Issuers
An issuer creates and signs credentials containing claims about subjects. Like governments issuing driver’s licenses or universities issuing degrees, digital issuers assert verified information through verifiable credentials. The issuer’s digital signature verifies authenticity and integrity.
The role of issuers in the verifiable credentials ecosystem
Section titled “The role of issuers in the verifiable credentials ecosystem”The Verifiable Credentials ecosystem has three roles:
- Issuers - Create and sign credentials
- Holders - Store and present credentials
- Verifiers - Request and validate credentials
Issuer Functions
Section titled “Issuer Functions”Issuers assert claims, create credentials, digitally sign them for tamper-evidence, transmit them to holders, and optionally maintain status for revocation or suspension.
Examples include government agencies, educational institutions, employers, healthcare providers, and certification bodies.
The issuer property in the verifiable credentials data model
Section titled “The issuer property in the verifiable credentials data model”The issuer property is mandatory in every verifiable credential. It identifies the entity asserting the claims and can be a URI string or an object with an id property. This creates a chain of trust that can be verified cryptographically.
Issuer representation
Section titled “Issuer representation”Simple URI
Section titled “Simple URI”The issuer can be a URI string:
{ "@context": ["https://www.w3.org/ns/credentials/v2", "https://www.w3.org/ns/credentials/examples/v2"], "id": "http://university.example/credentials/3732", "type": ["VerifiableCredential", "AlumniCredential"], "issuer": "https://university.example/issuers/565049", "validFrom": "2010-01-01T00:00:00Z", "credentialSubject": { "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "alumniOf": "Example University" }}In this example, the issuer is identified by the URI https://university.example/issuers/565049.
Object with Properties
Section titled “Object with Properties”For additional context, the issuer can be an object with an id and descriptive properties:
{ "@context": ["https://www.w3.org/ns/credentials/v2", "https://www.w3.org/ns/credentials/examples/v2"], "id": "http://university.example/credentials/3732", "type": ["VerifiableCredential", "AlumniCredential"], "issuer": { "id": "https://university.example/issuers/565049", "name": "Example University", "description": "A public university focusing on teaching examples." }, "validFrom": "2010-01-01T00:00:00Z", "credentialSubject": { "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "alumniOf": "Example University" }}Security and Trust
Section titled “Security and Trust”Trust in credentials comes from issuer reputation and cryptographic verification. Issuers sign credentials with private keys; verifiers use issuer public keys to verify authenticity.
Issuers often maintain credential status through revocation mechanisms and status services, allowing verifiers to check validity.
Privacy Considerations
Section titled “Privacy Considerations”Issuers should follow data minimization by including only necessary claims and using abstract claims when possible (e.g., “over 21” instead of exact birth date).
Correlation risks exist through unique identifiers, batch identifiers, or issuance dates. Privacy-enhancing cryptography like zero-knowledge proofs can mitigate these risks.