Verifiable Credential formats: JSON-LD, JWTs and mDocs

As decentralized identity is being developed and used in more applications around the world, technologies like JSON-LD, JSON Web Tokens (JWTs), and mobile documents (mDocs) are becoming more commonly used. Understanding their differences, individual purposes, how they integrate is essential for developing robust identity verification services. This article explores each technology, their interplay, and their integration with the Vidos Verifier, which supports all three.

JSON-LD

JSON-LD (JavaScript Object Notation for Linked Data) is a method of encoding linked data using JSON. It provides a way to express structured data with context, making it both machine-readable and human-friendly. In decentralized identity systems, JSON-LD is often used to represent data structures like Verifiable Credentials (VCs). By embedding context within the data, JSON-LD enables interoperability across different systems, allowing for unambiguous interpretation of information. This structured approach facilitates seamless data exchange and integration, which is crucial for the scalability of decentralized identity solutions.

JWTs

JSON Web Tokens (JWTs) are a compact, URL-safe means of representing claims to be transferred between two parties. A JWT consists of three parts: a header, a payload, and a signature. The header specifies the signing algorithm and token type, the payload contains the claims, and the signature verifies the token's integrity. In decentralized identity, JWTs are used to securely transmit information about an entity, such as authentication tokens or identity claims.  The widespread adoption of JWTs in existing identity frameworks, like OAuth 2.0 and OpenID Connect, makes them a familiar choice for developers implementing decentralized identity solutions.

mDocs

Mobile documents (mDocs) refer to digital identity documents designed to be stored on a holder’s mobile device. Standardized under ISO/IEC 18013-5, mDocs are particularly suited for high-assurance identity credentials such as mobile driver's licenses (mDLs). They provide strong authentication and identification, supporting both in-person and remote verification workflows. For instance, in a remote verification scenario, a user can present their mDL stored as an mDoc through a secure online process, allowing verifiers to authenticate the credential without physical interaction. This flexibility enhances user convenience while maintaining security. The use of mDocs is expanding as mobile devices become central to personal identity management.

Interplay of JSON-LD, JWTs, and mDocs

These technologies often work together to create comprehensive decentralized identity solutions. For example, a Verifiable Credential can be structured using JSON-LD to provide context, signed as a JWT to ensure integrity, and stored as an mDoc on a mobile device for portability. This combination leverages the strengths of each technology: JSON-LD's rich data representation, JWT's compact and secure claim transmission, and mDocs' user-friendly mobile storage. By integrating these technologies, systems can offer secure, interoperable, and user-centric identity solutions. However, implementing such integrations requires careful consideration of each technology's specifications and potential interoperability challenges.

Vidos Verifier: Supporting Multiple Credential Formats

The Vidos Verifier is a service designed to verify various credential formats, including those based on JSON-LD, JWTs, and mDocs. It processes each format as follows:

• JSON-LD Credentials: The verifier interprets the embedded context to accurately understand and verify the data's structure and format. This involves parsing the JSON-LD structure and ensuring that the data aligns with the expected schemas and standards.
• JWT-Based Credentials: It decodes the token, verifies the signature to confirm the issuer's identity, and checks the claims for validity. This process includes validating the token's integrity and ensuring that the claims meet the required standards and policies which is also performed by the Vidos Validator.
• mDocs: The verifier handles mDocs by adhering to the ISO/IEC 18013-5 standard, ensuring that the digital document meets the necessary security and data integrity requirements. This includes verifying the authenticity of the mDoc and its compliance with the defined protocols.

By supporting multiple credential formats, the Vidos Verifier embraces interoperability in the identity verification processes. This multi-format support is essential in diverse ecosystems where different entities may adopt credential standards that vary across regions, use cases, and regulations. However, managing this diversity isn’t always straight forward.

Challenges and Considerations

While integrating multiple credential formats offers flexibility, it also presents challenges. Ensuring interoperability between different data structures and signature mechanisms requires meticulous implementation. Developers must account for variations in standards and potential conflicts in data interpretation. Additionally, maintaining security across diverse formats necessitates rigorous testing and validation processes. Even after all of that the standards and regulations can change overnight. It's essential to stay updated with evolving standards and best practices to address these challenges effectively. Organizations should consider the cost of implementation and maintenance required to ensure that the verification process remains correct.

Future Development

As decentralized identity technologies evolve, the development and usage of standards like JSON-LD, JWTs, and mDocs is likely to continue. By accommodating multiple standards, services like the Vidos Verifier will be instrumental in promoting a more secure and interoperable digital identity future.