We are all used to physical credentials, driver licenses, passports, credit cards, etc. They all have data (claims) made by an issuer (driver’s license government authority, state department, bank) about a subject. Verifiable Credentials (VCs) are digital, cryptographically verifiable versions of these credentials. This means they can be stored on digital devices, and you can use cryptography to verify their data.
Here are the key parts of a Verifiable Credential:
- Holder: the entity that controls the credential, most often this is the Subject
- Subject: the entity which claims are made about
- Issuer: the entity that created the credential
- Claims: attributes about the Subject that the Issuer is asserting
- Proofs (signature): cryptographic mechanism for establishing authorship and validity
Verifiable Credential Lifecycle
A typical Verifiable Credential life cycle follows a sequence similar to the following:
- A user (often the Subject) requests or is given a credential from an Issuer.
- The Issuer includes data about the Subject in a digital credential, including the Subject's identifier.
- The Issuer signs the VC with its private key.
- The user receives the VC and stores it in a digital wallet, becoming the Holder. The digital wallet allows users to store and present VCs of any type.
- Later, the Holder encounters an application that wants to verify that the Holder has a particular VC. The Holder uses the digital wallet to present the credential to the Verifier, and signs a Verifiable Presentation (VP) with the Holder’s private key.
- The Verifier cryptographically verifies the VP (it was signed by the Holder and original VC signed by the Issuer) and checks its validity (for example, it hasn't expired). It obtains the Holder and Issuer public keys from a Verifiable Data Registry.
- (Optional) Finally, for any number of reasons the Issuer MAY revoke the credential, or the credential MAY expire (e.g. Past an expiration date).
You can find a more in depth explanation and visual presentation of verifiable credentials at verifiablecredentials.dev.
In the following articles, you will experience Verifiable Credentials from the end user and developer perspectives.
- Use Credentials as a user:
- Obtain a Credential: Using a developer wallet that the Auth0 Lab team has set up, you will obtain a vaccine card from a sample institution.
- Present a Credential: Using a tool developed by Auth0 Lab to request specific types of credentials, you will request your vaccine card from the developer wallet.
- Issue credentials: Using the Auth0 Lab instance, you will set up a tenant as a credential issuer.
- Verify credentials: Using the Auth0 Lab instance, you will set up a tenant as a credential verifier.