zkPass Integration
Last updated
Last updated
Despite facing hurdles, ShopSphere continues to be steadfast in its dedication to ensuring customer privacy and fostering transparency in the evaluation of ShopSphere account holder verification, as required by Krisna, its new business collaborator.
To fulfill this commitment, ShopSphere has revamped its mobile app to incorporate the zkPass Proof-as-a-Service framework and to facilitate interactions with the Krisna app on mobile devices. A significant advantage of this integration is that ShopSphere doesn't need to alter the existing architecture or implementation of its OIDC Provider service, resulting in considerable savings in development costs. On the other hand, Krisna only needs to make minor adjustments to its login server to return the "ShopSphere Account Holder" DVR upon successful login. Additionally, Krisna must update its mobile app to launch the ShopSphere mobile app for authentication via the ShopSphere OIDC Provider, enabling its dual user to log into the ShopSphere system securely and receive the ZK proof for being a ShopSphere account holder.
zkPass empowers associated organizations within the ShopSphere network to perform thorough evaluations of account holder profiles while maintaining the confidentiality of sensitive data.
For a complete integration with the zkPass framework, there are three principal stakeholders engaged in the ShopSphere account holder verification screening process as outlined below:
ShopSphere OIDC Provider (Data Issuer) ShopSphere OIDC Provider assumes the role of the Data Issuer, as specified by the zkPass framework. In this capacity, ShopSphere defines the attributes encapsulated within the ShopSphere ID token as previously described.
Thanks to the format-agnostic nature of zkPass concerning user data, the articulated ShopSphere ID token is fully interoperable with the zkPass Service. This provides substantial flexibility for the Data Issuer, enabling it to work seamlessly with any data schema or format for its user data.
Krisna Service (Proof Verifier) Taking the Proof Verifier role within the context of the zkPass framework, the Krisna service backend defines the criteria for the "ShopSphere Account Holder” Data Verification Request (DVR). This DVR encapsulates the eligibility requirements established by Krisna for assessing ShopSphere account holder verification. Krishna user who passes this DVR is deemed as a ShopSphere account holder and, therefore, will be eligible for the 10% discount.
Before generating the DVR, Krisna has already ascertained the applicant's identity through alternative mechanisms, such as manual verification or AI-based OCR scanning. Having acquired and validated the applicant's full name and driver's license number, this data serves as a cross-referential check against the customer profile to ensure its attribution to the correct individual.
ShopSphere App (Data Holder) Developed by ShopSphere, the "ShopSphere" mobile application serves as the main tool for account holders to access a multitude of e-commerce features. This application represents the “User”, also called the “Data Holder,’ role in the zkPass ecosystem. In the zkPass workflow, the Data Holder is usually the user who is interested to answer or resolve the query posed by the Proof Verifier. ShopSphere app is designed to securely retrieve customer ID profile data from ShopSphere OIDC Provider databases, implementing stringent authentication protocols to ensure that only authorized account holders gain access to sensitive information. The application collects the “ShopSphere Account Holder” DVR from Krisna and the user’s “ShopSphere ID Token” from ShopSphere, and relays the information to zkPass Service to create the ZK proof for the ShopSphere account holder verification eligibility.
All of the three stakeholders above, ShopSphere OIDC Provider, ShopSphere app, and Krisna service, are essentially the client components of the zkPass framework. Each client uses the zkPassClient library to interact with the ecosystem, as illustrated by the following diagram.
As depicted above, ShopSphere circumvents direct access from external organizations to the ID token, which comprises various personal and sensitive attributes irrelevant to the ShopSphere account holder verification assessment. Instead, Krisna must outline the criteria in the "ShopSphere Account Holder” Data Verification Request (DVR), which the ShopSphere app subsequently fetches. Upon collecting the user data and the DVR, the app employs the zkPass Service to generate proof. This proof, stripped of any personally identifiable information (PII), constitutes the sole data payload transmitted to Krisna, thereby preserving the privacy of ShopSphere's customers.
Moreover, an implicit trust relationship exists between Krisna and ShopSphere, as demonstrated. Krisna relies on the assumption that the data encapsulated within the ShopSphere ID Token is both accurate and verifiable.