Verifiable Credential I: Data Stardust and Constellations
Data stardust is our digital footprint
As we venture and explore the virtual world, our data stardust is left in our wake. Data is an extension of the self, a reflection of our presence in the digital space. Credentials transform data into tangible and transitional objects, allowing others to quickly gain insight into who we are.
Off-line, we rely on various forms of identification to build and maintain our identities, such as government-issued documents and biometric identification. However, in web3, there was no standard or tool to create a verifiable identity document. Therefore, constructing a composable and verifiable identity document, known as Verifiable Credentials (VCs), is becoming increasingly important in today’s world of quick data transmission.
The idea behind Verifiable Credentials is to enable individuals and organizations to prove their identity or attributes in a digital format that can be easily and securely verified by others. The World Wide Web Consortium (W3C) began working on the concept in 2017 and published the first version of the Verifiable Credentials Data Model and Syntax specification in 2019. Since then, various organizations and companies have been working on implementing and using verifiable credentials in various contexts.
Verifiable Credentials are Data Constellations
Generally speaking, Verifiable Credentials (VCs) are JSON files that prove statements of a person, with data as evidence contained, and can be trustlessly verified in its authenticity and timeliness by a third party. It can securely store and transmit information about identity, attributes, or relationships between consenting entities without revealing the individual’s personal information.
Think of it as a digital membership card, a container of a piece of personal data, or as we see it more interestingly, a “constellation” made of data stardust that shows a version of yourself.
Just like stars in a constellation that come together to form a clear image, when VCs join the dots of data stardust, they create a comprehensive picture of an individual’s characteristics, while limiting the exposure of sensitive information. VCs are encoded in standard data formats, such as JSON-LD, and digitally signed by the issuer, like a DAO, educational institution, or Litentry TEE worker enclave. This enables the recipient of the VCs to independently verify the authenticity of the claims and the identity of the issuer, while the individual retains control over the personal information they share.
Every VC constellation is a piece of us: DAO contributor, council member, NFT holder, and so on. These VCs are the building blocks of trust, enabling authorized third parties to confidently offer their services or admit you into their community based on your proven actions and accomplishments. With VCs, you can control the narrative of your digital identity and shape the story you wish to tell to the world.
VC components
At their core, VCs are comprised of three essential components:
- Metadata — This component shines a light on the VC issuer’s enclave, identity subject, issuance and expiration date, and the data source that is used to form a VC.
- Assertions — These are the claims that the VC makes about the subject, painting a picture of the individual’s attributes and accomplishments. For example, the VC may assert that the subject has a high score or holds a specific NFT asset.
- Proof — The proof component is the foundation of trust in a VC. It contains the cryptographic signature and the keys necessary to verify the VC, ensuring that the assertions are genuine and untampered.
Taken together, these components form a VC, a piece of the larger puzzle that is your digital identity.
Why VCs?
To securely share information, we must consider aspects such as data authenticity, portability, verifiability, and privacy during transmission. VCs offer great advantages due to the following characteristics:
- Tamper-evident. By using cryptographic keys, the issuer can create a unique signature for each credential. This signature can be verified by the verifier using the issuer’s public key, ensuring that the credential has not been altered. Any changes to the credential will render the digital signature invalid.
- Rapidly Transmittable. Compared to physical credentials such as ID cards, driving licenses, and membership cards, VC’s digital nature is more easily transmittable. Holders simply display or present the JSON files to the verifier. Cryptographic technologies enable the holder and verifier to securely transmit and receive the credentials without the need for a central authority or third-party intermediary.
- Verifiable. The verifier is able to easily evaluate if the credential is an authentic and timely statement of the issuer or presenter, respectively. This includes checking that: the credential conforms to the specification; the proof method is satisfied; and if present, the status check succeeds. It is important to note that verifying a VC does not assess the accuracy of the claims encoded in the credential.
- Composable. You may wish to generate a Verifiable Credential (VC) with only the necessary minimum amount of data. For example, instead of stating your exact age, you could simply say you are over 18 years old. Holders of a VC can generate a smaller file, called a Verifiable Presentation, out of a VC and share it with a verifier to prove they possess credentials with certain characteristics. For example, you could generate a Verifiable Presentation from a bachelor's certificate that states you went to a certain school, without revealing your major or other unnecessary information.
Comparing VC to other technologies
- VC and Soulbound Token (SBT). Soulbound Tokens are a type of non-fungible token that is nontransferable once attained. Both VC and SBT can serve as data containers in the process of information transmission and permission. Considering SBT is a standard token type, while Verifiable Credentials are a more flexible DID standard that can be implemented widely, Litentry chose to adopt VC in its application. You can read more about VC and SBT in this article.
- VC and OAuth. OAuth is an open standard for authorization that allows users to securely grant access to their data to third-party applications without sharing their passwords. Both solutions offer a way to manage identities, but OAuth does not provide a way to verify them or grant granular access to limit data exposure.
- VC and Security Assertion Markup Language (SAML). SAML is an XML-based standard for exchanging authentication data. It is primarily used for web browser single sign-on, which typically requires a username and password. Conversely, VC is a file format that allows the service provider to verify the authenticity of user assertions independently.
Conclusion
In conclusion, Verifiable Credentials (VCs) are a powerful and secure tool for securely sharing information and transmitting data. VCs offer great advantages, such as tamper-evident, rapidly transmittable, verifiable, and composable features, making them an ideal solution for digital identity and authorization. VCs can be seen as constellations of data stardust, a reflection of our presence in the digital space. By using and managing VCs, we can shape the story of our digital identity and create a more secure and trustworthy web3.
Litentry is now implementing Verifiable Credentials for data authorization, reputation modal, identity tag/label, anti-fraud, and more. In the next article, we will dive more into the trustless workflow of VC and its implementation in the Litentry Protocol.
Special thanks to Kai and Jutta for their contribution to this piece!
If you are interested in learning more about Litentry’s technology, check out this privacy article series.
