Verifiable Credentials and Related Standards
The development of verifiable credentials is an ongoing process, with specifications currently in an advanced draft stage, though not yet finalized. Staying informed about these evolving standards is crucial as they are instrumental in shaping the future of digital identity verification.
Two principal organizations are at the forefront of crafting the specifications for verifiable credentials and related standards:
-
World Wide Web Consortium (W3C): This esteemed international standards organization plays a pivotal role in developing protocols and guidelines to ensure the long-term growth of the World Wide Web. W3C's involvement ensures that the specifications for verifiable credentials align with broader web standards, promoting compatibility and interoperability.
-
OpenID Foundation: Renowned for its commitment to creating secure and interoperable identity standards, the OpenID Foundation's contributions are vital in ensuring that verifiable credentials are robust, secure, and user-centric. Their work emphasizes the importance of identity verification in the digital age, making them a key player in the specification process.
Engaging with these organizations' work and staying abreast of their progress is essential for anyone involved in digital identity, as the standards they are developing will significantly influence the landscape of online verification and authentication.
W3C for Verifiable Credentials
| Standard | Status | Description |
|---|---|---|
| Verifiable Credentials Data Model v1.1 | Standard | Provides a mechanism of expressing verifiable credentials in a way that is cryptographically secure, privacy respecting, and machine verifiable. Includes also the standard for Verifiable Presentations. |
| Verifiable Credentials Data Model v2.0 | Candidate | Provides a mechanism of expressing verifiable credentials in a way that is cryptographically secure, privacy respecting, and machine verifiable. Includes also the standard for Verifiable Presentations. |
| Verifiable Credential Data Integrity v.1.0 | Candidate | Describes mechanisms for ensuring the authenticity and integrity of Verifiable Credentials and similar types of constrained digital documents using cryptography, especially through the use of digital signatures and related mathematical proofs. |
| Securing Verifiable Credentials using JOSE and COSE | Draft | Defines how to secure credentials and presentations conforming to the Verifiable Credential data model (v.2.0) with JSON Object Signing and Encryption (JOSE), Selective Disclosure for JWTs (SD-JWT), and CBOR Object Signing and Encryption (COSE). |
| Decentralized Identifiers (DIDs) v.1.0 | Standard | Provides a new type of identifier that enables verifiable, decentralized digital identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID. |
| Verifiable Credentials Implementation Guidelines v1.0 | Note | Provides examples and resources for implementing verifiable credentials related protocols. |
OpenID for Verifiable Credentials
| Standard | Status | Description |
|---|---|---|
| OpenID for Verifiable Credential Issuance | Draft | Defines an API and corresponding OAuth-based authorization mechanisms for issuance of Verifiable Credentials. |
| OpenID for Verifiable Presentations | Draft | Defines a mechanism on top of OAuth 2.0 enabling presentation of Verifiable Credentials as Verifiable Presentations. Verifiable Credentials and Verifiable Presentations can be of any format, including, but not limited to W3C Verifiable Credentials Data Model, ISO mdoc/mDL, and AnonCreds |
Other
| Standard | Status | Description |
|---|---|---|
| ISO mdoc/mDL | Standard | Standard for Mobile driving license (mDL) application. Establishes interface specification for the implementation of a driving licence in association with a mobile device. |
| HyperLedger AnonCreds | Standard | Anonymous Credentials - a ledger agnostic and with a formal open specification. AnonCreds as a VC format adds privacy-protecting zero-knowledge proof capabilities to the core VC assurances. |