Building My Personal SSI Ecosystem Part 1: Introduction

A few months ago, I found myself in a situation that many developers working with emerging standards encounter: I had carefully implemented a verifiable credential issuer following the OpenID for Verifiable Credential Issuance (OIDC4VCI) 1.0 specification, but when I tried to test it with existing wallet applications, nothing worked. The wallets either failed silently, threw cryptic errors, or simply didn't support the latest standards I had implemented.

That frustrating experience sparked an idea: what if I built my own complete self-sovereign identity ecosystem from scratch? Not just the issuer, but also a lightweight mobile wallet that could properly demonstrate how these standards should work together.

Why Build Yet Another SSI System?

The self-sovereign identity space is experiencing significant growth, with the global SSI market expected to expand dramatically over the next decade. Standards like OIDC4VCI and OpenID for Verifiable Presentations (OIDC4VP) have matured and reached their 1.0 versions. The European Union is rolling out EUDI wallets, Bhutan has launched national SSI infrastructure, and organizations worldwide are exploring how to give users true control over their digital identities.

But here's the problem: interoperability remains challenging. Recent testing by the OpenID Foundation showed that only 87% of issuer-wallet combinations successfully worked together, with various implementations supporting different combinations of credential formats, authentication methods, and protocol flows. For developers trying to learn these standards or organizations attempting to implement them, this fragmentation creates real barriers.

I wanted to create something practical—a working reference implementation that others could learn from, test against, and actually use. Not a complex enterprise system with dozens of features, but a focused, well-documented ecosystem that demonstrates the core concepts clearly.

What I Built

My personal SSI ecosystem consists of two main components that work together seamlessly:

The Fortune Cookie Issuer is a credential issuer backend that generates verifiable credentials containing random fortune cookie messages. It's intentionally playful—instead of boring test credentials, visitors to my website can receive a unique fortune in the form of a cryptographically signed, verifiable credential. The issuer supports multiple credential formats (JWT, JSON-LD, and SD-JWT), implements both pre-authorized code and authorization code flows, and uses did:web for its decentralized identifier.

The Light Wallet (or Test Flight) is a mobile application built with React Native and Expo that can receive, store, and present these verifiable credentials. It implements OIDC4VCI 1.0 for credential issuance and OIDC4VP 1.0 for credential presentation, uses did:key for wallet identifiers, and features a minimalist interface that prioritizes simplicity and security. The app stores cryptographic keys securely using platform-specific keystores and requires no account creation or central server dependency.

What Makes This Different?

This isn't just another demo project. Every design decision was made to balance three priorities: standards compliance, developer education, and real-world usability. The issuer is live and publicly accessible, so anyone can test their own wallet implementations against it. The mobile wallet is functional enough that I submitted it to the App Store, complete with all the production considerations that entails.

More importantly, I'm documenting the entire process transparently—including the challenges, the design trade-offs, and the lessons learned from testing against real-world specifications. Self-sovereign identity holds enormous promise for giving individuals control over their digital identities while improving privacy and security, but that promise only becomes reality when implementations actually work together and developers can understand how to build them properly.

What's Coming Next

Over this blog series, I'll walk through how I built both components from the ground up. We'll explore the technical architecture decisions, the implementation details, the testing process, and the deployment considerations. Each post will include practical code examples, architectural diagrams, and real insights from building a production-ready SSI system.

In Part 2, we'll dive into building the fortune cookie issuer backend—how it implements the OIDC4VCI 1.0 specification, generates credential offers, and handles the different authentication flows. Part 3 will cover the Light Wallet mobile application and its approach to secure credential management. Later posts will explore testing, interoperability challenges, and deployment to production environments.

Whether you're an SSI enthusiast, a developer exploring verifiable credentials, or just curious about how modern digital identity systems work, I hope this series provides both inspiration and practical knowledge. Let's build something that actually works together.