OpenAttestation is an open-source framework that allows for trustworthy education data-sharing by facilitating the decentralised issuance, storage and verification of academic and training documents, in line with applicable data privacy regulations.
Type of Digital Public Good
- Open content
- Open data
- ✅ Open software
- Open standard
- Open AI model
1. Is it relevant to one of the Sustainable Development Goals?
- 3. Good Health and Well-being
Link to Evidence: https://www.healthcerts.gov.sg/
- 4. Quality Education
Evidence: Distributed-ledger technologies are a decentralized, transactional database technology that facilitate validated and peer-to-peer transactions that are consistent across a large number of anonymous network participants - sometimes referred to as nodes. Given its decentralized and tamper-resistant nature, distributed-ledger technology comes with promises of tackling issues of information traceability, accountability, and integrity among a wide variety of individuals, organizations, and institutions across society while improving privacy, transparency, robustness, trustworthiness, and authenticity. The applications of emerging technology have been proliferating in various sectors and, among them, the education field. Distributed-ledger technology can be harnessed to address challenges to issue and verification of educational data. OpenAttestation is an open-source framework that supports the issuance, storage, and verification of different types of academic information, and complies with applicable regulations, protecting the privacy of users' personal data, all these benefits align with and make contributions to SDG 4: Quality Education.
Link to Evidence: https://www.openattestation.com/
- 16. Peace and Justice Strong Institutions
2. Does it use an appropriate open license?
Yes, this project is licensed under the following license(s):
3. Is ownership clearly defined?
Is the ownership of the project and everything that the project produces clearly defined and documented?
If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.
4. Does the license of libraries/dependencies undermine the openess of the project?
Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?
If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?
If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:
5. Is there documentation?
Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For datasets and data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content collections, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.
If yes - please link to the relevant documentation:
- Installation guide - https://github.com/Open-Attestation/open-attestation
- Developer guide - https://www.openattestation.com/docs/docs-section/introduction
- Integrator docs - https://www.openattestation.com/docs/integrator-section/verifiable-document/overview
6. Is non PII data and/or content accessible?
Does this project collect or use non-personally identifiable information (non-PII) data and/or content?
If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?
If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:
7. Does the project adhere to privacy and other applicable international and domestic laws?
Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)
If yes, please list some of relevant laws that the project complies with:
- Personal Data Protection Act 2012 (PDPA) in Singapore
8. Does the project adhere to standards and best practices?
Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)
Which standards does this project support (please list)
- Accessibility - WCAG2.1
- Security - HTTPS, SSL, SHA3
- Internationalization (i18n) - UTF-8, ASCII
- Data Exchange formats - JSON, YAML, XML
- Standard Content formats - PDF
- Multimedia - SVG, PNG, JPEG
Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)
Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?
Which principles and best practices does this project support (please list)
- Software Development - Agile development
- Architectural Design - Modularity and Maintainability, Reusability and Extensibility
9. Does the project do no harm by design?
Has this project taken steps to anticipate, prevent and do no harm by design?
On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm by design?
Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm by design?
Verification of uploaded OpenAttestation compatible documents are computed on the client-side. For the purposes of verification on the blockchain, only the merkle root values are communicated externally for comparison. At no point in time is PII data communicated outside the client-device. Verifiers are only allowed to verify documents that had been shared to them, and do not have access to any database(s). Thus, they are unable to access other persons' records.
9.a. Data Privacy & Security
Does this project collect or store personally identifiable information (PII) data and/or content?
If yes - please list the types of data and/or content collected and/or stored by the project:
If yes - does this project share this data and/or content with third parties?
Please describe the circumstances with which this project shares data and/or content with third parties. Please add links as relevant.
If yes - does the project ensure the privacy, security and integrity of this data and/or content collection and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.
Verification of uploaded OpenAttestation compatible documents are computed on the client-side. For the purposes of verification on the blockchain, only the merkle root values are communicated externally for comparison. At no point in time is PII data communicated of the client-device.
9.b. Inappropriate & Illegal Content
Does this project collect, store or distribute content?
If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)
If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)
If yes - please link to the relevant policy/guidelines/documentation.
If yes - does this project have policies and processes for detecting and moderating innappropriate/illegal content?
If yes - please describe the policies and processes for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):
9.c. Protection from harassment
Does this project facilitate interactions with or between users or contributors?
If yes - does the project take steps to address the safety and security of underage users?
If yes - please describe the steps this project takes to address risk or prevent access by underage users:
- Users of system remain anonymous, and at no time is PII retained in our systems.
If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?
If yes - please describe the steps taken to help users protect themselves.
- Collaboration is done via Github, which have policies in-place for account sign up by underage users.
- Users of system remain anonymous, and at no time is PII retained in our systems.
Development & deployment countries
List of countries this project was developed in.
List of countries this project is actively deployed in.