Verifiable Credentials (VCs)
Verifiable Credentials are machine-verifiable, tamper-evident data structures that contain authentic data that has been signed by one or more trusted parties in the network (called Issuers) and can be securely disclosed to an authenticated party (a Verifier). VCs are recognized by the W3C and other standards bodies as a recommended format for secure data sharing.
Credential Presentation & Issuance
Credentials are created, signed, and moved to a holder in a process called issuance. A holder can later present 1 or more credentials, much like stamps in a passport, to meet the definition of a credential request. The scopes for issuing and verifying credentials can can be flexibly configured depending on the use case.
VCs are privacy-preserving by default because credential presentation is not an all-or-nothing activity. VC-based identity is composable at the point of presentation—this ensures that a verifier only accesses formation according to the request definition without compromising the privacy of the person who holds it by revealing additional data.
Decentralized Identifiers (DIDs)
A DID is globally unique, cryptographically verifiable ID that connects to a DID document, containing information about the DID subject, such as public keys. DIDs are used to sign secure messages, credentials, and perform reciprocal authentication. Holders, verifiers, and issuers all possess DIDs. Some DIDs are blockchain based, some are not. For a deep dive on our supported DID Methods, jump to our docs.
Decentralized Identifier Communication (DIDComm)
DIDComm is a flexible messaging protocol built on top of DIDs that allows for composable messaging and mutual authentication while guaranteeing sender identity, message confidentiality, non-replayability, and non-reputability. By combining DIDs with VCs, we provide new vectors to fight fraud, phishing, and vulnerability without compromising flexibility and privacy.
Open ID Connect (OIDC)/ OIDC For VCs
OpenID Connect (OIDC) is an open authentication protocol built on top of OAuth 2.0. OIDC powers modern SSO, e.g. log in with Facebook/Google, which enables end users to access digital services without usernames and passwords. The OIDC protocol has been extended with a raft of new functionality to allow consumers to directly share information to verifiers without any involvement of the issuing party or intermediary. This set of enhancements is collectively called OIDC4VC, or OIDC for Verifiable Credentials.
Consumers have the right to access their financial data but must explicitly consent to how the data will be shared and used.
Data must remain secure at all parts of the ecosystem.
Infrastructure must consistently provide consumers access to all of their information in a fast and seamless manner.
All parties involved in data access should have transparency into consumer and ecosystem behavior.
Consumers should share the least amount of data needed to still power their use case with the apps and services they want to use.
Interested in the specs?