What is "Add issuer" purpose in the Android App


#1

Hi,

I read the Getting started guide, watched the demo video, and tried the cert-issuer, cert-tools, and the set-viewer locally. I understand how Blockcerts work but I have 2 questions:

  1. I saw the “Add issuer” option in the Android app, it’s asking an Issuer URL, and a One time code, what is it for? Is there some demo data, that I can use to try
  2. If I understand well the university issuing the blockchain credential of a student, has to ask the students to send theirs? or can the university generate random public key and send them to the student who will import the credentials to the app? what is the recommended process?

Thanks a lot and congrats, Blockcerts is an awesome project!


#2

Hi,

Both questions revolve around similar issues of the issuer establishing a strong connection with known recipients in a manner that results in getting the data needed for reliable issuance of recipient owned certificates.

  1. Since providing certificates is an issuer initiated process, the issuer needs to invite recipients to participate. The issuer URL and one-time code is required to help the recipient add the proper institution. Once this occurs, the Issuer will display on the recipients app, ready to receive certificates. In the background, the app has sent the issuer the recipient’s public key. It is by virtue of controlling the private key (via the app) that recipients can demonstrate ownership of their records.

  2. Yes, the issuing institution must ask the recipients to send their public key. The mobile app makes this easy. If a university were to simply generate keys for students, then those students would not truly own their credentials. One of the main values of this ecosystem is providing credentials that have no ongoing dependence on the issuer. Think Syria. If institutions collapse, people should not lose the ability to use their records.

I hope this helps!


#3

Hi Chris,

Thanks for your answer it’s very clear.
Just one question that I still have in my mind, how as an issuer can you generate a One time code? Can the one time code be used to many users or is it unique for each user? Can the user send it’s name / identity through this process?

Thanks again,


#4

The way we implemented Blockcerts within Learning Machine’s software was to generate a one-time code each time a list of recipients was invited to get the app. So, each invite email sends the same one-time code to everyone on that list. Visually, we kept the Blockcerts branding as a best-of-class example of how to use Blockcerts in a commercial context. The email below automates the action by simply asking the recipients to download the app and click a button:

Customers like MIT have also inserted their own authentication login layer for an extra step of security during this recipient onboarding process.