  1. User Initiates a Claim: The user navigates to an Attestation Provider's service and requests to have a credential verified. For example, they might want to prove they own a specific email address.

  2. Provider Verifies the Claim: The Attestation Provider uses its own methods to verify the user's claim. For an email, this typically involves sending a confirmation link to that address, which the user must click.

  3. Provider Prepares the Attestation: Once the claim is verified, the Attestation Provider's service prepares the necessary data for the on-chain transaction. This includes generating a hash of the claim's content (claimHash).

Step 2: On-Chain Attestation

After off-chain verification, the Attestation Provider submits a transaction to the Toto Chain to formally record the attestation. This is done by calling a specific function, or extrinsic, on the chain.

The primary extrinsic for this is attestation.add().

This function takes several important parameters:

  • claimHash: A cryptographic hash of the content of the user's credential. This allows the chain to store a unique reference to the claim without storing the private details of the claim itself (like the actual email address).

  • ctypeHash: The hash of the Credential Type (cType) that defines the structure of this claim. This tells the chain what kind of credential is being attested (e.g., "Email," "Social Media," etc.).

  • authorization: (Optional) This field can be used for more complex scenarios, but for a standard attestation, it is often left empty.

  • account: The on-chain account ID (DID) of the user for whom the credential is being attested.

When the Attestation Provider calls this function, the chain performs a crucial check: it verifies that the transaction is being sent from a trusted, official Attestation Provider account.

If the sender is a recognized AP, the transaction succeeds. The chain then creates an official, on-chain record linking the claimHash to the user's account, and the user's reputation score is updated according to the ctypeWeight associated with that ctypeHash.

This process creates a secure and privacy-preserving system where verifiable credentials can be added to a user's digital identity, forming the building blocks of a robust, decentralized reputation.

PreviousAdding a New cTypeNextAttestation Providers

Last updated