Concepts

Triple Safety

Recipients of achievement certifications have a strong interest to never lose the certifications, while at the same time limiting and controlling who has access to them. Triple safety describes the conjunction of physical, self-managed digital and provisioned digital records. Through the artefacts produced by d-gree, recipients can combine all three ways of storing their certifications over long periods of time. It is advised to do so, because all three ways come with limitations.

  • Self-managed digital records: All produced files can be downloaded and maintained as part of a personal files backup strategy. The limitation is that most people do not have a convincing backup strategy, and even those who have may be surprised by sudden storage media failure. Especially with portable media, further risks are shared with physical records: theft, fire, disarrangement.

  • Provisioned records: Links to hosted files especially on trusted university or government resources can be expected to last for many years. The main limitation is that few institutions or countries have the necessary infrastructure to guarantee long-term storage and access. Moreover, in cases of political instability, only a global access would provide the necessary safety, which in turn raises questions about the sustainable financing of such infrastructure.

  • Physical records: Confirmation documents and self-contained QR codes can be printed and stored on paper for life. Limitations are theft, fire or simply forgetting the place where they are stored. Multiple printouts at different locations can mitigate to some extent.

Decentralisation

Decentralisation is a means to increase the safety of long-term storage against hardware failures and provider disruptions. Through replication of digital achievement records and certifications across physically and logically decentralised infrastructure, the negative effects of unavoidable negative events can be reduced. For this reason, d-gree contains components that allow for decentralised storage but also management of micro-credentials.

Access and Privacy

With certifications, there is a trade-off between data protection needs and proving needs as follows:

  • Proving: A recipient would like to prove to selected others or the public that a certification was obtained.

  • Protection: A recipient would not like to know everybody everything about the certifications, or maybe even nothing at all.

To accommodate this balance, d-gree allows accessing artefacts based on link sharing, without passwords. The protection is achieved by 56-character hexadecimal identifiers of the artefacts, which is a search space of 10^68, offering sufficient practical security especially when the infrastructure protects against brute-force file search. This protection is currently under development.