The term “credential” can imply any (tamper-resistant) set of information that some authority claims to be true about you, and that enables you to convince others (who trust that authority) of these truths. Eg: A diploma issued by a university proves you have an educational degree. A passport issued by a government of a country proves you are a citizen.
Every credential contains a set of claims about the subject of the credential i.e. about the holder. These claims are made by an Issuer.
To qualify as a credential, the claims must be verifiable in some way. This means a verifier must be able to determine the following:
- Who issued the credential
- That it has not been tampered with since it was issued
- That it has not expired or been revoked
With physical credentials, this is accomplished through some proof of authenticity embedded directly in the credential itself like a chip or hologram. It can also be done by checking directly with the issuer that the credential is valid, accurate, and current. But this manual verification process can be difficult and time-consuming — a major reason why there is a worldwide black market in falsified credentials.
This brings us to one of the fundamental advantages of verifiable credentials: using cryptography and the Internet, they can be digitally verified in seconds. This verification process can answer the following four questions:
- Is the credential in a standard format and does it contain the data the verifier needs?
- Does it include a valid digital signature from the issuer?
- Is the credential still valid, that is, not expired or revoked?
- If applicable, does the credential (or its signature) provide cryptographic proof that the holder of the credential is the subject of the credential.
Last Updated: 10 November 2021