3. Digital Credentials along the Student Journey
Icon: Freepik
3
Study orientation
Propaedeutics
Language test
Apply for a
study abroad
programs
Apply for a
scholarship
Final diploma
Continuous
Education Life-
long learning
External achievements,
such as MOOCs,
Modules & Micro
Degrees
Additional certificates
Recognition of
credits earned
abroad
German University Entrance
Qualification (HZB)
Application
Admission
National European Global
4. Digital Credentials and International Mobility
21.09.2021
Fußzeile 4
Supporting students, researchers and artists from Germany and abroad
(1950-2020)
1,600,000
funding recipients from Germany
1,090,000
funding recipients from abroad
5. Recommendations
Techology is there, but processes have to be designed properly
Therefore,
• Create experimental spaces
• Built strong networks and partnerships
• Ensure exchange with policy-makers and stakeholders
• Interoperability is key!
21.09.2021
Fußzeile 5
7. The DAAD – Onsite Worldwide
21.09.2021
Fußzeile 8
DAAD headquarters in Bonn
and Berlin Office
68DAAD Offices worldwide
including
50Information Centers
and
18Regional Offices
5German Centres for Research
and Innovation (DWIH)
472lectureships at
higher
education institutions
abroad
8. The DAAD Global Network – Regional Offices
21.09.2021
Fußzeile 9
9. Section Digitalisation at DAAD
21.09.2021
Fußzeile 10
1. Coordinates digital
change:
• in an international university and academic context
• within the DAAD, together with all departments
2. Implements internationalization digitally:
• in projects: digital educational space, digital campus,
VORsprung, digital educational certificates for
universities, OpenU, Groningen Declaration Network, ...
• through networking: #Semesterhack 2.0, EDSSI,
Atingi, KI-Campus, Allianz Digitale Information, ….
10. Section Digitalisation at DAAD
21.09.2021
Fußzeile 11
3. Builds up knowledge and skills
• in the cross-section of internationalization & digitization
• for dissemination in-house and in universities
11. Section Digitalisation at DAAD …at Glance
21.09.2021
Fußzeile 12
6Third-Party Funding
Projects
26Financial
Volume
Million €
45
Active Collaboration with
(international)
Project-Partners
Memberships
1
4
in international Networks/
Committees
5Publications
Annually
At
least
2 Dissemination-
Events
Monthly
12. Academic Credentials Today
Icons: Freepik (7), Good Ware
21.09.2021
Fußzeile 13
?
At today's HEI,
academic outcomes and learning
achievements are stored in data silos.
The presentation is predominantly paper-
based.
This makes checking the integrity and
validity of academic credentials time-
consuming.
Learner’s portfolio is unfairly incomplete,
since other achievements outside the HEI
are not included in the portfolio.
Additionally, it is a trust-issue, for
instance, proving academic credentials
from abroad.
We urgently need to redesign the way we issue,
recognize, and transact with academic
credentials, so that…
Exchanging and evaluating credentials
becomes increasingly efficient
Protecting and verifying credentials
becomes more reliable and hence reducing
the opportunity for fraud
Expanding learner’s control over their
credentials, enabling a verifiable history of
lifelong learning
13. Digital Credential System: Core Idea, Features & Interactions
21.09.2021
Fußzeile 15
Digital Credential
Envelope
(meta level)
Data Object
Validation
Service
Third Party
(Employer)
transports/
stores
revokes
shares
issues
validates
HEI
Student
14. Digital Credential System: Issue Credential
21.09.2021
Fußzeile 17
Digital Credential
Envelope
(meta level)
Data Object
Validation
Service
Third Party
(Employer)
transports/
stores
revokes
shares
validates
issues
HEI
Student
15. Digital Credential System: Transport Credential
21.09.2021
Fußzeile 19
Digital Credential
Envelope
(meta level)
Data Object
Validation
Service
Third Party
(Employer)
revokes
shares
issues
validates
HEI
transports/
stores
Student
16. Digital Credential System: Store Credential
21.09.2021
Fußzeile 22
Digital Credential
Envelope
(meta level)
Data Object
Validation
Service
transports/
stores
revokes
issues
validates
HEI
Third Party
(Employer)
shares
Student
17. Digital Credential System: Verify Credential
21.09.2021
Fußzeile 23
Digital Credential
Envelope
(meta level)
Data Object
transports/
stores
revokes
shares
issues
HEI
Student
Validation
Service
Third Party
(Employer)
validates
18. Digital Credential System: Revoke Credential
21.09.2021
Fußzeile 25
Digital Credential
Envelope
(meta level)
Data Object
Third Party
(Employer)
transports/
stores
revokes
shares
issues
validates
Student
Validation
Service
HEI
21. Groningen Declaration Network
21.09.2021
Fußzeile 29
Data:
GDN, T.R.U.S.T.
