Verifiable Credentials API v0.7

An HTTP API for Verifiable Credentials lifecycle management

Draft Community Group Report

Latest published version:
https://www.w3.org/vc-api/
Latest editor's draft:
https://w3c-ccg.github.io/vc-api/
Editor:
TBD
Feedback:
GitHub w3c-ccg/vc-api (pull requests, new issue, open issues)
public-credentials@w3.org with subject line [vc-api] … message topic … (archives)
Meetings:
View next scheduled meeting

Copyright © 2025 the Contributors to the Verifiable Credentials API v0.7 Specification, published by the Credentials Community Group under the W3C Community Contributor License Agreement (CLA). A human-readable summary is available.

Abstract

Verifiable credentials provide a mechanism to express credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable. This specification provides data model and HTTP protocols to issue, verify, present, and manage data used in such an ecosystem.

Status of This Document

This is a preview

Do not attempt to implement this version of the specification. Do not reference this version as authoritative in any way. Instead, see https://w3c-ccg.github.io/vc-api/ for the Editor's draft.

This specification was published by the Credentials Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

This specification is highly experimental and changing rapidly. Implementation in non-experimental systems is discouraged unless you are participating in the weekly meetings that coordinate activity around this specification.

Comments regarding this document are welcome. Please file issues directly on GitHub, or send them to public-credentials@w3.org ( subscribe, archives).

GitHub Issues are preferred for discussion of this specification. Alternatively, you can send comments to our mailing list. Please send them to public-credentials@w3.org (subscribe, archives).

1. Introduction

This section is non-normative.

The Verifiable Credentials specification [VC-DATA-MODEL-2.0] provides a data model and serialization to express digital credentials in a way that is cryptographically secure, privacy respecting, and machine-verifiable. This specification provides a set of HTTP Application Programming Interfaces (HTTP APIs) and protocols for issuing, verifying, presenting, and managing Verifiable Credentials.

When managing verifiable credentials, there are two general types of APIs that are contemplated. The first type of APIs are designed to be used within a single security domain. The second type of APIs can be used to communicate across different security domains. This specification defines both types of APIs.

The APIs that are designed to be used within a single security domain are used by systems that are operating on behalf of a single role such as an Issuer, Verifier, or Holder. One benefit of these APIs for the Verifiable Credentials ecosystem is that they define a useful, common, and vetted modular architecture for managing Verifiable Credentials. For example, this approach helps software architects integrate with common components and speak a common language when implementing systems that issue verifiable credentials. Knowing that a particular architecture has been vetted is also beneficial for architects that do not specialize in verifiable credentials. Documented architectures and APIs increase market competition and reduce vendor lock-in and switching costs.

The APIs that are designed to operate across multiple security domains are used by systems that are communicating between two different roles in a verifiable credential interaction, such as an API that is used to communicate presentations between a Holder and a Verifier. In order to achieve protocol interoperability in verifiable credentials interactions, it is vital that these APIs be standardized. The additional benefits of documenting these APIs are the same for documenting the single-security-domain APIs: common, vetted architecture and APIs, increased market competition, and reduced vendor lock-in and switching costs.

This specification contains the following sections that software architects and implementers might find useful:

1.1 Design Goals and Rationale

This section is non-normative.

The Verifiable Credentials API is optimized towards the following design goals:

Goal Description
Modularity Implementers need only implement the APIs that are required for their use case enabling modularity between Issuing, Verifying, and Presenting.
Simplicity The number of APIs and optionality are kept to a minimum to ensure that they are easy to implement and audit from a security standpoint.
Composability The APIs are designed to be composable such that complex flows are possible using a small number of simple API primitives.
Extensibility Extensions to API endpoints are expected and catered to in the API design enabling experimentation and the addition of value-added services on top of the base API platform.

1.1.1 Design Guidelines

A RESTful API approach was used as a basis for the specification. Some endpoints use what is referred to as the 'controller' resource naming style. JSON Schema: A Media Type for Describing JSON Documents is used to define the acceptable inputs to the APIs.

1.2 Architecture Overview

This section is non-normative.

The Verifiable Credentials Data Model defines three fundamental roles, the Issuer, the Verifier, and the Holder.

Diagram showing the verifiable credential roles of Issuer, Holder, and Verifier
Figure 1 The roles defined by the Verifiable Credentials Data Model specification.

Actors fulfilling each of these roles may use a number of software or service components to realize the VC API for exchanging Verifiable Credentials.

Each role associates with a role-specific Coordinator, Service, and Admin as well as their own dedicated Storage Service. In addition, the Issuer may also manage a Status Service for revocable credentials issued by the Issuer.

VC API Components of Coordinators, Services, and Admin for Issuers, Verifiers, and Holders
Figure 2 VC API Components. Arrows indicate initiation of flows.

Any given VC API implementation may choose to combine any or all of these components into a single functional application. The boundaries and interfaces between these components are defined in this specification to ensure interoperability and substitutability across the Verifiable Credential conformant ecosystem.

In addition to aggregating components into a single app, implementers may choose to operationalize any given role over any number active instances of deployed software. For example, a browser-based Holder Coordinator should be considered as an amalgam of a web browser, various code running in that browser, one or more web servers (in the case of cross-origin AJAX or remote embedded content), and the code running on that server. Each of those elements runs as different software packages in different configurations, each executing just part of the overall functionality of the component. For the sake of the VC API, each component satisfies all of its required functionality as a whole, regardless of deployment architecture.

We define these components as follows:

1.2.1 Coordinators

Issuer Coordinator • Verifier Coordinator • Holder Coordinator

Coordinators execute the business rules and policies set by the associated role. Often this is a custom or proprietary Coordinator developed specifically for a single party acting in that role, it is the integration glue that connects the controlling party to the VC ecosystem.

Coordinators may or may not provide a visual user interface, depending on the implementation. Pure command-line or continuously running services may also be able to realize this component.

With the exception of the Status Service, all role-to-role communication is between Coordinators acting on behalf of its particular actor to fulfill its role.

The Issuer Coordinator executes the rules about who gets what credentials, including how the parties creating or receiving those credentials are authenticated and authorized. Typically the Issuer Coordinator integrates the Issuer's back-end system with the Issuer service. This integration uses whatever technologies are Appropriate; the interfaces between the Issuer App and back-end services are out of scope for the VC-API. The Issuer Coordinator drives the Issuer service.

