What are Verifiable Credentials?
Updated: June 2, 2020
This article introduces Verifiable Credentials and gives an overview of the technical components involved in Verifiable Credentials exchanges.
Issuers, subjects, and verifiers
Verifiable Credentials allow you to validate information about people, organizations, and things. We will introduce Verifiable Credentials using an example where a student's digital diploma is used to apply for a job.
Every Verifiable Credential is created by an issuer. An issuer is the organization or entity that asserts information about a subject to which a credential is issued. In our example, the University is the issuer who issues a credential to the student, the subject.
Verifiable Credentials contain attributes about the subjects to which they are issued. The student's field of study, year of graduation, and grade point average are examples of simple attributes that might be included. When a subject receives their Verifiable Credentials, they become the holder for that credential which they store in their wallet - a mobile application on the student's device.
When the student applies for a job, the employer requests access to view the student's digital diploma. The employer is the verifier who will verify the information contained in the diploma before offering the student a job.
Verifiable Credentials
Verifiable Credentials are based on an open standard developed in the W3C known as Verifiable Credentials. A Verifiable Credential that is represented as a JSON Web Token (JWT) has an expected structure:
// JWT decoded for readability
{
"alg": "RS256",
"typ": "JWT",
"kid": "did:example:abfe13f712120431c276e12ecab#keys-1"
}.
{
"sub": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"jti": "http://example.edu/credentials/3732",
"iss": "https://example.com/keys/foo.jwk",
"nbf": 1541493724,
"iat": 1541493724,
"exp": 1573029723,
"nonce": "660!6345FSer",
"vc": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"type": ["VerifiableCredential", "UniversityDegreeCredential"],
"credentialSubject": {
"name": "Alex Johnson",
"major": "Mechanical Engineering",
"date": "06/15/1998",
"studentId": "12515010",
}
}
}.
BND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp
8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB
1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdqrZAv6e
This standard makes it easy for credentials to be "portable" across organizational boundaries. A credential issued by a university can be verified by any employer, bank, or any other organization that accepts the Verifiable Credential standard. Similarly, an employer can accept diplomas from any university that issues credentials according to the standard. The Verifiable Credential standard facilitates an open ecosystem of credentials that can be easily verified by any interested party.
Digital signatures and decentralized identifiers
To protect their security and integrity, Verifiable Credentials are digitally signed by the issuer. When a verifier receives a Verifiable Credential, they are able to verify the signature of the credential to ensure it has been issued by the real issuer and that it hasn't been tampered with. The verifier therefore requires access to the issuer's public keys.
The public key infrastructure required to verify Verifiable Credentials is provided by another W3C standard known as decentralized identifiers.
Each issuer, subject, and verifier creates a unique identifier, and associates a set of public keys to their identifier. The issuer's public keys are made publicly available, so that any verifier can validate Verifiable Credentials produced by the issuer.
See something missing? We'd love your feedback and input on the Verifiable Credentials preview. Please contact us. When you use Microsoft DID Services, you agree to the DID Preview Agreement and the Microsoft Privacy Statement.