RIF Self-sovereign Identity works under a set of JWT-based and blockchain-based protocols building a user centric verifiable credential model.

What is a JWT?

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. 1 These claims can be secured with digital signatures or Message Authentication Codes, and/or encrypted with different algorithms. The following is an example of a JWT Claims Set:


RIF Identity expresses support for RFC-7519

Identity representation

Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital identity.2 A DID identifies any subject such as a person, an organization, a thing, an abstract entity, and so on.

DIDs are URIs that represent the identities in a unique manner - the DID URI contains a public key representing the owner of that identity. A DID identity is mapped to a DID Document that expresses current state of that identity. Control delegations and identity ownership transfers are some of the actions that can be performed to modify the public state of a DID Document - to do so in a secure and public way RSK blockchain is used.

RIF Identity currently supports rsk and rsk:testnet Ethr-DID method3 networks. As an example, this two DIDs are valid RSK and RSK Testnet DIDs:


RIF Identity expresses support for Decentralized Identifiers (DIDs) v1.0 and Ethr DID Method Specification

Multi identity model

Imagine what would happen if each time you present your national identity card you reveal your blockchain address which can show the amount of funds you have and historical transaction information. To enable users keep their data private and safe, RIF Identity specifies a deterministic identity derivation standard schema that will allow users to obtain multiple public identities for free with the guarantee of recovery on any device.

This schema is based on BIP-325 hierarchical deterministic derivations of public keys. With a seed you can create multiple private keys, those private keys control multiple identities. These identities, as far as the model is correctly designed, do not share information that can associate one with another.

The master key entropy is represented by a BIP-39 mnemonic phrase4 . The derivation path used for RSK is m/44'/137'/0'/0/i6 where i is used to index different identities.


RIF Identity expresses support for BIP-32, BIP-39 and RSKIP-57

Verifiable credentials model

Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries.7

If credentials are cryptographically signed, the holder of the credential does not need any action on the issuer to prove that credential was issued by it. In addition, the identity controller of the subject that that credential was issued to can provide a cryptographic proof expressing control of the identity. With this proof schema the verification for a credential presentation consists of proving two cryptographically signed messages.


For example, this model enables a transport office to issue a credential for an approved driver (Alice), that is able to use that credential in a transport control. The officer who verifies the credential does not need access to any centralized database to attest the driving license was issued to the person presenting it.


In general, the model is represented by three different entities:

  • Holder
  • Issuer
  • Verifier

This three entities can perform 4 different basic actions:

  • Issue credentials
  • Verify credentials
  • Present credentials
  • Verify presentations

RIF Identity expresses support for Verifiable Credentials Data Model 1.0