Confidence Method v1.0

Increasing confidence during presentation of verifiable credentials

W3C First Public Working Draft

More details about this document
This version:
https://www.w3.org/TR/2026/WD-vc-confidence-method-20260311/
Latest published version:
https://www.w3.org/TR/vc-confidence-method/
Latest editor's draft:
https://w3c.github.io/vc-confidence-method/
History:
https://www.w3.org/standards/history/vc-confidence-method/
Commit history
Editors:
Joe Andrieu (Legendary Requirements)
Denken Chen (Ministry of Digital Affairs, Taiwan)
Feedback:
GitHub w3c/vc-confidence-method (pull requests, new issue, open issues)
Related Documents
Verifiable Credentials Data Model v2.0

Copyright © 2026 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.

Abstract

This specification defines mechanisms that can be used with the Verifiable Credentials Data Model v2.0 to increase a verifier's confidence that a presenter of a verifiable credential is, in fact, appropriately related for its use. In the simplest situation, this means the presenter is the original, legitimate recipient of the credential. This specification defines a data model for expressing confidence methods and evidence in a verifiable credential and provides examples of how to use it.

Status of This Document

This is a preview

Do not attempt to implement this version of the specification. Do not reference this version as authoritative in any way. Instead, see https://w3c.github.io/vc-confidence-method/ for the Editor's draft.

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index.

This is an experimental specification and is undergoing regular revisions. It is not fit for production deployment.

This document was published by the Verifiable Credentials Working Group as a First Public Working Draft using the Recommendation track.

Publication as a First Public Working Draft does not imply endorsement by W3C and its Members.

This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent that the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 18 August 2025 W3C Process Document.

1. Introduction

This section is non-normative.

Determining that a current presenter is the subject of a Verifiable Credential is a key concern for verifiers.

This specification defines two extensible mechanisms that Issuers can use to help Verifiers increase their confidence that the presentation of a given Verifiable Credential is legitimate.

The confidenceMethod property enables issuers to provide specific techniques for improving the confidence that a candidate party is one of the subjects in a VC. For example, improving confidence that the presenter of a marriage license is one of the parties involved: the officiant, one of the spouses, or one of the witnesses.

The confidenceMethod property can be used to specify a particular biometric, cryptographic key, or other mechanism that the presenter can use to demonstrate that they are that subject in the VC. It is up to the verifier to decide whether to require the presenter to use the confidence method, or to use a different mechanism to increase their confidence about whether, for example, the presenter is the same entity the issuer made claims about in the VC. Such a decision can impact the verifier's liability when accepting VCs during certain use cases.

The assuranceMethod property enables issuers to declare the level of assurance that the issuer established before issuing the credential to its initial recipient. For example, an issuer can declare that they used a particular identity proofing process, signifying standard levels of assurance like IAL 3 defined in [NIST-SP-800-63-4]. This can help verifiers understand the level of assurance that the issuer had at the time of issuance as an input for their own informed decisions about whether to accept them.

Both of these mechanisms are extensible using JSON-LD to define a new type of confidence method or assurance method.

For example, when an employer (the issuer) issues a corporate identification card to an employee (the subject), it might require that the employee bind a particular cryptographic key (verification method) to the verifiable credential during the issuing process. In that case, the issuer can use this specification to convey to the verifier which cryptographic key was bound during the initial identity assurance process.

In other words, an issuer can use this specification to convey which provable mechanisms it used to bind claims in a verifiable credential so that a verifier can increase their confidence in the truth of a variety of things, including the following:

1.1 Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY and MUST in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

A conforming document is any concrete expression of the data model that follows the relevant normative requirements in Section 2. Data Model.

A conforming processor is any algorithm realized as software and/or hardware that generates and/or consumes a conforming document. Conforming processors MUST produce errors when non-conforming documents are consumed.

2. Data Model

This specification defines the confidenceMethod property for expressing confidence method information in a credentialSubject in a verifiable credential.

confidenceMethod

If present, the value of the confidenceMethod property is one or more confidence methods as defined below. Each confidence method specifies the specific type of confidence method and any reference data that might be required to evaluate the method. The method is bound to a subject in the verifiable credential and provides enough information for a verifier to evaluate whether a particular candidate party is, for their purposes, the same entity referenced in the credential. THe verifier evaluates the confidence method, executing the process of that method. Successful evaluation indicates the credential has satisfied the confidence method and the verifier can safely rely on that belief to provide services.

Each confidence method MUST specify its type and MAY specify an id. The precise properties and semantics of each confidence method are determined by the specific confidenceMethod type definition.

assuranceMethod

If present, the value of the assuranceMethod property is one or more assurance methods, defined below. Each assurance method specifies the specific type of assurance method and any reference data that might be required to evaluate the method. The method is bound to a subject in the verifiable credential and provides information about the level of assurance that the issuer had about the subject at the time of issuance. This can help a verifier understand the means by which the verifier established their own level of assurance that for that subject. Different subjects may have different assurance method, allowing the issuer to use different levels of assurance for different subjects in the same credential. For example, an issuer can use a high level of assurance for the subject that is the officiant or spouse in a marriage license, but a lower level of assurance for the witnesses to that ceremony.

