Verifiable credentials (VCs) are a digital way of representing the same sort of information that’s typically found in physical credentials like passports, driver’s licenses, membership cards, etc. This concept has gained traction due to its potential for a safer, more efficient way of handling personal identification online.
The idea is to have a secure, tamper-resistant system where the issuer, holder, and verifier of a credential can interact in a trustless environment. This could be useful in all sorts of situations, such as proving your age to an online retailer, verifying your identity for online banking, confirming your professional certifications for job applications, etc.
Here’s how it works:
Issuer: This is the entity that provides the credential to an individual or organization. For instance, a government issuing a driver’s license, a university giving a degree, or a certification body granting a professional qualification.
Holder: This is the individual or organization who receives the credential. They store the credential in a secure digital wallet.
Verifier: This is the entity that needs to verify the information provided in the credential. For instance, a bar checking your age, a potential employer validating your degree, or a bank confirming your identity.
A verifiable credential contains claims made by the issuer about the holder. The key aspect of a verifiable credential is that it is cryptographically secure, meaning that it can be digitally signed using a secure key that can be traced back to the issuer. This allows the verifier to confirm that the credential is legitimate and hasn’t been tampered with.
Moreover, verifiable credentials can be presented by the holder to a verifier without needing to involve the issuer in each transaction, which allows for efficient and privacy-preserving verification processes.
In essence, verifiable credentials are about providing a way to digitize the trust that exists in physical documents, and bringing it into the online world. The technology is a part of a broader concept called Self-Sovereign Identity (SSI), which is all about giving individuals control over their own personal data and digital identities.
Let’s say your business provides a training service which results in a certificate for a particular learned skill or accreditation.
You could issue the individual a paper certificate, which is nice, but can be easily forged and cannot be easily verified by third parties (they would have to contact you to confirm the certificate is authentic).
However, you could issue a credential that asserts that the individual has earned their skill, and that credential can be carried electronically by the individual, in their MS Authenticator app. Third parties can request that this certificate be presented, and the verification process ensures that the certificate is authentic, issued by yourself and was not tampered with. You do not need to be contacted to verify this information. The individual is also in control over their credential.
In Cogmento verified credentials are managed under “Verified Credentials Management”, or VCM. You can create custom schemas, or contracts, which describe a set of claims you’d like to make about individuals listed as your contacts. You can then issue credentials based on those schemas to your contacts, using the information already on the system.
We use Microsoft Entra’s Verified ID platform to publish the credentials which means they can be held, and later presented, in the Microsoft Authenticator application.
To find the VCM, see the settings menu and select VCM from it:
The VCM screen shows all the created schemas on the left hand side. Selecting one shows a list of individuals that this schema was issued to as verifiable credentials.