Verifiable Credentials
What Are Verifiable Credentials?
Section titled “What Are Verifiable Credentials?”Verifiable credentials are digital equivalents of physical credentials that we use in our daily lives. Just as you might use a driver’s license to prove your ability to operate a vehicle or a university diploma to demonstrate your educational qualifications, verifiable credentials provide a standardized way to express these claims digitally.
The key difference is that verifiable credentials are:
- Cryptographically secure: They can be verified mathematically
- Machine-verifiable: Systems can automatically process and validate them
- Privacy-respecting: They enable selective disclosure and minimize correlation risks
- Tamper-evident: Any modifications are detectable
A verifiable credential combines claims (statements about a subject), proof (cryptographic assurance from an issuer), and metadata (information about the credential itself) into a cohesive digital document that can be verified independently.
The Verifiable Credentials Ecosystem
Section titled “The Verifiable Credentials Ecosystem”The verifiable credentials ecosystem consists of three primary roles:
- Issuers: Organizations or individuals that create and sign credentials (for example, governments, universities, employers)
- Holders: Entities that receive and store credentials (typically individuals)
- Verifiers: Parties that request and check credentials (for example, service providers, employers, websites)
This three-party model creates a flexible trust framework where:
- Issuers generate credentials containing claims about subjects
- Holders store and manage their credentials
- Verifiers request presentations of credentials and validate them
The beauty of this system is that verifiers can trust claims without directly connecting to the original issuer. The cryptographic proofs attached to the credential provide the necessary trust, creating a “triangle of trust” between all participants.
Core Components
Section titled “Core Components”A verifiable credential consists of several essential components:
Claims
Section titled “Claims”Claims are statements about a subject, such as:
- “Alex has a bachelor’s degree in Computer Science.”
- “Taylor is over 21 years old.”
- “Casey is licensed to drive vehicles of type B.”
Claims are the fundamental building blocks of credentials, expressing attributes, qualifications, or characteristics of the subject.
Credential Metadata
Section titled “Credential Metadata”Metadata provides information about the credential itself, including:
- Identifier
- Issuance and expiration dates
- The issuer’s identifier
- The credential type
- Revocation information
This metadata helps verifiers determine if a credential is valid, current, and appropriate for their verification needs.
Cryptographic Proofs
Section titled “Cryptographic Proofs”Proofs provide cryptographic assurance about:
- Who issued the credential (authentication)
- That the credential hasn’t been tampered with (integrity)
- That the credential hasn’t been revoked (status)
These proofs allow verification without contacting the issuer, enabling offline verification and enhancing privacy.
Verifiable Presentations
Section titled “Verifiable Presentations”A verifiable presentation is a derived object that packages verifiable credentials for presentation to a verifier. Presentations allow holders to:
- Combine multiple credentials from different issuers
- Selectively disclose only specific claims
- Prove ownership of the credentials without revealing unnecessary information
- Add proof of authentication to the verifier
Presentations add a layer of flexibility and privacy, letting holders control exactly what information they share with verifiers.
Key Properties and Benefits
Section titled “Key Properties and Benefits”Verifiable credentials offer several important benefits:
Cryptographic Verification
Section titled “Cryptographic Verification”Unlike paper credentials that might require manual verification or contacting the issuer, verifiable credentials contain cryptographic proofs that can be mathematically verified. This makes validation faster, more reliable, and often possible without contacting the original issuer.
Privacy Enhancement
Section titled “Privacy Enhancement”The verifiable credentials model supports advanced privacy features such as:
- Selective disclosure: Revealing only specific claims from a credential
- Zero-knowledge proofs: Proving a claim is true without revealing the underlying data
- Unlinkability: Preventing correlation across different presentations
Portability and User Control
Section titled “Portability and User Control”Holders store their credentials in digital wallets under their control. This gives users ownership over their data and the ability to use credentials across different contexts and platforms.
Machine Readability
Section titled “Machine Readability”The standardized data format makes credentials machine-readable, enabling automated verification processes and integration with different systems.
Securing Mechanisms
Section titled “Securing Mechanisms”W3C standards support multiple approaches for securing verifiable credentials:
Data Integrity Proofs
Section titled “Data Integrity Proofs”The Data Integrity approach embeds proofs directly within the credential, using cryptographic suites for different security needs:
- EdDSA: For simple digital signatures
- BBS+: For advanced selective disclosure capabilities
JSON Web Tokens
Section titled “JSON Web Tokens”Credentials can also be secured using JWTs (JSON Web Tokens) with:
- JWS (JSON Web Signatures): For signing credentials
- JWE (JSON Web Encryption): For encrypting sensitive credential data
Related Components
Section titled “Related Components”Verifiable credentials work with several complementary technologies and concepts:
Schemas define the structure and constraints for specific credential types, ensuring consistency and interoperability.
Status mechanisms allow issuers to revoke or suspend credentials without modifying the original credential.
Issuers are entities that create and sign credentials, establishing the foundation of trust in the ecosystem.
Various cryptographic approaches can be used to secure credentials and provide different privacy features.
The subject is the entity that a credential makes claims about, typically identified by a DID.
Credentials can have defined validity periods, establishing when they are considered valid.
Presentations allow holders to share proofs derived from their credentials in privacy-preserving ways.
Learning More
Section titled “Learning More”The W3C has published several specifications that define the verifiable credentials ecosystem:
- Verifiable Credentials Data Model: The core data model and concepts
- Verifiable Credentials Data Integrity: How to cryptographically secure credentials
- Verifiable Credentials Implementation Guidelines: Best practices for implementation
These specifications provide a comprehensive framework for implementing interoperable verifiable credentials systems.