The Verifier Coordinator communicates with a Verifier service to first check authenticity and timeliness of a given VC or VP, then Applies the Verifier's business rules before ultimately accepting or rejecting that VC or VP. Such business rules may include evaluating the Issuer of a particular claim or simply checking a configured allow-list. The Verifier App exposes an API for submitting VCs to the Verifier per the Verifier's policies. For example, the Verifier Coordinator may only accept VCs from current users of the Verifier's other services. These rules typically require bespoke integration with the Verifier's existing back-end.

The Holder Coordinator executes the business rules for Approving the flow of credentials under the control of the Holder, from Issuers to Verifiers. In several deployments this means exposing a user interface that gives individual Holders a visual way to authorize or Approve VC storage or transfer. Some functionality of the Holder Coordinator is commonly referred to as a wallet. In the VC API, the Holder Coordinator initiates all flows. They request VCs from Issuers. They decide if, and when, to share those VCs with Verifiers. Within the VC API, there is no way for either the Issuer or the Verifier to initiate a VC transfer. In many scenarios, the Holder Coordinator is expected to be under the control of an individual human, ensuring a person is directly involved in the communication of VCs, even if only at the step of authorizing the transfer. However, many VCs are about organizations, not individuals. How individuals using Holder Coordinators related to organizations, and in particular, how organizational credentials are securely shared with, and presented by, (legal) agents of those organizations is not yet specified as in scope for the VC API.

1.2.2 Services

Issuer Service • Verifier Service • Holder Service

Services provide generic VC API functionality, driven by its associated App. Designed to enable infrastructure providers to offer VC capability through Software-as-a-Service. All services expose network endpoints to their authorized Coordinators, which are themselves operating on behalf of the associated role. Although deployed services MAY provide their own HTML interfaces, such interfaces are out of scope for the VC API. Only the network endpoints of services are defined herein.

The Issuer Service takes requests to issue VCs from authorized Issuer Coordinators and returns well-formed, signed Verifiable Credentials. This service MUST have access to private keys (or key services which utilize private keys) in order to create the proofs for those VCs. The API between the Issuer service and its associated key service is believed to be out of scope for the VC API, but may be addressed by WebKMS or similar specifications.

The Verifier service takes requests to verify Verifiable Credentials and Verifiable Presentations and returns the result of checking their proofs and status (if present). The service only checks the authenticity and timeliness of the VC; leaving the Verifier Coordinator to finish Applying any business rules needed.

The Holder service takes requests to create Verifiable Presentations from an optional set of VCs and returns well-formed, signed Verifiable Presentations containing those VCs. These VPs are used with Issuers to demonstrate control over DIDs prior to issuance and with Verifiers to present specific VCs.

1.2.3 Status Service

The Status Service provides a privacy-preserving means for publishing and checking the status of any Verifiable Credentials issued by the Issuer. Implementers of verifier services are encouraged to understand the privacy implications of checking status by referring to the respective status specification used by the verifiable credential.

For specific mechanisms by which to manage Verifiable Credential statuses, it's recommended to refer to external well known specifications, such as the [VC-BITSTRING-STATUS-LIST].

1.2.4 Storage Services

Storage Service (Issuer) •Storage Service (Verifier) • Storage Service (Holder)

Each actor in the system is expected to store their own verifiable credentials, as needed. Several known implementations use secure data storage such as encrypted data vaults for storing the Holder's VCs and use cryptographic authorizations to grant access to those VCs to Verifier Coordinators, as directed by the Holder. In-browser retrieval of such stored credentials can enable web-based Verifier Coordinators to integrate data from the Holder without sharing that data with the Verifier—the data is only ever present in the browser. Authorizing third-party remote access to Holder storage is likely in-scope for the VC API, although we expect this to be defined using extensible mechanisms to support a variety of storage and authorization approaches.

The Issuer and Verifier storage solutions may or may not use secure data storage. Since all such storage interaction is moderated by the bespoke Issuer and Storage Coordinators, any necessary integrations can simply be part of that bespoke customization. We expect different implementations to compete on the ease of integration into various back-end storage platforms.

1.2.5 Workflow Service

The Workflow Service provides a way for coordinators to automate specific interactions for specific users. Each role (Holder, Issuer, and Verifier) can run their own Workflow Service to create and manage exchanges that realize particular workflows. Administrators configure the workflow system to support particular flows. Then, when the business rules justify it, coordinators create exchanges at their Workflow Service and give authorized access to those exchanges to any party.

1.2.6 Admin

Issuer Admin • Holder Admin • Verifier Admin

The Admin component is an acknowledgement that each of the other components need a way to be configured and managed, without prescribing the interfaces or means of that configuration. Some components may use JSON files to drive a semi-automated Issuer. Others might expose HTML pages. We expect different Coordinators and Services to compete on the power, ease, and flexibility of their administration and therefore, as of this writing, we anticipate Admin functionality to be out of scope for the VC API. However, we actually believe that to the extent we can standardize configuration setting across implementations, the more substitutable each component.

1.2.7 Summary

Based on this architectural thinking, we may want to frame the VC API as a roadmap of related specifications, integrated in an extensible way for maximum substitutability. Several technologies, such as EDVs and WebKMSs would likely benefit from the crypto suite Approach taken for VC proofs. Defining a generic mechanism that can be realized by any functionally conformant technology enables flexibility while laying the groundwork with current existing functionality. In this way, we may be able to acknowledge that elements like Key Services, Storage, and Status are necessary parts of the VC API while deferring the definition of how those elements work to specification already in development as well as those yet to be written.

1.3 Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY, MUST, MUST NOT, OPTIONAL, RECOMMENDED, SHOULD, and SHOULD NOT in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

A conforming VC API client is ...

A conforming VC API server is ...

2. Terminology

This section is non-normative.

The following terms are used to describe concepts in this specification.

claim
An assertion made about a subject.
credential
A set of one or more claims made by an issuer. The claims in a credential can be about different subjects.

