Verifiable Credentials

10 minute read

Verifiable credentials (VCs) are the electronic equivalent of the physical credentials that we all possess today, such as: plastic cards, passports, driving licences, qualifications and awards, etc. The data model for verifiable credentials is a World Wide Web Consortium Recommendation, “Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web” published 19 November 2019. - Wikipedia

101

IIW26 Primer On DIDs and VCs

A new type of globally resolvable, cryptographically-verifiable identifier, registered directly on a distributed ledger (aka Blockchain)

  • A Gentle Introduction to Verifiable Credentials

    But while digital records are nothing new, today’s credentials come with certain ‘cryptographic superpowers’ that make them tamperproof, secure, and verifiable. Whereas a simple digital copy of a car title can easily be edited, a verifiable digital credential is one that has been issued by a trusted authority for, and only for, its holder.

  • A Verifiable Credentials Primer

    NOTE: “Verifiable Claims” are now known as “Verifiable Credentials”. The W3C Verifiable Claims Working Group’s experience with using the term “Verifiable Claims” demonstrated that it led to confusion in the marketplace. The group has since found consensus in shifting to use the term “Verifiable Credentials”, which contain “Claims”.

  • Verifiable Credentials 101 for SSI - Tyler Ruff - Webinar 11

    Tyler Ruff, product manager at Evernym, will be our next guest to walk us through Verifiable Credentials in the context of Self-Sovereign Identity. He will cover how they are created, issued and shared, as well as cover some common technical questions.

  • Verifiable Credentials—A Quick Overview (VonX)

    The following is a brief overview of the technology underlying SafeEntryBC—Verifiable Credentials. In reading this, think of the process you went through to get an official government document, like a drivers license.

  • Verifiable Credentials: What They Are, Why They Matter (Hackernoon)

    From permanent resident cards to anonymous payments to automatic notarization, verifiable credentials and DIDs are a technology whose time has arrived. Use cases are currently being piloted; many will surface in coming months and years. Security on the internet as we know it may be broken, but it is not beyond saving. A touch of the cryptographic wand, and we’ll be able to repair trust once more.

  • Understand Verifiable Cresidentials in 10 Minutes

    This article is a soft introduction into Verifiable Credentials and the potential use cases for organizations, businesses and government institutions and creating new levels of trust for individuals and the services/institutions they use.

Working Groups

Verifiable Claims Working Group

  • W3C Verifiable Claims Working Group
  • Verifiable Credentials Data Model 1.0

    Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.

  • Verifiable Credentials Implementation Guidelines 1.0

    This guide provides some examples and resources for implementing protocols which make use of verifiable credentials, beyond those available in the core specification.

  • W3C Verifiable Claims Working Group Test Suite
  • Verifiable Credentials Use Cases

    This document does NOT attempt to define an architecture for the support of Verifiable Claims. Instead it expresses the sorts of needs that real users have that could be addressed through support for some sort of self-sovereign claim environment. It attempts to use terminology that is consistent with the other deliverables of the Verifiable Claims Working Group (you can see the relevant terms in Appendix A).

Credentials Community Group

  • Credentials Community GroupWebsiteMail archive

    The mission of the Credentials Community Group is to explore the creation, storage, presentation, verification, and user control of credentials. We focus on a verifiable credential (a set of claims) created by an issuer about a subject—a person, group, or thing—and seek solutions inclusive of approaches such as: self-sovereign identity; presentation of proofs by the bearer; data minimization; and centralized, federated, and decentralized registry and identity systems. Our tasks include drafting and incubating Internet specifications for further standardization and prototyping and testing reference implementations.

  • w3c-ccg/vc-extension-registry REGISTRY: The Verifiable Credentials Extension Registry - w3c-ccg/vc-extension-registry
  • w3c-ccg/edu_occ_verifiable_credentials WORK ITEM: Drafts and Ideas of Educational and Occupational Verifiable Credentials - w3c-ccg/edu_occ_verifiable_credentials
  • w3c-ccg/vc-examples WORK ITEM: Verifiable Credentials Examples.

Verifiable Credentials Extension Registry

3.1 Proof Methods

This table summarizes the Proof Method specifications currently in development. The table lists the method name, associated specification, authors, stability of the specification, and conformance test suite (if applicable).

3.2 Status Methods

Claims and Credentials Working Group

Claims and Credentials Working Group - Decentralized Identity Foundation

  • 2019 JSON-LD Signature Suite
  • presentation-exchange

    Specification that codifies an inter-related pair of data formats for defining proof presentations (Presentation Definition) and subsequent proof submissions (Presentation Submission)

  • presentation-request

    Requirements Analysis and Protocol Design for a VC Presentation Request Format

  • Credential Manifest
    • Explainer

      Creating trust between DIDs and gaining access to products, services, and systems with DIDs requires the acquisition, generation, and inspection of credentials (DID-signed data objects).

  • Specification - GitHub

    The VC_DATA_MODEL specifies the models used for Verifiable Credentials and Verifiable Presentations, and explains the relationships between three parties: issuer, holder, and verifier. A critical piece of infrastructure out of the scope of those specifications is the Credential Schema.

