Verifiable credentials

The holder of a verifiable credential operates in a triangle of trust, mediating between issuer and verifier. The issuer and holder trust each other, the holder trusts the verifier, and the verifier trusts the issuer. Any role in the triangle can be played by a person, an institution, or an IoT device.

Verifiable credentials (VCs) are digital credentials which follow the relevant World Wide Web Consortium open standards. They can represent information found in physical credentials, such as a passport or license, as well as new things that have no physical equivalent, such as ownership of a bank account. They have numerous advantages over physical credentials, most notably that they're digitally signed, which makes them tamper-resistant and instantaneously verifiable.[1][2]

Verifiable credentials can be issued by anyone, about anything, and can be presented to and verified by everyone. The entity that generates the credential is called the Issuer. The credential is then given to the Holder who stores it for later use. The Holder can then prove something about themselves by presenting their credentials to a Verifier.

Trust model

The holder of a verifiable credential operates in a triangle of trust,[3] mediating between issuer and verifier.

  • The issuer trusts the holder
  • The holder trusts the verifier
  • The verifier trusts the issuer

Any role in the triangle can be played by a person, an institution, or a machine.

Note that because verifiable credentials can be created by anyone, the verifier decides if they trust the issuer.

Decentralization

The VC model places the holder of a credential at the center of the identity ecosystem, giving individuals control of their identity attributes. The W3C VC model parallels physical credentials: the user holds cards and can present them to anyone at any time without informing or requiring the permission of the card issuer. Such a model is decentralized and gives much more autonomy and privacy to the participants. This contrasts with the federated identity management (FIM) model, as adopted by SAML and OpenID Connect, which place the identity provider (IdP) in the central role as the dispenser of identity attributes and the determiner of which Service Providers (SPs) it will give them to. In the federated model, the IdP knows every SP that the user visits.

Verifiable Credentials Data Model 1.0

The data model for verifiable credentials is a World Wide Web Consortium (W3C) Recommendation, "Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web", published 19 November 2019.[4]

Composition

Verifiable Credentials may be expressed using JSON and is typically composed of:

  • Context
  • Issuer
  • Issue timestamp
  • Expiry timestamp
  • Type
  • Subject
  • Subject identity attributes
  • Cryptographic proof to ensure the integrity and authenticity of the VC
{
	"verifiableCredential": {
		"@context": [
			"https://www.w3.org/2018/credentials/v1",
			"https://www.w3.org/2018/credentials/examples/v1"
		],
		"id": "0892f680-6aeb-11eb-9bcf-f10d8993fde7",
		"type": [
			"VerifiableCredential",
			"UniversityDegreeCredential"
		],
		"issuer": {
			"id": "did:example:76e12ec712ebc6f1c221ebfeb1f",
			"name": "Acme University"
		},
		"issuanceDate": "2021-05-11T23:09:06.803Z",
		"credentialSubject": {
			"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
			"degree": {
				"type": "BachelorDegree",
				"name": "Bachelor of Science"
			}
		},
		"proof": {
			"type": "Ed25519Signature2018",
			"created": "2021-05-17T15:25:26Z",
			"jws": "eyJhbGciOiJFZERTQYjY0Il19..nlcAA",
			"proofPurpose": "assertionMethod",
			"verificationMethod": "https://pathToIssuerPublicKey"
		}
	}
}

Aliases

The VC context, defined using the @context JSON property, is a JSON-LD construct that allows user friendly terms to be used for JSON properties. According to the VC data model, the value of many properties must be a URI. Whilst these are globally unambiguous, (important for a global data model), they are not user-friendly. Consequently, the @context property allows short-form, user-friendly aliases to be defined for each URI. This makes it much easier, and more user-friendly, to specify VCs. An example is given below. 

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "id": "http://example.edu/credentials/3732",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "https://example.edu/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "expirationDate": "2020-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": { 
  }
}

W3C VCs are extensible. Any new property can be added to VCs, as determined by the issuer. Standard properties have been defined specifically as extension points. These include the following:

  • terms of use - restrictions placed on the use of the VC by the issuer
  • schema - defines VC contents
  • evidence - information collected by issuer about the subject and/or attributes before issuing the VC
  • status - pointers to where a verifier can discover the status of a VC (e.g., whether it has been revoked).