Our definition of credential differs from, NIST's definitions of credential.

data minimization
The act of limiting the amount of shared data strictly to the minimum necessary to successfully accomplish a task or goal.
decentralized identifier
A portable URL-based identifier, also known as a DID, associated with an entity. These identifiers are most often used in a verifiable credential and are associated with subjects such that a verifiable credential itself can be easily ported from one credential repository to another without the need to reissue the credential. An example of a DID is did:example:123456abcdef.
decentralized identifier document
Also referred to as a DID document, this is a document that is accessible using a verifiable data registry and contains information related to a specific decentralized identifier, such as the associated credential repository and public key information.
default graph
The graph containing all claims that are not explicitly part of a named graph.
derived predicate
A verifiable, boolean assertion about the value of another attribute in a verifiable credential. These are useful in zero-knowledge-proof-style verifiable presentations because they can limit information disclosure. For example, if a verifiable credential contains an attribute for expressing a specific height in centimeters, a derived predicate might reference the height attribute in the verifiable credential demonstrating that the issuer attests to a height value meeting the minimum height requirement, without actually disclosing the specific height value. For example, the subject is taller than 150 centimeters.
digital signature
A mathematical scheme for demonstrating the authenticity of a digital message.
entity
Anything that can be referenced in statements as an abstract or concrete noun. Entities include but are not limited to people, organizations, physical things, documents, abstract concepts, fictional characters, and arbitrary text. Any entity might perform roles in the ecosystem, if it is capable of doing so. Note that some entities fundamentally cannot take actions, e.g., the string "abc" cannot issue credentials.
graph
A set of claims, forming a network of information composed of subjects and their relationship to other subjects or data. Each claim is part of a graph; this is either explicit in the case of named graphs, or implicit for the default graph.
holder
A role an entity might perform by possessing one or more verifiable credentials and generating verifiable presentations from them. A holder is often, but not always, a subject of the verifiable credentials they are holding. Holders store their credentials in credential repositories.
identity
The means for keeping track of entities across contexts. Digital identities enable tracking and customization of entity interactions across digital contexts, typically using identifiers and attributes. Unintended distribution or use of identity information can compromise privacy. Collection and use of such information should follow the principle of data minimization.
identity provider
An identity provider, sometimes abbreviated as IdP, is a system for creating, maintaining, and managing identity information for holders, while providing authentication services to relying party applications within a federation or distributed network. In this case the holder is always the subject. Even if the verifiable credentials are bearer credentials, it is assumed the verifiable credentials remain with the subject, and if they are not, they were stolen by an attacker. This specification does not use this term unless comparing or mapping the concepts in this document to other specifications. This specification decouples the identity provider concept into two distinct concepts: the issuer and the holder.
issuer
A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder.
named graph
A graph associated with specific properties, such as verifiableCredential. These properties result in separate graphs that contain all claims defined in the corresponding JSON objects.
presentation
Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific verifier.
credential repository
A program, such as a storage vault or personal verifiable credential wallet, that stores and protects access to holders' verifiable credentials.
selective disclosure
The ability of a holder to make fine-grained decisions about what information to share.
subject
A thing about which claims are made.
user agent
A program, such as a browser or other Web client, that mediates the communication between holders, issuers, and verifiers.
validation
The assurance that a claim from a specific issuer satisfies the business requirements of a verifier for a particular use. This specification defines how verifiers verify verifiable credentials and verifiable presentations.
It also specifies that verifiers validate claims in verifiable credentials before relying on them. However, the means for such validation vary widely and are outside the scope of this specification. It is expected that verifiers will trust certain issuers for certain claims and apply their own rules to determine which claims in which credentials are suitable for use by their systems.
verifiable credential
A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified.
verifiable data registry
A role a system might perform by mediating the creation and verification of identifiers, keys, and other relevant data, such as verifiable credential schemas, revocation registries, issuer public keys, and so on, which might be required to use verifiable credentials. Some configurations might require correlatable identifiers for subjects. Some registries, such as ones for UUIDs and public keys, might just act as namespaces for identifiers.
verifiable presentation
A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Certain types of verifiable presentations might contain data that is synthesized from, but do not contain, the original verifiable credentials (for example, zero-knowledge proofs).
verification
The evaluation of whether a verifiable credential or verifiable presentation is an authentic and current statement of the issuer or presenter, respectively. This includes checking that: the credential (or presentation) conforms to the specification; the proof method is satisfied; and, if present, the status check succeeds. Verification of a credential does not imply evaluation of the truth of claims encoded in the credential.
verifier
A role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Other specifications might refer to this concept as a relying party.
verification material
Information that could be a cryptographic public key or any other data used to verify a proof.
URL
A Uniform Resource Locator, as defined by [URL]. URLs can be dereferenced such that they result in a resource, such as a document. The rules for dereferencing, or fetching, a URL are defined by the URL scheme. This specification does not use the term URI or IRI because those terms have been deemed to be confusing to Web developers.

3. The VC API

3.1 Base URL

There are no restrictions put on the base URL location of the implementation. The URL paths used throughout this specification are shown as absolute paths and their base URL MAY be the host name of the server (e.g., example.com), a subdomain (e.g., api.example.com), or a path within that host (e.g., example.com/api).

3.2 Authorization

The VC API can be deployed in a variety of networking environments which might contain hostile actors. As a result, conforming VC API servers require conforming VC API clients to utilize secure authorization technologies when performing certain types of requests. Each HTTP endpoint defined in this document specifies whether or not authorization is required when performing a request. With the exception of the class of forbidden authorization protocols discussed later in this section, the VC API is agnostic regarding authorization mechanism.

The VC API is meant to be generic and useful in many scenarios that require the issuance, possession, presentation, and/or verification of Verifiable Credentials. To this end, implementers are advised to consider the following classifications of use cases:

The rest of this section gives examples of the authorization technologies that have been contemplated for use by conforming implementations. Other equivalent authorization technologies can be used. Implementers are cautioned against using non-standard or legacy authorization technologies.

3.2.1 Forbidden Authorization

Requests to the VC API MUST NOT utilize any authorization protocol that includes long-lived static credentials such as usernames and passwords or similar values in those requests. An example of such a forbidden protocol is HTTP Basic Authentication [RFC7617].

3.2.2 OAuth 2.0

If the OAuth 2.0 Authorization Framework [RFC6749] is utilized for authorization, the access tokens utilized by clients MAY be OAuth 2.0 Bearer Tokens [RFC6750] or any other valid OAuth 2.0 token type. Any valid OAuth 2.0 grant type MAY be used to request the access tokens. However, OAuth 2.0 MUST be implemented in the following way:

OAuth2 tokens for this purpose have an audience of the particular issuer instance, e.g., origin/issuers/zc612332f3.

The scopes are generalized to read/write actions on particular endpoints:

  • read:/ would allow reading on any API on a particular instance.
  • write:/ would allow writing on any API on a particular instance.

write:/credentials/issue would only allow writing to that particular API.

Other authorization mechanisms that support delegation might be defined in the future.

3.3 Service Instances

The APIs defined in this specification presume that they are attached to a specific instance with an associated configuration that has been put in place by a system administrator. When a client calls an endpoint on a particular instance, the instance uses the configuration and options provided by the client to execute the action.