Interoperability

  • Verifiable Credentials Specification Relationships (ANN)

    diagrams and documentation on the relationship of verfiable credential specifications

    The current release contains some of the most core specifications and their related specs in a diagram. It does not yet address some of the items especially under DIF work groups for secure data storage, SIOP, Sidetree etc.

Distributed ID Learning Path by Christina Yasuda (based on above spec map)

Literature

  • Verifiable Credential Exchange

    Multi-source identity (MSI) depends on issuing, exchanging, and verifying digital credentials. The specification for verifiable credentials is being formulated by the World Wide Web Consortium’s Verifiable Credentials Working Group. Verifiable credentials provide a standard way to express credentials in a way that is cryptographically secure, privacy respecting, and automatically verifiable.

  • Full-text Search for Verifiable Credential Metadata on Distributed Ledgers

    The proposed solution is able to find credential types based on textual input from the user by using a full-text search engine and maintaining a local copy of the ledger. Thus, we do not need to rely on information about credentials coming from a very large candidate pool of third parties we would need to trust, such as the website of a company displaying its own identifier and a list of issued credentials. We have also proven the feasiblity of the concept by implementing and evaluating a prototype of the full-text credential metadata search service.

  • Enabling Decentralised Identifiers and Verifiable Credentials for Constrained IoT Devices using OAuth-based Delegation

    Abstract—Decentralised identifiers (DIDs) and verifiable credentials (VCs) are upcoming standards for self-sovereign privacypreserving identifiers and authorisation, respectively. This focus on privacy can help improve many services and open up new business models, but using DIDs and VCs directly on constrained IoT devices can be problematic due to the management and resource overhead. This paper presents an OAuth-based method to delegate the processing and access policy management to the Authorisation Server thus allowing also systems with constrained IoT devices to benefit from DIDs and VCs.

  • Distributed-Ledger-based Authentication with Decentralized Identifiers and Verifiable Credentials
     Authentication with username and password is becoming an inconvenient process for the user. End users typically have little control over their personal privacy, and data breaches effecting millions of users have already happened several times. We have implemented a proof of concept decentralized OpenID Connect Provider by marrying it with Self-Sovereign Identity, which gives users the freedom to choose from a very large pool of identity providers instead of just a select few corporations, thus enabling the democratization of the highly centralized digital identity landscape. Furthermore, we propose a verifiable credential powered decentralized Public Key Infrastructure using distributed ledger technologies, which creates a straightforward and verifiable way for retrieving digital certificates. 
    
  • Addition of Proof Request/Response to a formal Verifiable Credentials specification

    The W3C Verifiable Credentials (hereafter VC) specification does not currently outline how credential data should be requested by a Verifier. This document outlines the approach taken at Workday and proposes it as an addition or companion to the VC spec.

    At RWoT we wish to present our approach in order to get community feedback and consensus. Workday recently announced our credentialing platform and will shortly begin to issue credentials within our market verticals. We fully intend to support the community standards around credentialing and therefore wish to drive consensus in the community on a simple, standard approach for requesting and sharing VCs between a holder and verifier.

  • Verifiable Credentials (DID Credential Flows) : Technical Overview

    In the perspective of W3C specification, verifiable credential (VC) doesn’t rely on DID specification. (i.e, The “id” property used in VC shouldn’t be necessarily a DID.) However, in its real implementations, it might be expected that verifiable credentials will resolve DIDs with consistent decentralized manners and technologies. Then, in this post, we also assume that DID is used with verifiable credentials.

    In order to explain things plainly, I’ll include not only VC flows, but also other parts of flows, such as, DID flows or OpenID compliant flows.

FIDO

  • Integrating W3C Web Authentication (FIDO2) and Verifiable Credentials

    This is the presentation that I gave on 21 and 22 September 2020 to the UK NHS
    “INTEROPen Presents: Staff Access Hackathon” virtual workshop

  • W3C Verifiable Credentials - Kent Branchpdf

    The speaker will introduce the W3C Verifiable Credentials Data Model, which was published as a Proposed Recommendation in September 2019. Verifiable Credentials are the latest development in identity management and are fundamentally different from today’s federated identity management systems such as SAML and OpenID Connect.

    David will describe the VC ecosystem and data model. He will then describe the prototype implementation which was built with colleagues from the University of Toulouse. They built a prototype system, which uses Fast Identity Online (FIDO) for user authentication, meaning that usernames and passwords are no longer needed. A pilot application was tested with a small sample of NHS patients and the speaker will present the results of this trial.

  • Improved Identity Management with Verifiable Credentials and FIDO

    We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual model and architecture, and the protocol we used by extending FIDO’s UAF in order to provide both strong authentication and strong authorization. We built a pilot implementation for U.K. NHS patients to validate our implementation. Patients were able to use a mobile phone with a fingerprint reader to access restricted NHS sites in order to make and cancel appointments and order repeat prescription drugs. Our initial user trials with 10 U.K. NHS patients found the system to be easy to use, and fingerprints to be preferable to using usernames and passwords for authentication.

Comments by Staticman and Identosphere

Leave a Comment

Your email address will not be published. Required fields are marked *

Loading...