UbID Ecosystem Diagram
This page describes the main components of the UbID ecosystem and how they interact across credential issuance, credential storage, verification, and secure recovery.
UbID is designed as a decentralized identity platform composed of issuer services, holder-controlled vaults, verifier services, cryptographic infrastructure, and recovery components.
High-level ecosystem
The main UbID components are:
| Component | Purpose |
|---|---|
| Issuer | Issues verifiable credentials to users or organizations. |
| Holder / Vault | Stores credentials, encrypted keys, user identity data, and recovery material under user control. |
| Verifier | Requests and validates credential presentations. |
| Recovery Cloud / Gateway | Supports secure account and key recovery without exposing private keys directly. |
| Guardian layer | Allows recovery assistance through trusted parties or threshold recovery models. |
| Trust infrastructure | Provides cryptographic validation, metadata, public keys, schemas, and credential verification rules. |
| Protocol layer | Supports OpenID4VCI, OpenID4VP, SD-JWT VC, WebAuthn, and future DIDComm interoperability. |
Conceptual architecture
+------------------+ OpenID4VCI +------------------+
| | credential issuance | |
| Issuer +--------------------------->+ Holder / Vault |
| | | |
+---------+--------+ +---------+--------+
| |
| issuer metadata | verifiable presentation
| schemas | OpenID4VP
v v
+------------------+ +------------------+
| | validation | |
| Trust Metadata +<---------------------------+ Verifier |
| and Schemas | | |
+------------------+ +------------------+
+------------------+ encrypted recovery +------------------+
| |<--------------------------->| |
| Holder / Vault | | Recovery Cloud / |
| |---------------------------->| Gateway |
+------------------+ guarded recovery flow +------------------+
|
| guardian-based recovery / threshold model
v
+------------------+
| |
| Guardian Layer |
| |
+------------------+