For example, the /credentials/issue endpoint can be provided at the end of a longer URL such as /instances/12345/credentials/issue. In this case, it is the instance that is configured to know which cryptographic key to use for issuance, whether or not a status list is involved, the type of credential to issue, the credential format, and what additional options are possible on the endpoint.

Software clients that call a particular instance might not have the capability to configure an instance, or be aware of the setup that the administrator did on the instance other than the requisite details to make appropriate use of it. Administration endpoints for configuring instances could be provided by implementations but are not necessarily exposed as HTTP APIs; configuration can also be done through configuration files or graphical interfaces.

Note: A coordinator can use multiple service instances

A coordinator instance can have access to multiple service instances in order to support different use cases or a use case with complex flows. Runtime discovery of service instance configuration is not supported by the VC API as services are expected to be known by the coordinator at the time of coordinator deployment.

3.4 Options

Some of the endpoints defined in the following sections accept an options object. All properties of the options object are OPTIONAL when configuring each instance, as these properties are intended to meet per-deployment needs that might vary. Thus, any given instance configuration MAY prohibit client use of some options properties in order to prevent clients from passing certain data to that instance. Likewise, an instance configuration MAY require that clients include some options properties.

3.4.1 Options Extensibility

Implementations MAY extend an options object with additional properties.

As extension properties are implementation specific, they ought not be mandatory. This is to maintain interoperability by avoiding clients needing to be modified to use a specific implementation.

When adding an extension options property, consider whether providing optionality to clients is necessary. If not, using instance configuration to vary API functionality might be a preferable approach.

3.5 Content Serialization

All entity bodies in requests and responses sent to or received from the API endpoints defined by this specification MUST be serialized as JSON and include the Content-Type header with a media type value of application/json.

3.6 Handling Unknown Options and Data

Many of the endpoints defined in the following sections receive data and options in request bodies.

Implementations MUST throw an error if an endpoint receives data, options, or option values that it does not understand or know how to process.

3.6.1 Payload Sizes

Implementers are encouraged to pay attention to the payload sizes of the Verifiable Credentials that their implementations process.

Presentations can bundle a large volume of credentials, which can result in a higher request size than anticipated by implementers. This raises the risk of interoperability issues.

A default maximum size of 10MB per Verifiable Credential is RECOMMENDED as an interoperability baseline, with the possibility of configuring a larger size if required. This also accommodates the 16MB size limit of most document-based database storage solutions.

By default, large binary values are expected to be linked to and a hash included (unless there is a privacy reason for not doing so).

3.7 API Component Overview

This section gives an overview of all endpoints in the VC-API by the component the endpoint is expected be callable from. If a component does not have a listing below it means the VC-API does not currently specify any endpoints for that component.

3.7.1 Issuer Coordinator

Below are all endpoints expected to be exposed by the Issuer Coordinator, along with the component that is expected to call the endpoint

3.7.2 Issuer Service

Below are all endpoints expected to be exposed by the Issuer Service, along with the component that is expected to call the endpoint

3.7.3 Status Service

Below are all endpoints expected to be exposed by the Status Service, along with the component that is expected to call the endpoint

3.7.4 Verification Service

Below are all endpoints expected to be exposed by the Verification Service, along with the component that is expected to call the endpoint

3.7.5 Holder Service

Below are all endpoints expected to be exposed by the Holder Service, along with the component that is expected to call the endpoint

3.7.6 Workflow Service

Below are all endpoints expected to be exposed by the Workflow Service, along with the component that is expected to call the endpoint

3.8 Issuing

The following APIs are defined for issuing a Verifiable Credential:

3.8.1 Issue Credential

This endpoint is used to issue a verifiable credential.

Note: Issued credential media types

To issue credentials with a media type other than application/vc — such as application/mdoc, application/vc+sd-jwt, application/vcb;barcode-format=qr_code, or application/vcb;barcode-format=pdf417 — an EnvelopedVerifiableCredential can be returned in the response.

If a use case requires an issuer instance to attach multiple proofs to the provided credential, the instance MUST attach all of these proofs in response to a single call to the /credentials/issue endpoint.

If a provided credential already contains one or more proofs, the behavior is determined by the issuer instance configuration. An issuing instance SHOULD be configured to handle existing proofs in one of the following ways:

  • Proof Sets: Append new proofs to the list of existing proofs provided by the caller, first converting any existing single proof to a list, if necessary. Here there is no binding to any existing proofs; the new proofs exist in parallel with those previously provided by the caller.
  • Proof Chains: Append new proofs to create or extend an existing proof chain. Here proofs are linked in a specific sequence, using the previousProof property to establish the chain relationship.
  • Error Handling: Return an error if credential values that contain existing proof values are provided, when the instance is configured to only accept credentials without existing proofs.

The specific approach used depends on the issuer instance configuration and the intended use case for the verifiable credential.

3.8.2 Get a Specific Credential

3.8.3 Update Status

3.9 Verifying

The following APIs are defined for verifying a Verifiable Credential:

3.9.1 Verify Credential

This endpoint is used to verify a verifiable credential.

Note: Verify credential media types

To verify credentials with a media type other than application/vc, such as application/mdoc, application/vc+sd-jwt, application/vcb;barcode-format=qr_code, or application/vcb;barcode-format=pdf417 — an EnvelopedVerifiableCredential can be provided in the request.

3.9.2 Verify Presentation

3.9.3 Create Challenge

The instance should create a challenge for use during verification, and track the number of times the challenge has been passed to verification endpoints as options.challenge.

3.10 Presenting

The following APIs are defined for presenting a Verifiable Credential:

The URL path values exchange-id and transaction-id are meaningful to the server but are opaque to the client. While some server implementations might use values that happen to be human-readable, clients are strongly advised to not assign semantics to any human-readable values.

3.10.1 Derive Credential

3.10.2 Create Presentation

Note: Presentation media types

An EnvelopedVerifiablePresentation can be returned in the response in order to create presentations with a media type other than application/vp, such as application/vp+jwt.

3.10.3 Exchange Discovery

Discovery is an optional call for the Holder Coordinator to ensure the Holder Coordinator can support the exchange protocol requirements before calling the endpoint. Coordinators SHOULD support the exchange discovery endpoint.

