Open Badges¶
Open Badges provides the JSON data model to represent achievements issued by some entity to a given recipient.
Data model¶
The core entities they define are:
Profile¶
Data model for an entity, either a recipient of an achievement, or its issuer. Provides details about them (name, description, image) and how to contact them (email, phone, URL).
Hint
For instance, a university that issues certificates like the M.I.T. or the recipient who completes a course.
Note
In practice, Profile is a data model just used for certificate issuers.
Badge¶
Data model to represent an achievement, issued by an entity defined by the previous Profile data model. They provide information about the achievement obtained, the knowledge obtained, what was required to obtained the achievement and more.
Hint
For instance, a Computer Science degree by the M.I.T. could be a badge.
Note
It is also referred to as BadgeClass, but we call them Badges for short.
Assertion¶
Data model to issue a badge to a given recipient. Includes the badge issued, the recipient who receives the badge and data about the issuance, like data to verify if the assertion is valid or not.
Hint
For instance, a Computer Science degree by the M.I.T. issued to Silvio Micali could be an assertion.
Note
In previous versions it was called a Badge but this lead to overloaded meaning of the badge word. Please avoid using Badge to refer to a badge issued to a recipient and refer to it as an Assertion. The badge is just an achievement without any recipient.
Validation¶
In order to ensure that the certificates following this data model can be verified (to avoid fake certificates with impersonation), Open Badges provides two kinds of validations:
Hosted¶
The certificate is valid if is hosted on a trusted place.
Hint
For instance, a certificate issued by an issuer whose URL is https://mit.edu
is valid just if the certificate can be downloaded from an URL related to
the domain mit.edu
Signed¶
The certificate contains an RSA signature using JWS. Therefore you can know that if the certificate signature is valid, the certificate was signed and therefore issued by the specified RSA public key.
Attention
The standard does not care about the real world™ identity of the holder of the private key. Therefore you can know whether the certificate was issued by a public key, but not who in the real world™ is behind the control of the signatures made by the private key matching that public key.
Using a PKI could be a solution for that, but that’s not specified in the standard.