Hub
Central/national digital degree registers Other countries with projects still under development
Groningen Declaration Network: T.R.U.S.T. Hub
22. Groningen Declaration Network
1.1 Groningen Declaration Network(GDN):
• was established in Groningen (NL) in 2012
• is an association of universities, ministries, organizations
associations from science and education as well as
service providers
• comprises 110 signatories from 30 countries (and the
continents. DAAD is a signatory since 2019.
• A member of Board of Directories in the next annual
in Canada next November.
21.09.2021
Fußzeile 30
23. Groningen Declaration Network
• aims is to promote trusted student data portability
worldwide.
• The exchange in the Groningen Declaration Network enables
enables DAAD to learn from current developments and
projects around the world in the field of student data
mobility. For instance, digitizing the process of granting
scholarships.
21.09.2021
Fußzeile 31
25. Digital Credentials Consortium
1.2 Digital Credentials Consortium (DCC):
• was founded in 2018 by 12 leading universities from
North America & Europe
• has the mission to create a trusted, distributed and
shared infrastructure for digital academic credentials
• published & develops solutions based on a white
paper „Bulding the digital credential infrastructure for
the future“
• DiBiHo project based on this paper
21.09.2021
Fußzeile 33
26. World Wide Web Consortium – W3C VC
W3C VC Data Model 1.0: Roles and information flows.
21.09.2021
Fußzeile 34
27. World Wide Web Consortium – W3C VC
1.3 W3C Verifiable Credentials:
• is a data model developed by W3C Verifiable Credentials
Working group starting in 2017. W3C standard since 2019
• provides a general model & use cases for handling any
verifiable claim (not only educational) to a person
(e.g. driver license, vaccine certificate, university degree)
• has been adapted in other digital credential projects
e.g. EDCI
21.09.2021
Fußzeile 35
28. Projects & Initatives
1.4 Open Badges:
• was developed by Mozilla Foundation in 2011 and
has been maintained by IMS Gloabal Learning
Consortium since 2017.
• describes a method for packaging information about
accomplishments, embedding it into portable image
file as a digital badge, and establishing an
infrastructure for bage validation. OpenBage3 will
combine OpenBadges with W3C VC
21.09.2021
Fußzeile 36
31. MyCreds (Canada)
2.1 MyCreds (Canada):
• developed by digitary and is a property of
ARUCC(Association of Registrars of the Universities
and Colleges of Canada), Canada‘s national body for
registerars and enrolment services
• is a platform and website which
offers cloud credentials wallet for students for secure
issuing, exchange and, and verification
of digital documents, badges, micro-credentials and
diplomas from across Canada and around the world
21.09.2021
Fußzeile 39
32. XBildung, XHochschule, XSchule (Germany)
2- National Projects:
2.1 XBildung, XHochschule, XSchule (Germany) :
• XBildung is a standardisation project for the
German education sector in the context of the OZG
(Oniline-Access-Act)-Implementation
• XBildung aims to develop data exchange
standards covering a huge variety of data and
documents occurring during learner‘s journey in
the education sector and beyond
21.09.2021
Fußzeile 40
33. XBildung, XHochschule, XSchule (Germany)
2.1 XBildung, XHochschule, XSchule (Germany) :
• XBildung is segemented into modules
(XHochschule, XSchule, XBaFög) covering specific
areas and it started with the development of
Xhochschule specifications
• XHoschule released a first specs in Nov. 2020 (as
of Sep. 2021 V. 0.7)
• XSchule: started April 2021
21.09.2021
Fußzeile 41
36. Europass
3.1 Europass:
• started in 2004 as an intiative by the European
Union to increase transparency of qualifications
and mobility of citzens in the EU
• New Eupropass portal launched in July 1, 2020 to
assist European citizens in making their skills and
qualifications clearly understood by employers and
educators in other EU countries
• Documents: CV, Language Passport, Europass
Mobility, Certificate Supplement, and Diploma
Supplement
21.09.2021
Fußzeile 44
37. European Blockchain Services Infrastructure (EBSI)
3.2 European Blockchain Services Infrastructure
(EBSI):
• In 2018 EU Member States, Norway and
Lichtenstein joined the European Commission and
formed European Blockchain Partnership (EBP).