3.10.4 Get Presentations

3.10.5 Get a Specific Presentation

3.11 Workflows and Exchanges

A VC API workflow defines a particular set of steps for exchanging verifiable credentials between two parties across a trust boundary. Each step can involve the issuance, verification, transmission, and/or presentation of verifiable credentials. Examples of VC API workflows include, but are not limited to:

Workflow instances are expected to be created by administrators, for use with, for example, coordinator websites. A workflow instance is created by performing an HTTP POST to the workflow service's /workflows endpoint. The HTTP request body includes the configuration for the workflow instance. This includes, but is not limited to, information about the steps that define the workflow and any credential templates that will be used to issue verifiable credentials. The steps that define the workflow might also be templates, enabling additional flexibility. If a workflow involves the issuance of verifiable credentials, or the verification of presentations or credentials, then the workflow instance configuration can include authorization capabilities to use one or more VC API issuer and/or verification services.

Once a workflow instance exists, authorization to create and query particular workflow interactions, called VC API exchanges, can be given to coordinators.

A VC API exchange represents a particular interaction based on a given VC API workflow. The interaction will take place between an exchange client and the workflow service. Exchanges are expected to be transitory, only existing as long as the interaction takes to complete. The workflow service stores state information about each exchange, such as whether the exchange is pending, active, or complete, as well as the current step in the workflow, any workflow-specific variables and data, and any verifiable presentations and credentials received while the exchange executes. While there is no technical limitation on the number of steps in a workflow, implementers might want to use a default maximum number of steps to prevent bugs.

An issuer, verifier, or holder coordinator is responsible for creating exchanges. The coordinator creates an exchange by performing an HTTP POST to the /exchanges subpath of a chosen workflow, on the workflow service. The HTTP request body includes an expiration date and time for the exchange and any variables to be used to populate the workflow's templates for the particular exchange. The request body can also include configuration options to enable the exchange to be executed using additional protocols beyond VC API. Once the exchange is created, an exchange URL that identifies the exchange and enables interaction with it is returned to the coordinator.

The exchange URL is given to the exchange client so that it can initiate the exchange. Note that while the exchange URL is given to the coordinator to then provide it to the exchange client, the actual exchange is performed between the exchange client and the workflow service; the coordinator is not involved after providing the exchange URL to the exchange client. To be clear: a coordinator can still use its own exchange client for any use case that requires it to execute the exchange itself.

Initiating the exchange does not require any authorization beyond the exchange URL. Depending on the workflow service implementation, exchange URLs can also be capability URLs (i.e., the URL is an unguessable secret such that only whomever is given the URL can initiate the exchange). If the workflow that the exchange is based on requires any additional authorization beyond the possession of the exchange URL, this is to be obtained during the exchange, not at its initiation.

The exchange URL can also be used by the coordinator to query the current state of the exchange as it progresses and to obtain information associated with the exchange that the workflow service has stored. Querying the exchange in this way requires additional authorization that the coordinator is expected to have and that the exchange client is not.

How the exchange URL is transmitted from a coordinator to an exchange client is out of scope for this specification. Known mechanisms for sharing the exchange URL with the client include the Credential Handler API (aka CHAPI), a QR code, or a universal link.

VC API exchanges are designed to be executable using other protocols in addition to the VC API exchange protocol; for example, an exchange could potentially be executable with any of the OID4VCI, OID4VP, DIDComm, and VC API exchange protocols. The protocols supported depend on the complexity of the workflow the exchange is based on, and the options provided by the coordinator when the exchange was created.

The exchange client is expected to initiate the exchange using a protocol that is compatible with how the client received the exchange URL. For example, the exchange URL could have been provided over CHAPI with a protocol identifier indicating that the VC API protocol ought to be used. Alternatively, the exchange URL could be included as the "credential_issuer" in an OID4VCI credential offer, or as the "client_id" of an OID4VP authorization request, indicating that OID4VCI or OID4VP, respectively, ought to be used. This section focuses on how an exchange client uses VC API to interact with the exchange; see Appendix TBD to see how to combine VC API exchanges with other protocols such as OID4VCI, OID4VP, and DIDComm.

Exchanges that are executed using the VC API protocol involve messages sent as request and response bodies over HTTP. Each message consists of a simple JSON object that includes zero or more of the following properties and values:

Custom properties and values might also be included, but are expected to trigger errors in implementations that do not recognize them.

To initiate an exchange using the VC API protocol, an exchange client performs an HTTP POST sending a JSON object as the request body. In the simplest case, when the client has no constraints of its own on the exchange — i.e., it has nothing to request from the other party — the JSON object is empty ({}). The workflow service responds with its own JSON object in the response body.

If that response object is empty, the exchange is complete and nothing is requested from nor offered to the exchange client. If the object includes verifiablePresentationRequest, then the exchange is not yet complete and some additional information is requested, as specified by the contents of the associated verifiable presentation request. If the object includes verifiablePresentation, then some information is offered, such as verifiable credentials issued to the holder operating the exchange client or verifiable credentials with information about the exchange server's operator based on the exchange client's request. If the object includes redirectUrl, the exchange is complete and the workflow service recommends that the client proceed to another place to continue the interaction in another form.

Many verifiable credential use cases can be implemented using these basic primitives. Either party to an exchange is capable of requesting verifiable presentations and of providing one or more verifiable credentials that might be necessary to establish trust and/or gain authorization capabilities, and either party is capable of presenting credentials that they hold or that they have issued. Specific workflows can be configured to expect specific presentations and credentials and to reject deviations from the expected flow of information. When a workflow service determines that a particular message is not acceptable, it raises an error by responding with a 4xx HTTP status message and a JSON object that expresses information about the error.

The VC API exchange design approach is layered: it aims to provide a minimal communication message layer and a set of primitives that enable most use cases to be implemented via specific verifiable presentation requests and verifiable credentials at a layer above. See the appendices that follow for examples of workflows and exchanges that use specific verifiable presentation requests and verifiable credentials.

These examples will be added later.

A given interaction with a VC API exchange is expected to be short-lived but other mechanisms can be used to enable longer or multi-stage interactions. Examples of other interaction mechanisms include SMS, email, web notifications, or phone calls. This approach simplifies digital wallet implementation and allows existing mechanisms to be reused without reinvention within the VC API. The Web or native platforms are expected to enable additional interactions via applications (such as Web browsers) or other platform features. For example, in asynchronous issuance, a holder requests a credential but waits for processing. In such cases, VC API components (such as an issuer coordinator) make use of mechanisms outside the VC API to notify the holder when their credential is ready for collection.

The following APIs are defined for using workflows and exchanges for credential use cases that require crossing trust boundaries:

In the workflows and exchanges APIs, a "local" ID refers to an ID that is local to a service instance. In other words, an exchangeId or workflowId refers to a fully qualified URL, while a localExchangeId or localWorkflowId refers to a specific element in the URL path.

