Verifiable Credentials

Introduction

W3C published a Verifiable Credentials Data Model v1.1 in March 2022. It is a significant milestone for decentralized digital identities. I have provided a link for getting additional information. We hope to cover more details in subsequent articles on the topic.

The Context

Most of us use physical identities issued by some central or government agencies. However, verifying our identities in the digital world with the same process is time-consuming, error-prone, and costly. Agencies developed physical identities for manual verification; if we directly convert physical identities into a digital form like a scan, photograph, or picture, that will not help computer systems process them efficiently and will have weaknesses and security vulnerabilities.

Credentials are the attributes of interest to 3rd party for verifying your identity or establishing eligibility for a service. In the digital world, credentials must be presented so the verifier can verify without going to the issuer of the credential. Verifiable credentials are a promising tool in this transformation journey.

A verifiable credential (VC) is a set of tamper-evident claims and metadata that cryptographically proves who issued it. Some examples are employee ID cards, digital birth certificates, and digital educational certificates.

A verifiable credential can represent the same information that a physical certificate represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and trustworthy than their physical counterparts.

The Ecosystem…

A holder is an entity that holds verifiable credentials and presents credentials.

An issuer is an entity that asserts claims about one or more subjects and creates verifiable credentials.

A subject is an entity about which claims are made.

A verifier is an entity that generally receives verifiable credentials from the holder to verify claims about the subject.

A verifiable data registry mediates the creation and verification of identifiers, keys, and other relevant data, such as verifiable credential schemas, revocation registries, issuer public keys, and so on, which might be required to use verifiable credentials. Please note that it is not mandated that registries be a blockchain.

Anatomy of Verifiable Credentials

A credential is a set of one or more claims made by the same entity. Credentials might also include an identifier and metadata to describe properties of the credential, such as the issuer, the expiry date and time, a representative image, a public key to use for verification purposes, the revocation mechanism, and so on. The metadata might be signed by the issuer.

Specifications for verifiable credentials can be visualized as graphs. A VC presentation is usually composed of at least four information graphs. The first of these information graphs, the Presentation Graph, expresses the verifiable presentation, which contains presentation metadata. The verifiable credential property in the Presentation Graph refers to one or more verifiable credentials, each being one of the second information graphs, i.e., a self-contained Credential Graph containing credential metadata and claims. The third information graph, the Credential Proof Graph, expresses the credential graph proof, which is usually a digital signature. The fourth information graph, the Presentation Proof Graph, describes the presentation graph proof, which is generally a digital signature.

You can look at a concrete example https://www.w3.org/TR/vc-data-model/#concrete-lifecycle-example for a VC here. Here you can see the VC uses JSON format for serializing the information and additionally uses JSON-LD (Linked Data), an extension of JSON format, to represent the linked data. I hope this gives some idea of a verifiable credential and why it makes so much noise. Before we wrap up, let me highlight the key benefits of a VC.

• Verifiable Credentials are private.

• They are tamper-proof using cryptography.

• Verifiable Credentials can be verified anywhere, at any time.

• Portable. Verifiable Credentials are yours to store in your wallet and share with whomever you want.

Many topics are closely related to VC: DID, SSI, and OpenID connect. We hope to touch upon them soon.