This guide outlines steps required for generating a Link-In-Bio variant of a Personal Profile Document, comprising public credentials that ultimately aid user-controlled self-sovereign identity.

Completing the process below will put you in position to use the YouID Credential Generator, either the browser extension or the iOS app, to achieve the following goals:

1. Generate a Link-In-Bio-style Personal Profile Document.

2. Use credentials in the Profile Document to respond to Identity Authentication challenges when trying to access protected resources from your desktop, notebook, or mobile computing device via HTTPS.

Step-by-Step Guide

Generate a Profile Document

1. Create a folder, like https://kingsley.idehen.net/DAV/home/kidehen/Public/YouID/public-credentials-link-in-bio/

   

   youid-link-in-bio-step-1.png1600×484 50.1 KB

2. Assume your PdP is going to be https://kingsley.idehen.net/DAV/home/kidehen/Public/YouID/public-credentials-link-in-bio/index.html

3. Provide the PdP URL to YouID

   

   youid-link-in-bio-step-2.png691×664 35.3 KB

4. Complete the rest of the form

   

   youid-link-in-bio-step-4.png1203×441 13.4 KB
   

   youid-link-in-bio-step-5.png1213×397 22.4 KB

5. Generate your Credentials

   

   youid-link-in-bio-step-6.png1118×690 79.9 KB
   

   youid-link-in-bio-step-7.png1113×683 94.5 KB

6. Download Zip Archive

Generated Credentials Publication

1. Unzip Archive

   

   youid-link-in-bio-unzipped-files.png934×600 124 KB

2. Mount a designated remote HTTP+WebDAV accessible folder to your desktop OS i.e., the same folder created in step 1 of the Credentials Generation Section

3. Copy all the files extracted from the ZIP archive to the WebDAV folder mounted in the previous step

   

   youid-link-in-bio-unzipped-files-copy.png695×603 90.2 KB

4. Use your browser to view the files in the remote WebDAV location

   

   youid-link-in-bio-unzipped-files-copied-dav1598×741 207 KB

5. Verify that your newly generated NetID resolves, by clicking your variant of https://kingsley.idehen.net/DAV/home/kidehen/Public/YouID/public-credentials-link-in-bio/index.html#netid

Registering a NetID with YouID’s browser-hosted credential store (also referred to as a wallet)

Note: The following steps only apply to the YouID Browser Extension (not to the YouID hosted service).

1. Add your variant of https://kingsley.idehen.net/DAV/home/kidehen/Public/YouID/public-credentials-link-in-bio/index.html#netid to your YouID-managed NetID List.

   

   youid-link-in-bio-local-netid-list-1.png1276×708 63.9 KB
   

   youid-link-in-bio-local-netid-list-2.png629×634 46.5 KB

Private Credentials Storage

1. Locate the private credentials from the secure PKCS#12 file (situated in the folder created when you unzipped the YouID generated ZIP archive)

   • macOS Filesystem View of Secure PKCS#12 Credentials Document

     

     youid-link-in-bio-local-credentials-1.png928×338 79.7 KB

2. Open the secure PKCS#12 credentials file using the mechanism provided by your host operating system (commonly a double-click, since every modern operating system understands this secure file format)

   • macOS Keychain.app View of Secure PKCS#12 Credentials Document

     

     youid-link-in-bio-local-credentials-2.png894×512 91.7 KB

   • macOS Keychain.app View of Credentials Notarized by an X.509 Certificate

     

     youid-link-in-bio-local-credentials-3.png982×775 77.3 KB

   • macOS Keychain.app View of Credentials Notarized by an X.509 Certificate Contd

     

     youid-link-in-bio-local-credentials-4.png983×508 46.7 KB

If you plan to send self-signed emails using Apple Mail or Microsoft OutLook, repeat these steps for the Certificate Authority (CA) secure PKCS#12. If you plan to use Thunderbird, you will only need to load the CA’s .pem file when prompted during the configuration process for your email account.

Credentials Verification

This is achieved by a NetID-TLS verification service (at an endpoint), that implements Client Certificate Authentication using an extended session initialization handshake along the following lines:

1. De-references the hyperlink used to denote the subject of the X.509 certificate used in the session initialization to a publicly-accessible profile document comprising a public credentials mirror, i.e., a Public Key, Public Key SHA-1 hash, etc.

   

   youid-link-in-bio-verification-1.png1132×465 79.3 KB
   

   youid-link-in-bio-verification-2.png1108×580 110 KB

2. Compares the public and private credentials to ensure a match

3. Returns a publicly-accessible signed certification document, if the credentials match

   

   youid-link-in-bio-verification-3.png1596×716 156 KB

Conclusion

As demonstrated in this post, each YouID release reduces the friction associated with Self-Sovereign Identity that’s fully controlled by end-users rather than technology vendors.

End-users can now take advantage of the following without any third-party dependencies:

1. Issue X.509 Certificates that can be used to digitally sign and/or encrypt emails using the S/MIME protocol — supported by all modern email applications across desktops, notebooks, or mobile phones
2. Generate Link In Bio profile documents comprising verifiable credentials that manifest a powerful Personal Profile Knowledge Graph, without any limitations applied to additional profile document cross-references

Availability

• …for Chrome, Brave, Opera, and other compatible browsers
• …for Firefox
• …for Safari (working its way through App Store Review)
• …for iOS on iPhone or iPad (coming soon!)

Related

• YouTube Screencast Demonstration
• YouID 1.6.9 Release Notes
• YouID 1.6.4 Release Notes
• YouID & Self-Sovereign Identity using Decentralized Public Key Infrastructure (DPKI)