W3C Verifiable Credentials
W3C Verifiable Credentials [1] (VCs) are a standardized way to represent claims about a subject in a secure, privacy-preserving manner. They enable individuals and organisations to present their credentials in a manner that is tamper-evident, cryptographically secure, and verifiable.
Key Features of W3C Verifiable Credentials
- Interoperability: VCs are based on open standards, ensuring they can be used across different systems and platforms.
- Security: Credentials are digitally signed by issuers, making them tamper-evident and ensuring their authenticity.
- Privacy: Holders can selectively disclose information from their credentials, protecting their privacy while proving the required claims.
- Decentralization: VCs support decentralized identifiers (DIDs), reducing reliance on centralized authorities and enhancing user control.
Components of a Verifiable Credential
- Issuer: The entity that creates and signs the credential.
- Holder: The entity that possesses the credential and can present it to verifiers.
- Verifier: The entity that checks the validity of the credential.
Core Concepts
Verifiable Credentials (VC)
A Verifiable Credential contains a set of claims made by an issuer about a subject, such as a person or enterprise. These claims are expressed in a tamper-evident and privacy-respecting manner, allowing them to be verified digitally.
Components of a Verifiable Credential
- Context (
@context): Specifies the semantic context for the data. - Type (
type): Identifies the type of credential. - Credential Subject (
credentialSubject): Contains the claims about the subject. - Issuer (
issuer): Identifies who issued the credential. - Issuance Date (
validFrom): When the credential was issued. - Expiration Date (
validUntil): (Optional) When the credential expires. - Proof (
proof): Cryptographic proof to ensure the credential's integrity.
Example
Example of a LPID W3C credential protected by a LD-Proof using a EcdsaSecp256r1Signature2019 signature.
{
"@context": ["https://www.w3.org/ns/credentials/v2", "https://oid.spherity.com/contexts/oid/v1.jsonld"],
"type": ["VerifiableCredential", "LegalEntityCertificate"],
"credentialSubject": {
"id": "did:key:zDnaeyXvqvYVJhVBe2ysSQ2Z4LwW8L8ZWrkqzsczLTf8PjDGA",
"type": "LegalPersonId",
"euid": "HUOCCSZ12345678",
"companyName": "Flower Power AG"
},
"issuer": "did:key:zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP",
"validFrom": "2023-08-24T13:06:21Z",
"proof": {
"@context": "https://www.w3.org/ns/credentials/v2",
"type": "EcdsaSecp256r1Signature2019",
"created": "2023-08-24T13:06:21Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:key:zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP#zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP",
"proofValue": "8upuIPtJVkTkunL9/tKH/cgnVZweG1f8mdMaAdu7KG3zWqfQhKuHuwnjmUttBhdzDhfdVB1qSh/2pcXWgYdQ/w=="
}
}
Verifiable Presentations (VP)
A Verifiable Presentation is a collection of one or more Verifiable Credentials, optionally combined with additional information, which is shared by the holder to a verifier. The presentation is cryptographically verifiable to ensure its authenticity and integrity.
Components of a Verifiable Presentation
- Context (
@context): Defines the semantic context for the presentation. - Type (
type): Identifies the type of presentation. - Verifiable Credential (
verifiableCredential): Contains one or more verifiable credentials. - Holder (
holder): Identifies the entity presenting the credentials. - Proof (
proof): Cryptographic proof to ensure the presentation's integrity.
Example
Example Presentation
{
"@context": ["https://www.w3.org/ns/credentials/v2", "https://oid.spherity.com/contexts/oid/v1.jsonld"],
"type": ["VerifiablePresentation"],
"verifiableCredential": [
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://oid.spherity.com/contexts/oid/v1.jsonld"
],
"type": ["VerifiableCredential", "LegalEntityCertificate"],
"credentialSubject": {
"id": "did:key:zDnaeyXvqvYVJhVBe2ysSQ2Z4LwW8L8ZWrkqzsczLTf8PjDGA",
"type": "LegalPersonId",
"euid": "HUOCCSZ12345678",
"companyName": "Flower Power AG"
},
"issuer": "did:key:zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP",
"validFrom": "2023-08-24T13:06:21Z",
"proof": {
"@context": "https://www.w3.org/ns/credentials/v2",
"type": "EcdsaSecp256r1Signature2019",
"created": "2023-08-24T13:06:21Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:key:zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP#zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP",
"proofValue": "8upuIPtJVkTkunL9/tKH/cgnVZweG1f8mdMaAdu7KG3zWqfQhKuHuwnjmUttBhdzDhfdVB1qSh/2pcXWgYdQ/w=="
}
}
],
"holder": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"proof": {
"@context": "https://www.w3.org/ns/credentials/v2",
"type": "EcdsaSecp256r1Signature2019",
"created": "2023-08-24T13:06:21Z",
"proofPurpose": "authentication",
"verificationMethod": "did:key:zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP#zDnaepBuvsQ8cpsWrVKw8fbpGpvPeNSjVPTWoq6cRqaYzBKVP",
"proofValue": "8upuIPtJVkTkunL9/tKH/cgnVZweG1f8mdMaAdu7KG3zWqfQhKuHuwnjmUttBhdzDhfdVB1qSh/2pcXWgYdQ/w=="
}
}
Using Verifiable Credentials in OID application:
In our Enterprise Wallet, we leverage W3C Verifiable Credentials to manage and present credentials securely including selective disclosure. We use the following libraries from digitalbazar for creating, verifying, and managing credentials:
- @digitalbazaar/data-integrity - Verify json-ld data integrity (using jsonld-signatures)
- @digitalbazaar/did-method-key - Library for creating and resolving DID documents using the
keymethod. - @digitalbazaar/ecdsa-multikey - Library for creating ECDSA multikeys and verifying signatures created from those
- @digitalbazaar/ecdsa-sd-2023-cryptosuite
- Create Verifiable Credentials: Easily define and issue credentials with cryptographic proofs.
- Verify Credentials: Check the authenticity and integrity of received credentials.
- Create Verifiable Presentations: Combine multiple credentials into a single presentation for sharing.
- Selective Disclosure: Allow holders to share only the necessary information from their credentials.
References
- World Wide Web Consortium (W3C) (2024), Verifiable Credentials Data Model v2.0, Available at: https://www.w3.org/TR/vc-data-model-2.0/ (Accessed at: July 9, 2024).