Each assurance method MUST specify its type and MAY specify an id. The precise properties and semantics of each assurance method are determined by the specific assuranceMethod type definition.

A verifier can decide to accept claims in a verifiable credential without requiring use of the confidence method, or use a different mechanism to increase their confidence about whether, for example, the holder is the same entity the issuer made claims about in the verifiable credential. Such a decision can impact the verifier's liability when accepting verifiable credentials during certain use cases.

A verifier can validate that the holder controls, or has been designated the ability to use, a confidence method by verifying the proof of the verifiable presentation using the information in the confidence method. The confidence method can include the verification key, or the type of the confidence method can define that the verification key is to be inferred from other properties in the verifiable credential, such as the credentialSubject.id.

The following example demonstrates the various types of confidence methods that can be used, including public cryptographic keys, verification methods, and Decentralized Identifier Documents.

Example 1: Usage of the confirmationMethod property of type VerificationKeyConfirmation 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "http://example.edu/credentials/3732",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "https://example.edu/issuers/14",
  "validFrom": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "confidenceMethod": [{
      "type": "BiometricPortraitImage",
      "image": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD",
    }, {
      "id": "urn:uuid:818d5ca0-3978-11f0-8658-4f17a1afd652#key-abc",
      "type": "JsonWebKey",
      "controller": "urn:uuid:818d5ca0-3978-11f0-8658-4f17a1afd652",
      "publicKeyJwk": {
        "crv": "Ed25519",
        "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
        "kty": "OKP",
        "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
      }
    }, {
      "id": "did:example:123#key-567",
      "type": "Multikey",
      "controller": "did:example:123",
      "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }, {
      "id": "did:example:1234",
      "type": "DecentralizedIdentifierDocument"
    }],
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": { ... }
}
Note

A confidence method can express various metadata such as the issuer's level of confidence that the holder is the subject of the verifiable credential, specific form factors or mechanisms of authenticators, and/or references to other verifiable credentials or versioned trust frameworks. For example, an issuer can make a claim about a confidence method that is based on a cryptographic key pair, but to produce a signature using that key, the holder has to unlock a device using multi-factor authentication.

3. Confidence Methods

VerificationConfidence

VerificationConfidence specifies how to use a verification method in a controlled identifier document such as a DID document.

BiometricImageConfidence

BiometricImageConfidence specifies how to use an image in a verifiable credential for recognizing the subject of the credential.

3.1 Verification Confidence

TBD

3.2 Biometric Image Confidence

TBD

4. Assurance Methods

NIST_800-63-4_LOA

NIST_800-63-4 defines an assurance method based on the [NIST-SP-800-63-4] specification.

EIDAS_LOA

EIDAS_LOA defines an assurance method based on the [EIDAS2].

4.1 NIST_800-63-3_LOA

TBD

4.2 EIDAS_LOA

TBD

5. Terminology

Some terminology used throughout this document is defined in the Terminology section of the Verifiable Credentials Data Model v2.0 specification as well as the Terminology section of the Controlled Identifiers v1.0 specification. This section defines addition terms used throughout this specification.

assurance method
A technique for establishing the identity of an individual in terms of real-world evidence and observations, according to a specific process, typically defined by national and international standards organizations like NIST in the US and eIDAS in the EU.

6. Security Considerations

Issue 1: Add Security Considerations section
Add security considerations section that includes at least the following topics:
  • Since confidence methods can be selectively disclosed, verifiers need to explicitly ask for confidence methods in high-assurance use cases when dealing with proof mechanisms that allow for selective or unlinkable disclosure.

7. Privacy Considerations

Issue 2: Add Privacy Considerations section
Add privacy considerations section that includes at least the following topics:
  • Confidence methods are expected to be selectively disclosed, as they might not be necessary in many low-assurance use cases, or where high-assurance is achieved through a different means such as in-person verification against a photo.
  • If a confidence method is unlinkably disclosed, it can reveal correlatable identifiers, such as public cryptographic key identifiers.
  • Strongly advise against using biometrics for confidence methods unless absolutely required. Warn that verifiers should only require biometric photos as a last resort and should destroy the information after the transaction is complete.

A. References

A.1 Normative references

[CID]
Controlled Identifiers v1.0. Michael Jones; Manu Sporny. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/cid-1.0/
[EIDAS2]
Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework. European Parliament; Council of the European Union. Official Journal of the European Union. 30 April 2024. URL: http://data.europa.eu/eli/reg/2024/1183/oj
[NIST-SP-800-63-4]
Digital Identity Guidelines. David Temoshok; Yee-Yin Choong; Ryan Galluzzo; Connie LaSalle; Andrew Regenscheid; Diana Proud-Madruga; Sarbari Gupta; Naomi Lefkovitz. National Institute of Standards and Technology. August 2025. URL: https://pages.nist.gov/800-63-4/sp800-63.html
[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174
[VC-DATA-MODEL-2.0]
Verifiable Credentials Data Model v2.0. Ivan Herman; Michael Jones; Manu Sporny; Ted Thibodeau Jr; Gabe Cohen. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model-2.0/

A.2 Informative references

[VC-DATA-INTEGRITY]
Verifiable Credential Data Integrity 1.0. Ivan Herman; Manu Sporny; Ted Thibodeau Jr; Dave Longley; Greg Bernstein. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-integrity/