3.11.1 Create Workflow

3.11.2 Get Workflow Configuration

There is an expires property associated with exchanges, denoting the expiration date and time of the exchange. It is created using the /workflows/{localWorkflowId}/exchanges endpoint. This impacts the lifetime of challenges associated with such an exchange: if a challenge is bound to an exchange, that challenge ceases to be valid at the date referenced by the expires property of the exchange.

3.11.3 Create Exchange

3.11.4 Participate in an Exchange

3.11.5 Get Exchange State

3.11.6 Exchange Examples

The APIs in this specification enables unmediated (automated, machine-to-machine) or mediated (person in the loop) exchanges to be executed. These exchanges are initiated by a Holder Coordinator and responded to by any Coordinator that implements exchanges. The flows consist of the following steps:

  1. The Holder Coordinator contacts the receiving Coordinator to request the initiation of a particular exchange.
  2. The receiving Coordinator responds with a presentation request of some kind to authenticate and/or authorize the Holder Coordinator and provides the next hop in the exchange as a URL.
  3. The Holder Coordinator responds to the receiving Coordinator with a Verifiable Presentation containing information that will satisfy the presentation request.
  4. The receiving Coordinator responds with a Verifiable Presentation with the newly issued Verifiable Credentials or a further presentation request as expressed in step 2 above.

The Holder Coordinator MAY call the Coordinator's exchange discovery endpoint to determine if the Holder Coordinator supports the Coordinator's protocol requirements on a particular endpoint, before actually initiating the exchange.

A diagram of the steps outlined above is presented below:

Issuer/Verifier CoordinatorHolder Coordinator (Wallet)HolderIssuer/Verifier CoordinatorHolder Coordinator (Wallet)HolderStart exchangePOST /workflows/123/exchanges/abc — HTTP request to start exchange (e.g., send credentials, get credentials)VPR includes method of interaction, for purposes of exchangePOST /workflows/123/exchanges/abc — sent via interaction mechanism to meet requirements of exchangeVP includes result of exchange (e.g., VCs), or VPR with new interaction request, or error descriptionInitiate1Verifiable Presentation Request (VPR)2Verifiable Presentation (VP)3Verifiable Presentation4
Figure 3 A standard exchange between a Holder and an Issuer/Verifier.
Note

The general exchange above can be performed in a way that is fully automated, mediated by a person, or in a hybrid fashion where portions are automated but interaction by a person is required at certain stages. The second step above is used to provide guidance on whether the next step is automated or requires an individual to intervene.

3.12 Initiating Interactions

It is useful for an implementation to communicate how to start interacting with it to another implementation. This bootstrapping process is called initiating an interaction, and communicates what protocols each implementation supports as well as how to start a particular interaction with the implementation.

Note: Interactions are application, use case, and protocol agnostic

While several interaction specifications reside in this document, the general approach is agnostic as to use case, application, and protocol. This approach can be used to pair two or more applications that desire to bootstrap into a particular protocol over any transmission medium — such as a web browser, QR Code (optical medium), or NFC (wireless medium) — where the protocol does not need to involve the VC API.

The sequence diagram below outlines an issuer generating an interaction URL, using a QR Code to share it with a holder, and proceeding with the vcapi protocol:

Issuer CoordinatorBrowserHolder Coordinator (Wallet)HolderIssuer CoordinatorBrowserHolder Coordinator (Wallet)Holderhttps://issuer.example/interactions/123?iuv=1GET https://issuer.example/interactions/123?iuv=1(VC API, OID4, NFC, Bluetooth, etc.)issuer.example is offering credentials, accept?opt["vcapi" protocol example]Click "Receive credential"1Request interaction QR Code2Generate QR Code3Display QR Code4Start scanning QR Code5Scan QR Code6Get available interaction protocols7Return interaction protocols8Select appropriate protocol9Initiate workflow exchange10Acquire consent to proceed11
Figure 4 An issuer-initiated interaction using a QR Code

The sequence diagram below outlines a verifier generating an interaction URL, using a QR Code to share it with a holder, and proceeding with the vcapi protocol:

Verifier CoordinatorBrowserHolder Coordinator (Wallet)HolderVerifier CoordinatorBrowserHolder Coordinator (Wallet)Holderhttps://verifier.example/interactions/123?iuv=1GET https://verifier.example/interactions/123?iuv=1(VC API, OID4, NFC, Bluetooth, etc.)verifier.example is requesting credentials, proceed?opt["vcapi" protocol example]Click "Share credential"1Request interaction QR Code2Generate QR Code3Display QR Code4Start scanning QR Code5Scan QR Code6Get available interaction protocols7Return interaction protocols8Acquire consent to proceed9Select appropriate protocol10Initiate workflow exchange11
Figure 5 A verifier-initiated interaction using a QR Code

The sequence diagram below outlines a holder generating an interaction URL, using a QR Code to share it with a verifier, and proceeding with the website protocol:

Verifier CoordinatorHolder Coordinator (Wallet)HolderVerifier CoordinatorHolder Coordinator (Wallet)HolderGET https://wallet.example/interactions/456?iuv=1(VC API, OID4, NFC, Bluetooth, etc.)"Open browser to verifier.example?"opt["website" protocol example]Tap "Share credential"1Generate Interaction URL2Display QR Code3Present QR Code4Scan QR Code and decode URL5Get available interaction protocols6Return interaction protocols7Select appropriate protocol8Transmit protocol selection and options9Request consent to proceed10Confirm consent to go to website11Go to website12
Figure 6 A holder-initiated interaction using a QR Code

3.12.1 Interaction URL Format

The format of the interaction URL MUST conform to the syntax for the URL Standard and contain an iuv query parameter encoding the interaction URL version number, which MUST be 1 when using this version of the VC API. The interaction URL SHOULD be an HTTPS URL that contains a transaction-specific interaction identifier. The URL SHOULD be opaque and require no URL syntax processing before it is fetched by the receiving system. An example of such a URL is shown below:

Example 1: An interaction URL 
https://app.example/interactions/z8n38Dp7a?iuv=1

3.12.2 Interaction QR Code Format

An interaction QR Code MUST be an interaction URL expressed as a QR code according to ISO18004:2024: QR Code Bar Code Symbology Specification. To ensure broad interoperability, the length of the interaction URL SHOULD be as short as possible, SHOULD NOT exceed 400 alphanumeric characters, and MUST NOT exceed 4,296 alphanumeric characters. An example of an interaction QR code can be found below:

A square image filled with black and white dots that is encoding a interaction URL
Figure 7 An interaction QR code for https://app.example/interactions/z8n38Dp7a?iuv=1

3.12.3 Interaction Protocols Response

Performing a retrieval of the interaction URL results in instructions on how to start an interaction with the remote system.

