The eduCLAIMS Project
The eduCLAIMS project created a Proof-of-Concept web service for issueing W3C verifiable claims for educational purposes.
The objective of the project was to leverage the already-existing eduGAIN infrastructure, including metadata distribution, REFEDS assurance profiles, attribute definitions and the 50M potential user accounts to the maximum effect and create a system with the lowest entry barrier possible so that to maximize the user base.
The eduCLAIMS project was funded by the GÉANT Innovation Programme.
Introduction Video to eduCLAIMS
The eduCLAIMS demo (part 1)
The eduCLAIMS demo (part 2)
There are multiple efforts with similar goals, however the eduCLAIMS project features several distinguishing factors:
- Instead of a PKI-style digital signature in which each issuer needs to have its own signing key, in this system the actual digital signature is created by the service on the users behalf.
- The signature is created after strong authentication and the usage of a second factor that is verified seconds before the document is signed, similar to transaction signature at e-banking, with which all surveyed users are familiar with.
- The system makes use of REFEDS Assurance Framework (RAF) and creates a score for each login based on that. There may be minimal level of assurance for signing certain types of documents. The score enables the verifiers of the documents to establish a level of trust.
- The output of the system is a single pdf that contains the human-readable format and the W3C verifiable claim and its JSON Web Token signature. The signature is visualized to provide a visual clue reminiscent of a stamp. The entire pdf is signed using pdf digital signature, and the hash is stored at the server to enable verification at a later point.
- Both the pdf and the W3C JSON are signed using the SP signing key of the service. This way the key is distributed using the standard metadata distribution mechanisms, and the verification can be done without relying on the originating service.
- The proof-of-concept was created by three doctors of the humanities and a PhD student in law, bringing in a fresh approach to the problem at hand.
- The geographical scope of the project equals eduGAIN and surpasses the European Area.
These features together make sure that both those who don’t own a smartphone by choice or necessity (a constant cohort that never reaches zero in our estimation) can use the system (no wallets or QR codes). But also, those who only use smartphone or chromebook can use it (pdf signature verification optional). Finally there are no badge displayers or JSON interpreters necessary.
The eduCLAIMS project delivered:
- substantial research into the possible use cases and similar projects;
- conducted a legal study of the topic;
- developed a full-feature proof-of-concept system in PHP;
- deployed a compete test federation on four VMs;
- conducted user interviews to validate our concept;
- investigated the Ethereum and the EBSI blockchains to store the hash of the document;
- experimented with the Solana blockchain to store the hash as a program;
- submitted a white paper.
Proof of concept system
Main eduCLAIMS portal (to be used with Shibboleth SP)
Test user database
Copyright 2021 Mihály Héder Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Source code of the main portal (a LAMP application)
PDF Generator/signer with tcpdf and drunken bishop
Source code of the Verifier portal (a LAMP application)