Verifiable Credentials

What Are Verifiable Credentials?

Verifiable credentials are digital equivalents of physical credentials that we use in our daily lives. Just as you might use a driver's license to prove your ability to operate a vehicle or a university diploma to demonstrate your educational qualifications, verifiable credentials provide a standardized way to express these claims digitally.

The key difference is that verifiable credentials are:

Cryptographically secure: They can be verified mathematically
Machine-verifiable: Systems can automatically process and validate them
Privacy-respecting: They enable selective disclosure and minimize correlation risks
Tamper-evident: Any modifications are detectable

A verifiable credential combines claims (statements about a subject), proof (cryptographic assurance from an issuer), and metadata (information about the credential itself) into a cohesive digital document that can be verified independently.

The Verifiable Credentials Ecosystem

The verifiable credentials ecosystem consists of three primary roles:

Issuers: Organizations or individuals that create and sign credentials (for example, governments, universities, employers)
Holders: Entities that receive and store credentials (typically individuals)
Verifiers: Parties that request and check credentials (for example, service providers, employers, websites)

This three-party model creates a flexible trust framework where:

Issuers generate credentials containing claims about subjects
Holders store and manage their credentials
Verifiers request presentations of credentials and validate them

The beauty of this system is that verifiers can trust claims without directly connecting to the original issuer. The cryptographic proofs attached to the credential provide the necessary trust, creating a "triangle of trust" between all participants.

Core Components

A verifiable credential consists of several essential components:

Claims

Claims are statements about a subject, such as:

"Alex has a bachelor's degree in Computer Science."
"Taylor is over 21 years old."
"Casey is licensed to drive vehicles of type B."

Claims are the fundamental building blocks of credentials, expressing attributes, qualifications, or characteristics of the subject.

Credential Metadata

Metadata provides information about the credential itself, including:

Identifier
Issuance and expiration dates
The issuer's identifier
The credential type
Revocation information

This metadata helps verifiers determine if a credential is valid, current, and appropriate for their verification needs.

Cryptographic Proofs

Proofs provide cryptographic assurance about:

Who issued the credential (authentication)
That the credential hasn't been tampered with (integrity)
That the credential hasn't been revoked (status)

These proofs allow verification without contacting the issuer, enabling offline verification and enhancing privacy.

Verifiable Presentations

A verifiable presentation is a derived object that packages verifiable credentials for presentation to a verifier. Presentations allow holders to:

Combine multiple credentials from different issuers
Selectively disclose only specific claims
Prove ownership of the credentials without revealing unnecessary information
Add proof of authentication to the verifier

Presentations add a layer of flexibility and privacy, letting holders control exactly what information they share with verifiers.

Key Properties and Benefits

Verifiable credentials offer several important benefits:

Cryptographic Verification

Unlike paper credentials that might require manual verification or contacting the issuer, verifiable credentials contain cryptographic proofs that can be mathematically verified. This makes validation faster, more reliable, and often possible without contacting the original issuer.

Privacy Enhancement

The verifiable credentials model supports advanced privacy features such as:

Selective disclosure: Revealing only specific claims from a credential
Zero-knowledge proofs: Proving a claim is true without revealing the underlying data
Unlinkability: Preventing correlation across different presentations

Portability and User Control

Holders store their credentials in digital wallets under their control. This gives users ownership over their data and the ability to use credentials across different contexts and platforms.

Machine Readability

The standardized data format makes credentials machine-readable, enabling automated verification processes and integration with different systems.

Securing Mechanisms

W3C standards support multiple approaches for securing verifiable credentials:

Data Integrity Proofs

The Data Integrity approach embeds proofs directly within the credential, using cryptographic suites for different security needs:

EdDSA: For simple digital signatures
BBS+: For advanced selective disclosure capabilities

JSON Web Tokens

Credentials can also be secured using JWTs (JSON Web Tokens) with:

JWS (JSON Web Signatures): For signing credentials
JWE (JSON Web Encryption): For encrypting sensitive credential data

Verifiable credentials work with several complementary technologies and concepts:

Learning More

The W3C has published several specifications that define the verifiable credentials ecosystem:

Verifiable Credentials Data Model: The core data model and concepts
Verifiable Credentials Data Integrity: How to cryptographically secure credentials
Verifiable Credentials Implementation Guidelines: Best practices for implementation

These specifications provide a comprehensive framework for implementing interoperable verifiable credentials systems.

IAM

Resolver

Presentation Exchange

Decentralized Identifiers