When the interaction URL is fetched using an Accept header of application/json, a single JSON object containing a protocols map MUST be returned where each key is a protocol identifier and each value is a URL that can be used to initiate the interaction. For example, performing an HTTP GET on the https://app.example/interactions/z8n38Dp7a?iuv=1 interaction URL might result in the following response:

Example 2: A list of protocols supported for a given interaction 
{
  "protocols": {
    "website": "https://app.example/redirects/z8j3kfk2lQ",
    "vcapi": "https://app.example/workflows/123/exchanges/987",
    "oid4vp": "openid4vp://?client_id=https%3A%2F%2Fapp.example%2Fworkflows%2F123%2Fexchanges%2F987%2Fopenid%2Fclient%2Fauthorization%2Fresponse&request_uri=https%3A%2F%2Fapp.example%2Fworkflows%2F123%2Fexchanges%2F987%2Fopenid%2Fclient%2Fauthorization%2Frequest'"
  }
}

When the interaction URL is fetched using any unrecognized Accept header, a text/html document MUST be returned with directions instructing a human being to use specific software that understands how to process interaction URLs.

Note: Mapping to exchange URLs

Some coordinator implementations will implement the protocols endpoint as a pass through to a protocols endpoint for an exchange instance. For example, a GET on https://app.example/interactions/z8n38Dp7a?iuv=1 will result in a pass-through GET on https://app.example/workflows/123/exchanges/987/protocols, which would return the response above. Implementing interaction URLs in this way can provide an easier implementation path.

3.12.4 website Interaction Protocol

The website interaction protocol is used by a local system to signal to the remote system that it would like to redirect the remote system to a specific URL, such as a website where an individual can engage in a use-case specific interaction. If the website interaction protocol is selected, the local system sends data using an HTTP POST to instruct the remote system where to send the individual. An example of the POST data is shown below:

Example 3: A website interaction protocol redirect request 
{
  "url": "https://website.example/transactions/8372974",
  "purpose": "Checkout at ShopCo",
  "referenceId": "417bcaf2-14d9-11f0-99d7-9f094678517b"
}

3.12.5 vcapi Interaction Protocol

The vcapi interaction protocol is used to initiate a specific exchange as described in Section 3.11.4 Participate in an Exchange.

Example 4: A VC-API interaction protocol request 
{
  "verifiablePresentationRequest": {
    "query": [{
      "type": "QueryByExample",
      "credentialQuery": [{
        "reason": "Please provide your student ID.",
        "example": {
          "@context": [
            "https://www.w3.org/ns/credentials/v2",
            "https://www.w3.org/ns/credentials/examples/v2",
          ],
          "type": "StudentIdCredential",
          "credentialSubject": {
            "studentId": ""
          },
        },
        "trustedIssuer": [{
          "issuer": "did:web:university.example"
        }]
      }]
    }],
    "challenge": "5e34826e-14da-11f0-98a5-8b1c0a196728",
    "domain": "university.example"
  }
}

3.13 Error Handling

When an implementation detects an anomaly while processing a document, a ProblemDetails object can be used to report the issue to other software systems. The interfaces for these objects follow [RFC9457] to encode the data. A ProblemDetails map consists of the following properties:

type
The type key MUST be present and its value MUST be a URL identifying the type of problem.
title
The title key SHOULD provide a short but specific human-readable string for the problem.
detail
The detail key SHOULD provide a longer human-readable string for the problem.

Leveraging keys such as detail, and instance is encouraged, to provide more contextual feedback about the error, while being conscious of security concerns and hence not disclosing sensitive information.

The following problem description types are defined by this specification:

https://www.w3.org/TR/vc-api#UNKNOWN_OPTION_PROVIDED
An option that is unknown to the implementation was provided to the API call.

Further lists of ProblemDetails that might be reported by implementations can be found in the following specifications:

Example 5: An example of a ProblemDetails object 
{
  "type": "https://www.w3.org/TR/vc-data-model#CRYPTOGRAPHIC_SECURITY_ERROR",
  "status": 400,
  "title": "CRYPTOGRAPHIC_SECURITY_ERROR",
  "detail": "The cryptographic security mechanism couldn't be verified. This is likely due to a malformed proof or an invalid verificationMethod."
}
Issue 1

The example type URLs above will work in the future after VCDM v2.0 becomes a global standard. To ensure the error links to the appropriate location, you can replace the base URL of https://www.w3.org/TR/vc-data-model with www.w3.org/TR/vc-data-model-2.0 for the time being.

Implementers are strongly advised to sanitize all server errors in production environments, as not doing so can lead to information disclosure.

It is recommended to avoid raising errors while performing verification, and instead gather ProblemDetails objects to include in the verification results.

3.13.1 Verification Errors vs. Warnings

This specification defines a distinction between a verification error and a verification warning. Errors are ProblemDetails relating to cryptography, data model, and malformed context and are unrecoverable. Warnings are ProblemDetails relating to status and validity periods and might be recoverable or leave the subsequent action to the discretion of the application.

If an error is included, the verified property of the VerificationResponse object MUST be set to false; if no errors are included, it MUST be set to true.

Example 6: An example verification response containing warnings and errors. 
{
  "verified": false,
  "document": verifiableCredential,
  "mediaType": "application/vc",
  "controller": issuer,
  "controllerDocument": didDocument,
  "warnings": [ProblemDetails],
  "errors": [ProblemDetails]
}

A. Privacy Considerations

A.1 Delegation

Verifiable credentials [VC-DATA-MODEL-2.0] are a standard data model designed to mitigate risks of misuse and fraud. As a data model, verifiable credentials are protocol-neutral and consider at least two types of entities: issuer and subject. When the subject of a verifiable credential is a natural person or linked to a natural person, privacy and human rights can be impacted by the vastly more efficient processing of standardized verifiable credentials as compared to their analog ancestors.

Technology, in the form of standardized APIs and protocols for issuing verifiable credentials, further enhances the efficiency of processing verifiable credentials and adds to the risks of unforeseen privacy and human rights consequences.

Verifiable credentials issuance has a request phase and a delivery phase. The request might be made by the subject or another role, and delivery can be to a client that might or might not be controlled by the subject. Delegation is highly relevant for both phases. The issuer might delegate processing of the request to a separate entity. The subject, for their part, might also delegate the ability to request a verifiable credential to a separate entity. Note that the subject might not always have the capability or ability to perform delegation. Examples include: a new born baby, a pet, and a person with dementia. So the request might be performed by a third party who was not delegated by the subject. The ability to delegate is a third dimension in the enhanced efficiency of processing verifiable credentials and has impact on privacy and human rights.