Subject

The holder of a VC does not always have to be the subject of the credential. It is expected that most users will hold their own VCs, i.e., the holder and the subject will be the same entity. This need not always be the case. For example, when the VC subject is an infant, and the VC is a birth certificate, the holder may be one or both parents.[5]

Proofs

No proof mechanism is standardized but the data model is flexible enough to support various existing cryptographic mechanisms, such as digital signatures. Proof mechanisms that are in use include: JSON Web Tokens with JSON Web Signatures, JSON-LD proofs, and zero-knowledge proofs using schemes such as IBM's anonymous credentials.

Transport

Various protocols are specified for carrying VCs from the issuer/IdP to the holder, and the holder to the verifier. Examples include:

  • Aries RFC 0036: Issue Credential Protocol 1.0.,[6] and Aries RFC 0037: Present Proof Protocol 1.0[7]
  • David W Chadwick, Romain Laborde, Arnaud Oglaza, Remi Venant, Samer Wazan, Manreet Nijjar "Improved Identity Management with Verifiable Credentials and FIDO", IEEE Communications Standards Magazine Vol 3, Issue 4, Dec 2019, Pages 14–20[8]

None of these protocols has become standardized. Many people who are experimenting with VCs use HTTPS to carry VCs between the various parties.

Criticisms and concerns

The security of verifiable credentials in the context of COVID-19 vaccination and test certificates has been questioned.[9][10] Verifiable credentials have also been subject to usability concerns.[11]

Some have likened anyone being able to issue a verifiable credential being like a shop clerk deciding if they should accept an out-of-state license as proof of age when purchasing alcohol.

See also

References

  1. ^ "An Introduction to Verifiable Credentials". verifiablecredential.io. Archived from the original on October 19, 2021.
  2. ^ "What are Verifiable Credentials? | Decentralized Identity Developer Docs". didproject.azurewebsites.net.
  3. ^ "A Gentle Introduction to Verifiable Credentials". www.evernym.com. Archived from the original on April 16, 2020.
  4. ^ "Verifiable Credentials Data Model 1.0". www.w3.org. Retrieved 2019-11-05.
  5. ^ "On Guardianship In Self-Sovereign Identity" (PDF). www.sovrin.org. Retrieved 2021-11-05.
  6. ^ Khateev, Nikita. "Aries RFC 0036: Issue Credential Protocol 1.0". Github - Hyperledger Aries Project. Hyperledger. Retrieved 5 November 2019.
  7. ^ Khateev, Nikita. "Aries RFC 0037: Present Proof Protocol 1.0". Github - Hyperledger Aries Project. Hyperledger. Retrieved 5 November 2019.
  8. ^ Chadwick, David W.; Laborde, Romain; Oglaza, Arnaud; Venant, Remi; Wazan, Ahmad Samer; Nijjar, Manreet (2019-12-31). "Improved Identity Management with Verifiable Credentials and FIDO". IEEE Communications Standards Magazine. 3 (4): 14–20. doi:10.1109/MCOMSTD.001.1900020. ISSN 2471-2825. S2CID 212706653.
  9. ^ "By embracing blockchain, a California bill takes the wrong step forward". blog.mozilla.org. 6 August 2020.
  10. ^ Halpin, Harry (2020). "Vision: A Critique of Immunity Passports and W3C Decentralized Identifiers". arXiv:2012.00136 [cs.CR].
  11. ^ Brunner, Clemens; Gallersdörfer, Ulrich; Knirsch, Fabian; Engel, Dominik; Matthes, Florian (2020). "DID and VC:Untangling Decentralized Identifiers and Verifiable Credentials for the Web of Trust". 2020 the 3rd International Conference on Blockchain Technology and Applications. pp. 61–66. doi:10.1145/3446983.3446992. ISBN 9781450388962. S2CID 232291138.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi

Kembali kehalaman sebelumnya