• The EBP‘s vision is to leverage blockchain to
ensure that the processes of information sharing
are trustworthy while moving from paper-based to
digital and thus accelerate the creation of cross-
border services for public administrations and
ecosystems
21.09.2021
Fußzeile 45
38. Projects & Initatives
• Since 2020, EBSI is deploying a network of
distributed nodes, supporting applications for
selected use-cases
• Use Cases:
• Implementing European SSI model
• Diploma
• Document traceability
• Trusted data sharing
21.09.2021
Fußzeile 46
39. Consortium Project Goal
Project Period Funding Contact Links
Digital Credentials for Higher Education Institutions - DiBiHo
21.09.2021
Fußzeile 47
Exploration of a trusted, distributed, and internationally
interoperable infrastructure standard for issuing, storing,
presenting, and verifying digital academic credentials in a national
and international context for German Higher Education Institutions.
11/2020 –
12/2022
Matthias Gottlieb (project manager,
TUM)
Alexander Mühle (lead HPI team)
Kathleen Clancy (lead DAAD team)
www.dibiho.de
Ref. No. M534800
40. DiBiHo
21.09.2021
Fußzeile 48
Fall 2021
State-of-the-Art Analysis
Spring 2022
Prototypes
Fall 2022
Operating, Provider, and
Support Concept
Winter 2021
IT-Security and GDPR Concept
Sep 2021
Requirements
Analysis
Dec 2022
Final report
41. Images
1- Projects Map: R. Rentzsch „Digital Credentials in Education-The Situation in Germany and Europe in
2020“
2- GDN: https://www.groningendeclaration.org
3- DCC: https://digitalcredentials.mit.edu/
4- W3C-VC: https://www.w3.org/TR/vc-data-model/
5- Open Badges: https://openbadges.org/
6- MyCreds: https://myCreds.ca
7- Digitary: https://www.digitary.net/
8- x{Bildung|Hochschule|Schule}: https://xbildung.de/
9- Europass: https://europa.eu/europass/
10- EDCI: https://ec.europa.eu/
21.09.2021
Fußzeile 49
42. Useful Sources
i) Alex Preukschat et al.: “Self-sovereign Identity: Decentralized Digital Identity and
Verifiable Credentials” [Book]
ii) R. Rentzsch: “Digital Credentials in Education – The Situation in Germany and
Europe in 2020” [Online] https://www.iit-berlin.de/wpcontent/uploads/2021/05/03-
Kurzstudie-Digital-Credentials.pdf
iii)Digital Credential Consortium: "Building the digital credential infrastructure for the
future“ [Online] https://digitalcredentials.mit.edu/wp-content/uploads/2020/02/white-
paper-building-digital-credential-infrastructure-future.pdf
iv) C. Allen: “The Path to Self-Sovereign Identity” [Online]
“http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html”
21.09.2021
Fußzeile 50
Hier ggf. die Folie i.S.d. WMS/ weitergehender Beratung ergänzen
DAAD Funding Recipients from Germany and Abroad
Core Idea: Digital Credential = data object+ envelope
Document is placed into an envelope and can be seen like the paper a university issues to graduate (name of the receipent, description of the credentials,….)