The architecture described in this specification is designed for market acceptance through a combination of efficiency and respect for privacy and human rights. APIs and protocols for processing verifiable credentials do not favor delegation by the issuer role over delegation by the subject role.

A.2 "Phoning Home" Considered Harmful

It is considered a bad privacy practice for a verifier to contact an issuer about a specific verifiable credential. This practice is known as "phoning home" and can result in a mismatch in privacy expectations between holders, issuers, verifiers, and other parties expressed in a verifiable credential. Phoning home enables issuers to correlate unsuspecting parties with the use of certain verifiable credentials which can violate privacy expectations that each entity might have regarding the use of those credentials. For example, what is expected by the holder to be a private interaction between them and the verifier becomes one where the issuer is notified of the interaction.

There are some interactions where contacting the issuer in a privacy-preserving manner upholds the privacy expectations of the holder. For example, contacting the issuer to get revocation status information in a privacy-respecting manner, such as through a status list that provides group privacy can be acceptable as long as the issuer is not able to single out which verifiable credential is being queried based on the retrieval of the status list. For more information on one such mechanism see the Bitstring Status List v1.0 specification.

Verifiers are urged to not "phone home" in ways that will create privacy violations. When retrieving content that is linked from a verifiable credential, using mechanisms such as Oblivious HTTP and aggressively caching results can improve the privacy characteristics of the ecosystem.

B. Security Considerations

B.1 Use of HTTPS for Interaction URLs

This specification strongly suggests the use of HTTPS for interaction URLs for the following reasons:

Using protocol schemes that are not rooted in the HTTPS trust model requires separate encryption protocol, key management, and trust models to be used, which are often less broadly developed and deployed and require much more development and analysis to determine the threat and privacy model.

B.2 Deletion

The APIs provided by this specification enable the deletion of verifiable credentials and verifiable presentations from storage services. The result of these deletions and the side-effects they might cause are out of scope for this specification. However, implementers are advised to understand the various ways deletion can be implemented. There are at least two types of deletion that are contemplated by this specification.

Partial deletion marks a record for deletion but continues to store some or all of the original information. This mode of operation can be useful if there are audit requirements for all credentials and/or presentations over a particular time period, or if recovering an original credential might be a useful feature to provide.

Complete deletion purges all information related to a given verifiable credential or verifiable presentation in a way that is unrecoverable. This mode of operation can be useful when removing information that is outdated and beyond the needs of any audit or when responding to any sort of "right to be forgotten" request.

When deleting a verifiable credential, handling of its status information needs to be considered. Some use cases might call for deletion of a particular verifiable credential to also set the revocation and suspension bits of that verifiable credential, such that any sort of status check for the deleted credential fails and use of the credential is halted.

Given the scenarios above, implementers are advised to allow the system actions that occur after a delete to be configurable, such that system flexibility is sufficient to address any verifiable credential use case.

B.3 Payload Sizes

Larger transactions can trigger DoS incidents. It's recommended to configure the payload size accepted by endpoints at an instance level.

B.4 Additional Validation

In most cases, simply verifying the proof might not be sufficient to properly handle the received data. Verifier services are expected to configure additional validation steps based on their use cases. To define such additional validations, implementers can refer to specifications such as Section 2.3: Resource Integrity and Section 2.4: Contexts and Vocabularies in the Verifiable Credential Data Integrity 1.0 specification where further information can be found about context handling and integrity verification.

Improper validation will often lead to security vulnerabilities.

Additional validation steps can be accounted for when returning a verification response object, through the problem details.

C. Acknowledgements

The Working Group thanks the following individuals for their contributions to this specification: The final list of acknowledgements will be compiled at the end of the Candidate Recommendation phase.

Portions of the work on this specification have been funded by the United States Department of Homeland Security's Silicon Valley Innovation Program under contracts 70RSAT20T00000003, 70RSAT20T00000010, 70RSAT20T00000029, 70RSAT20T00000031, 70RSAT20T00000033, and 70RSAT20T00000043. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred.

Development of this specification has also been supported by the W3C Credentials Community Group, chaired by Kim Hamilton Duffy, Heather Vescent, and Wayne Chang.

D. References

D.1 Normative references

[infra]
Infra Standard. Anne van Kesteren; Domenic Denicola. WHATWG. Living Standard. URL: https://infra.spec.whatwg.org/
[ISO18004]
ISO18004:2024: QR Code Bar Code Symbology Specification. ISO. Published. URL: https://www.iso.org/standard/83389.html
[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC6749]
The OAuth 2.0 Authorization Framework. D. Hardt, Ed. IETF. October 2012. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc6749
[RFC6750]
The OAuth 2.0 Authorization Framework: Bearer Token Usage. M. Jones; D. Hardt. IETF. October 2012. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc6750
[RFC7617]
The 'Basic' HTTP Authentication Scheme. J. Reschke. IETF. September 2015. Proposed Standard. URL: https://httpwg.org/specs/rfc7617.html
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174
[RFC9457]
Problem Details for HTTP APIs. M. Nottingham; E. Wilde; S. Dalal. IETF. July 2023. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc9457
[URL]
URL Standard. Anne van Kesteren. WHATWG. Living Standard. URL: https://url.spec.whatwg.org/
[VC-BITSTRING-STATUS-LIST]
Bitstring Status List v1.0. Manu Sporny; Dave Longley; Mahmoud Alkhraishi; Michael Prorock. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-bitstring-status-list/
[VC-DATA-INTEGRITY]
Verifiable Credential Data Integrity 1.0. Ivan Herman; Manu Sporny; Ted Thibodeau Jr; Dave Longley; Greg Bernstein. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-integrity/
[VC-DATA-MODEL-2.0]
Verifiable Credentials Data Model v2.0. Ivan Herman; Michael Jones; Manu Sporny; Ted Thibodeau Jr; Gabe Cohen. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model-2.0/

D.2 Informative references

[json-schema]
JSON Schema: A Media Type for Describing JSON Documents. Austin Wright; Henry Andrews; Ben Hutton; Greg Dennis. Internet Engineering Task Force (IETF). 10 June 2022. Internet-Draft. URL: https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema
[RFC9458]
Oblivious HTTP. M. Thomson; C. A. Wood. IETF. January 2024. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc9458