My name is Angelique and I am working on a group assignment with four classmates. We are from Germany and our project is for our IT class (we are all economics students). Our task is to consult a company about a software solution regarding e-learning opportunities for employees and how to secure the employees information using verifiable credentials (VC) and an e-wallet.
The employee is supposed to be able to take all the offered courses, some are mandatory and some are not. At the same time the employee should be able to control the certificates and who gets access to it/they decide who receives it through the e-wallet (a digital folder to keep all the certificates).
So we are looking for a solution that can send the VC, has a wallet where the user can keep the certificates and securely transfer the VC-data but still keeps the private information of the employee safe.
We stumbled across “Let’s Encrypt” and thought that this might cover part of our problem.
We would like your insight on this, could “Let's Encrypt” be helpful to us?
Thank you in advance
I don't think so. Let's Encrypt can be a small but important part if you need to put a website online.
my company uses Ilias (link to their website) for eLearning purposes. It offers courses and certificates which are bound to the user account. But that is the end of my knowledge about this topic since I am not administrating this platform.
Let's Encrypt on the other hand is simply providing SSL certificates. With these certificates you can secure/encrypt the data between the user and the website from malicious actors (for example "man in the middle" attacks).
Best of luck with your project
Let's Encrypt only offers one type of certificates that is Domain Vaildates (DV) certificates.
Unrelated to Let's Encrypt really (perhaps you could use it to generate temporary domain validated
client certificates which are then used for access).
Perhaps you could use something like Hashicorp Vault as a "Wallet" for secrets, maybe use Let's Encrypt or a custom CA (smallstep) to issue client certificates for access and only allow certain users access to certain secrets in the vault/wallet.
I'd also add that the simplest and most conventional solution is to provide a training portal (website +database) where people have traditional username/password accounts for access, then access to other users to information would be granted via configuration in the database.
However I'm assuming the topic you are studying is specifically interested in decentralized storage, authentication and access control (e.g. digital wallets a user can keep themselves etc).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.