Envelope ensures the confidentiality, integrity and authenticity of the document.
Core Features & Interactions:
i) Issue Credential ii) Transport Credential
iii) Store Credential iv) Verify Credential v) Revoke Credential
i) Issue Credential
Envople:
Bevor linking the credential to an identifier, the issuer must ensure that the identifier is assigned to the associated learner (e.g. digital signatures) and applies the existing legal framework for the envelope (e.g. OZG, eIDAS)
OZG: Onlinezugangsgesetz, German for Online-Access-Act
eIDAS: electronic IDentification, Authentication and trust Services
EDCI: Europass Digital Credentials | Interoperability
Data object:
Steps:
i)Identification the issuer by registration authority or certificate authourity
ii)The metadata and the content of the object are defined by using frameworks like EDCI, ELMO or xHochschule(Germany)
ii) Transport Credential (Sending Certificate from issuer to subject)
This transport can be implemented, for example, in that the VC directly is transferred from the issuer to a wallet of subject (agent-to-agent Communication)
This is then again in particular on the Respect the authenticity of the subject. In particular during transport, the confidentiality of the digital credentials must be ensured be respected. This means that only authorized persons can access the Received credentials.
i) Issue Credential
Envople:
Bevor linking the credential to an identifier, the issuer must ensure that the identifier is assigned to the associated learner (e.g. digital signatures) and applies the existing legal framework for the envelope (e.g. OZG, eIDAS)
Data object:
Steps:
i)Identification the issuer by registration authority or certificate authourity
ii)The metadata and the content of the object are defined by using frameworks like EDCI, ELMO or xHochschule(Germany)
OZG: Onlinezugangsgesetz, German for Online-Access-Act
eIDAS: electronic IDentification, Authentication and trust Services
EDCI: Europass Digital Credentials | Interoperability
ii) Transport Credential (Sending Certificate from issuer to subject)
This transport can be implemented, for example, in that the VC directly is transferred from the issuer to a wallet of subject (agent-to-agent Communication)
This is then again in particular on the Respect the authenticity of the subject. In particular during transport, the confidentiality of the digital credentials must be ensured be respected. This means that only authorized persons can access the Received credentials.
iii) Store Credential
There are generally three approaches for storing digital certificates in SSI system.
i) Local storage, for example on mobile devices or specialized
secure storage devices, is under the control of the user himself
and thus requires the least degree of trust vis-à-vis third parties
ii) Storage hosting by cloud providers or other service providers
introduces a central “single point of failure”
iii) Decentralized solutions, e.g. Interplanetary File System (IPFS),
+ high level of reliability and continuous availability
- secure access in such distributed hash tables
There are generally three approaches. These approaches meet different demands for trustlessness and user-friendliness.
Local storage, for example on mobile devices or specialized secure storage devices, is under the control of the user himself and therefore requires the least degree of trust vis-à-vis third parties. At the same time, security against failure and continuous availability must be ensured.
Storage hosting by cloud providers or other service providers introduces a central “single point of failure”. Storage hosting by cloud providers or other service providers introduces a central “single point of failure”. However, the user-friendliness is correspondingly high due to the management of the service taken over by the provider.
Lokaler Speicher, beispielsweise auf mobilen Geräten oder spezialisierten sicheren Speichergeräten, liegt unter der Kontrolle der nutzenden Person selbst und erfordert dadurch den geringsten Grad an Vertrauen gegenüber Dritten. Gleichzeitig müssen Ausfallsicherheit und fortlaufende Verfügbarkeit sichergestellt werden. • Speicherhosting durch Cloudanbieter oder anderen Serviceanbietern führt einen zentralen „Single Point of Failure“ ein. Jedoch ist die Nutzerfreundlichkeit durch das vom Anbieter übernommenen Management des Service entsprechend hoch. • Dezentrale Lösungen wie das Interplanetary File System bieten ebenfalls hohe Ausfallsicherheit und fortlaufende Verfügbarkeit, jedoch sind besonders Aspekte des gesicherten Zugriffs in solchen Distributed Hash Tables zu beachten.
iv) Verify Credential
The verification of digital credentials comprises three core components:
1) The Identity of the issuer
(check integrity, correctness and plausibility)
2) the identity of the recipient
3) the validity of the Credentials.
