Create a Verifiable Credential
A Verifiable Credential (VC) can represent all information that a physical credential represents, such as a passport or university degree. However, by allowing other parties to cryptographically verify the authorship and integrity of the claims, verifiable credentials can be seen as more tamper-evident and more trustworthy than their physical counterparts.
Verifiable Credential Properties
In the IOTA Identity Framework, you can create a Verifiable Credential with the following properties:
- Context: List of JSON-LD context URIs. Includes
"https://www.w3.org/2018/credentials/v1"by default. - Types: List of types describing the credential. Includes
"VerifiableCredential"by default. - Subject: The issuer's claims; a set of objects that contain one or more properties that are each related to a subject.
- Issuer: The identifier of the issuer, typically their DID.
- ID: Optional URI identifier for the credential.
- Issuance Date: Timestamp for expressing the date and time when a credential becomes valid.
- Expiration Date: Optional timestamp for expressing the date and time when a credential ceases to be valid.
- Status: Optional information used to determine the current status of a credential, i.e. whether or not it has been revoked.
- Schema: Optional list of objects specifying the schema that the data must conform to.
- Refresh Service: Optional link to a service where the recipient may refresh the included credentials.
- Terms of Use: Optional list of policies defining obligations, prohibitions, or permissions of the presentation recipient.
- Evidence: Optional list of objects that can be used by the issuer to provide the verifier with additional supporting information in a verifiable credential.
- Non-Transferable: Optional flag that indicates that a verifiable credential must only be encapsulated in a verifiable presentation whose proof was issued by the credential subject.
Signing
After preparing the verifiable credential, the issuer creates a signed JWT containing VC in the claims using one of their private keys. This is what allows verifiers to validate the credential independently using the corresponding public key from the issuer's DID Document.
Validation
Verifiers should ensure certain credential properties are valid when receiving one or more in a verifiable presentation. Both issuers and holders may also wish to validate their credentials, particularly directly after creating or receiving one. Validation may be performed at any point in time and can be a useful way of checking whether a credential has expired or been revoked.
Validation Checks
The IOTA Identity Framework supports the following checks during credential validation:
- Semantic structure: Ensures the credential adheres to the specification.
- Signature: Verifies the JWS against the issuer's DID Document.
- Optional validations: Additional checks on credential properties, and the signature can be configured by specifying Validation Options.
Validation Options
These options specify conditions that specific properties in a credential must satisfy.
- Expiration Date: Check that the
expirationDateproperty, if present, is not before a specific date-time. Defaults to the current datetime if unset. - Issuance Date: Check that
issuanceDateproperty, if present, is not after a specific date-time. Defaults to the current datetime if unset. - Verifier Options: Validates aspects of the credential signature.
Sharing Verifiable Credentials
A verifiable presentation is the recommended data format for sharing one or more verifiable credentials, as it provides cryptographic means of proving the DID of the holder presenting them, and for enforcing subject-holder relationships.
Example
The following code showcases how an issuer can create, sign,
and validate a verifiable credential.
In this example, the issuer signs a UniversityDegreeCredential with Alice's name and DID.
Create and Sign a VC
Validate a VC
This Verifiable Credential can be verified by anyone, allowing Alice to take control of it and share it with anyone.
Full Example Code
- Rust
- Typescript (Node.js)
loading...
loading...