Verifiable credentials (VCs) are a digital way of representing the same information typically found in physical credentials like passports, driver’s licenses, membership cards, etc. This concept has gained traction due to its potential for a safer, more efficient way of handling personal identification online.
The idea is to have a secure, tamper-resistant system where a credential's issuer, holder, and verifier can interact in a trustless environment. This could be useful in all sorts of situations, such as proving your age to an online retailer, verifying your identity for online banking, confirming your professional certifications for job applications, etc.
Here’s how it works:
-
Issuer: This entity provides the credential to an individual or organization. For instance, a government issuing a driver’s license, a university giving a degree, or a certification body granting a professional qualification.
-
Holder: This is the individual or organization that receives the credential. They store the credentials in a secure digital wallet.
-
Verifier: This entity needs to verify the information provided in the credential. For instance, a bar checking your age, a potential employer validating your degree, or a bank confirming your identity.
A verifiable credential contains claims made by the issuer about the holder. The key aspect of a verifiable credential is that it is cryptographically secure, meaning that it can be digitally signed using a secure key that can be traced back to the issuer. This allows the verifier to confirm that the credential is legitimate and hasn’t been tampered with.
Moreover, the holder can present verifiable credentials to a verifier without involving the issuer in each transaction, which allows for efficient and privacy-preserving verification processes.
In essence, verifiable credentials provide a way to digitize the trust in physical documents and bring it into the online world. The technology is a part of a broader concept called Self-Sovereign Identity (SSI), which is all about giving individuals control over their data and digital identities.
Examples
Let’s say your business provides a training service that results in a certificate for a particular learned skill or accreditation.
You could issue the individual a paper certificate, which is nice but can be easily forged and cannot be easily verified by third parties (they would have to contact you to confirm the certificate is authentic).
However, you could issue a credential that asserts that the individual has earned their skill, and that credential can be carried electronically by the individual in their MS Authenticator app. Third parties can request that this certificate be presented, and the verification process ensures that the certificate is authentic, issued by yourself, and was not tampered with. You do not need to be contacted to verify this information. The individual is also in control over their credential.
How to use Verifiable Credentials in Cogmento
Cogmento verified credentials are managed under “Verified Credentials Management,” or VCM. You can create custom schemas or contracts describing a set of claims you’d like to make about individuals listed as your contacts. You can then issue credentials based on those schemas to your contacts using the information already on the system.
We use Microsoft Entra’s Verified ID platform to publish the credentials which means they can be held and later presented in the Microsoft Authenticator application.
To find the VCM, see the settings menu and select VCM from it:
The VCM screen shows all the created schemas on the left-hand side. Selecting one shows a list of individuals to this schema were issued to as verifiable credentials.