The plausibility check is used for this Technical and IT security aspects 18th determine whether the relying party trusts the identity of the issuer
The plausibility check is used for this Technical and IT security aspects 18th determine whether the relying party trusts the identity of the issuer
v) Revoke Credential
-The process of revocation must ensure that during the Verification
process only credentials are positively assessed, which are not
already revoked by the issuer
- Technical Implementation:
- Verification: Revocation Lists
- Credentials Integrity: Merkle Tree, Hash Functions
For the technical implementation, as already described, Revocation lists used.
The issuer of a certificate or other authorized persons can add credentials to this list to ensure successful verification impede.
Cryptographic tools such as hash functions, Accumulators or Merkle trees to reduce the disclosed data can be used.
A key requirement for revoking a digital credential is authorization of the revoking party.
It must also be ensured that the information Cannot be manipulated unnoticed via revoked credentials (integrity).
For the technical implementation, as already described, Revocation lists used.
The issuer of a certificate or other authorized persons can add credentials to this list to ensure successful verification impede.
Cryptographic tools such as hash functions, Accumulators or Merkle trees to reduce the disclosed data can be used.
A key requirement for revoking a digital credential is authorization of the revoking party.
It must also be ensured that the information Cannot be manipulated unnoticed via revoked credentials (integrity).
International cooperation and networking of European countries on the topic of digital credentials in education
From existing student data repositories to universities, scientific and administrative organizations, associations of universities, students, registrars or other stakeholders in the field of digital student data to (commercial) service providers.
Delft University of Technology (The Netherlands) Georgia Institute of Technology (USA) Harvard University (USA) Hasso Plattner Institute, University of Potsdam (Germany) Massachusetts Institute of Technology (USA) McMaster University (Canada) Tecnologico De Monterrey (Mexico) TU Munich (Germany) UC Berkeley (USA) UC Irvine (USA) University of Milano-Bicocca (Italy) University of Toronto (Canada
Centralized Solution credentials databases
Beyond: for example ex-immatriculation certificates, BAföG , German for Federal Training Assistance Act for students at secondary schools and universities in Germany
Beyond: for example ex-immatriculation certificates, BAföG , German for Federal Training Assistance Act for students at secondary schools and universities in Germany
ESSIF - Implementing a Self-Sovereign Identity model in Europe, allowing users to create and control their own identity across borders.
Diploma - Citizens gain digital control of their educational credentials, significantly reducing verification costs and improving trust in documents’ authenticity
Document traceability - Storing immutable reference data of documents or other digital artefacts that can be used at a later stage as proof of their authenticity/integrity and can be linked together to build a trusted, timestamped audit trail.
Trusted data sharing - Securely share data (such as IOSS VAT identification numbers and import one-stop-shop) among customs and tax authorities in the EU
A two-year joint project 01.11.2021- 31.12.2022TUM, HPI & DAAD. Funded by German Federal Ministry of Eduction and Research
The project explores a trusted, distributed, and internationally interoperable infrastructre standard for issuing, storing, presenting and verifying digital academic crdentials in a national and international context.
Based on the paper „Bulding the digital credentials infrastructure for the future“
Therefore, the project aims to define goals in digital credentials for German Higher Education Institutions independent of specific service providers or vendors.
“
Hier ggf. die Folie i.S.d. WMS/ weitergehender Beratung ergänzen
Hier ggf. die Folie i.S.d. WMS/ weitergehender Beratung ergänzen