Verifiable Credential
What is Verifiable Credential?
Verifiable CredentialA tamper-evident, cryptographically signed statement issued by one party about a subject, expressed in the W3C Verifiable Credentials Data Model.
A Verifiable Credential, or VC, is a digital equivalent of a paper credential such as a passport, diploma, or membership card. The W3C Verifiable Credentials Data Model standardizes how an issuer expresses claims about a subject, signs them, and how a holder later presents them to a verifier. Each VC contains the issuer, the subject, claim data, proof of issuance, and revocation information, typically signed using JWT, JSON-LD, or BBS+ proofs that enable selective disclosure. VCs work hand-in-hand with Decentralized Identifiers (DIDs) and underpin self-sovereign identity, mobile driving licences, EU Digital Identity wallets, and verifiable supply-chain attestations.
● Examples
- 01
A university issuing a degree as a W3C VC to a graduate's wallet for use with employer verifiers.
- 02
A government-issued mobile driving licence presented to a car-rental kiosk via the EU Digital Identity Wallet.
● Frequently asked questions
What is Verifiable Credential?
A tamper-evident, cryptographically signed statement issued by one party about a subject, expressed in the W3C Verifiable Credentials Data Model. It belongs to the Identity & Access category of cybersecurity.
What does Verifiable Credential mean?
A tamper-evident, cryptographically signed statement issued by one party about a subject, expressed in the W3C Verifiable Credentials Data Model.
How does Verifiable Credential work?
A Verifiable Credential, or VC, is a digital equivalent of a paper credential such as a passport, diploma, or membership card. The W3C Verifiable Credentials Data Model standardizes how an issuer expresses claims about a subject, signs them, and how a holder later presents them to a verifier. Each VC contains the issuer, the subject, claim data, proof of issuance, and revocation information, typically signed using JWT, JSON-LD, or BBS+ proofs that enable selective disclosure. VCs work hand-in-hand with Decentralized Identifiers (DIDs) and underpin self-sovereign identity, mobile driving licences, EU Digital Identity wallets, and verifiable supply-chain attestations.
How do you defend against Verifiable Credential?
Defences for Verifiable Credential typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Verifiable Credential?
Common alternative names include: VC, W3C Verifiable Credential.
● Related terms
- identity-access№ 292
Decentralized Identifier (DID)
A W3C-standard identifier that a subject controls directly, independent of any centralized registry, and that resolves to a cryptographic key material document.
- identity-access№ 1005
Self-Sovereign Identity (SSI)
An identity model in which individuals or organizations hold and present their own credentials directly, without relying on a central identity provider.
- identity-access№ 320
Digital Identity
The combination of identifiers, credentials, and attributes that represents a person, organization, or device in online systems.
- cryptography№ 1265
Zero-Knowledge Proof (ZKP)
A cryptographic protocol in which a prover convinces a verifier that a statement is true without revealing anything beyond the validity of the statement itself.
- network-security№ 878
Public Key Infrastructure (PKI)
The combined system of policies, software, hardware and trusted authorities used to issue, distribute, validate and revoke digital certificates that bind identities to public keys.