Skip to main content

UbID Ecosystem Diagram

This page describes the main components of the UbID ecosystem and how they interact across credential issuance, credential storage, verification, and secure recovery.

UbID is designed as a decentralized identity platform composed of issuer services, holder-controlled vaults, verifier services, cryptographic infrastructure, and recovery components.

High-level ecosystem

The main UbID components are:

ComponentPurpose
IssuerIssues verifiable credentials to users or organizations.
Holder / VaultStores credentials, encrypted keys, user identity data, and recovery material under user control.
VerifierRequests and validates credential presentations.
Recovery Cloud / GatewaySupports secure account and key recovery without exposing private keys directly.
Guardian layerAllows recovery assistance through trusted parties or threshold recovery models.
Trust infrastructureProvides cryptographic validation, metadata, public keys, schemas, and credential verification rules.
Protocol layerSupports OpenID4VCI, OpenID4VP, SD-JWT VC, WebAuthn, and future DIDComm interoperability.

Conceptual architecture

+------------------+        OpenID4VCI          +------------------+
| | credential issuance | |
| Issuer +--------------------------->+ Holder / Vault |
| | | |
+---------+--------+ +---------+--------+
| |
| issuer metadata | verifiable presentation
| schemas | OpenID4VP
v v
+------------------+ +------------------+
| | validation | |
| Trust Metadata +<---------------------------+ Verifier |
| and Schemas | | |
+------------------+ +------------------+


+------------------+ encrypted recovery +------------------+
| |<--------------------------->| |
| Holder / Vault | | Recovery Cloud / |
| |---------------------------->| Gateway |
+------------------+ guarded recovery flow +------------------+
|
| guardian-based recovery / threshold model
v
+------------------+
| |
| Guardian Layer |
| |
+------------------+