Digital Credentials

W3C Editor's Draft

More details about this document
This version:
https://w3c-fedid.github.io/digital-credentials/
Latest published version:
none
Latest editor's draft:
https://w3c-fedid.github.io/digital-credentials/
History:
Commit history
Editors:
Marcos Caceres ( Apple Inc. )
Tim Cappalli ( Okta )
Mohamed Amir Yosef ( Google Inc. )
Former editor:
Sam Goto ( Google Inc. ) - Until
Feedback:
GitHub w3c-fedid/digital-credentials ( pull requests , new issue , open issues )

Copyright © 2025 World Wide Web Consortium . W3C ® liability , trademark and permissive document license rules apply.

Abstract

This document specifies an API to enable user agents to mediate presentation and issuance of digital credentials such as a driver's license, government-issued identification card, and/or other types of digital credential . The API builds on Credential Management Level 1 as a means by which to request or issue a digital credential from a user agent or underlying platform.

Status of This Document

This is a preview

Do not attempt to implement this version of the specification. Do not reference this version as authoritative in any way. Instead, see https://w3c-fedid.github.io/digital-credentials/ for the Editor's draft.

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index at https://www.w3.org/TR/.

This is an unofficial proposal.

This document was published by the Federated Identity Working Group as an Editor's Draft.

Publication as an Editor's Draft does not imply endorsement by W3C and its Members.

This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the W3C Patent Policy . W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy .

This document is governed by the 03 November 2023 W3C Process Document .

1. Introduction

This document defines an API enabling a website to request presentation and issuance of a digital credential .

The API design is agnostic to both credential presentation exchange protocols , credential issuance protocols and credential formats. However, to promote interoperability this document includes a 13. Registry of protocols .

The API is designed to support the following goals:

Digital credentials of many types can be presented and issued using this API. Examples of these types include:

2. Model

Note : Definitions under discussion

The goal of the definitions in this section is to reuse or establish terminology that is common across a variety of digital credential formats and protocols. Discussions surrounding these definitions are active and the definitions are likely to change over the next several months.

Digital credential
A cryptographically signed digital document containing one or more claims made by an issuer about one or more subjects .
Note : Focus on digital credentials about people

This specification is currently focused on digital credentials pertaining to people.

Exchange protocol
A protocol used for exchanging a digital credential between a holder and a verifier . See section 13. Registry of protocols .
Issuance protocol
A protocol used for communication between an issuer and a holder during the issuance of a digital credential . See section 13. Registry of protocols .
Issuance request
An issuance request is a request to issue a digital credential composed of some issuance request data and an issuance protocol .
issuance request data
A data structure that an issuer or a user agent , via an issuance protocol , to request the issuance of a digital credential by an issuer .
Issuance response
A format that holder uses, via an issuance protocol , to respond to an issuance request by an issuer .
Presentation request
A presentation request is a request for a digital credential composed of request data and a exchange protocol .
Presentation response
A format that a holder's software, such as a digital wallet, uses, via an exchange protocol , to respond to a presentation request by a verifier .
request data
A format that verifier software or a user agent uses, via an exchange protocol , to request a digital credential from a holder .

3. Scope

The following items are within the scope of this specification:

The following items are out of scope:

4. Extensions to CredentialRequestOptions dictionary 

WebIDLpartial dictionary CredentialRequestOptions {
  DigitalCredentialRequestOptions digital;
};

4.1 The digital member

The digital member allows for options to configure the request for a digital credential .

5. The DigitalCredentialRequestOptions dictionary 

WebIDLdictionary DigitalCredentialRequestOptions {
  sequence<DigitalCredentialGetRequest> requests;
};

5.1 The requests member

The requests specify an exchange protocol and request data , which the user agent MAY match against a holder's software, such as a digital wallet.

6. The DigitalCredentialGetRequest dictionary

The DigitalCredentialGetRequest dictionary represents a presentation request . It is used to specify an exchange protocol and some request data , which the user agent MAY match against software used by a holder, such as a digital wallet. 

WebIDLdictionary DigitalCredentialGetRequest {
  required DOMString protocol;
  required object data;
};

6.1 The protocol member

The protocol member denotes the exchange protocol .

The protocol member's value can be one of the well-defined protocol identifiers defined in 13. Registry of protocols or a custom protocol identifier.

6.2 The data member

The data member is the request data to be handled by the holder's credential provider, such as a digital identity wallet.

7. Extensions to CredentialCreationOptions dictionary 

WebIDLpartial dictionary CredentialCreationOptions {
  DigitalCredentialCreationOptions digital;
};

7.1 The digital member

The digital member allows for options to configure the issuance of a digital credential .

8. The DigitalCredentialCreationOptions dictionary 

WebIDLdictionary DigitalCredentialCreationOptions {
  sequence<DigitalCredentialCreateRequest> requests;
};

8.1 The requests member

The requests specify an issuance protocol and request data , which the user agent MAY forward to a holder .

9. The DigitalCredentialCreateRequest dictionary

The DigitalCredentialCreateRequest dictionary represents an issuance request . It is used to specify an issuance protocol and some request data , to communicate the issuance request between the issuer and the holder. 

WebIDLdictionary DigitalCredentialCreateRequest {
  required DOMString protocol;
  required object data;
};

9.1 The protocol member

The protocol member denotes the issuance protocol .

The protocol member's value is be one of the well-defined keys defined in 13. Registry of protocols or any other custom one.

9.2 The data member

The data member is the request data to be handled by the holder's credential provider, such as a digital identity wallet.

10. The DigitalCredential interface

The DigitalCredential interface represents a conceptual digital credential .

User mediation is always " required ". Requesting a DigitalCredential credential does not support " conditional ", " optional ", or " silent " user mediation . If get () is called with anything other than " required ", a TypeError will be thrown. 

WebIDL[Exposed=Window, SecureContext]
interface DigitalCredential : Credential {
  readonly attribute DOMString protocol;
  [SameObject] readonly attribute object data;
};

DigitalCredential instances are origin bound .

10.1 The protocol member

The protocol member is the exchange protocol that was used to request the digital credential , or the issuance protocol that was used to issue the digital credential .

10.2 The data member

The data member is the credential's response data. It contains the subset of JSON-parseable object types.

11. Integration with Credential Management API

Issue 65 : Credential Management integration spec

The CM spec's Extensions points outlines the following things to do to integrate. Adding as a todo list:

This document provides a generic, high-level API that’s meant to be extended with specific types of credentials that serve specific authentication needs. Doing so is, hopefully, straightforward.

Define appropriate:

You might also find that new primitives are necessary. For instance, you might want to return many Credential objects rather than just one in some sort of complicated, multi-factor sign-in process. That might be accomplished in a generic fashion by adding a getAll() method to CredentialsContainer which returned a sequence<Credential> , and defining a reasonable mechanism for dealing with requesting credentials of distinct types .

For any such extension, we recommend getting in touch with [public-webappsec@](mailto:public-webappsec@w3.org) for consultation and review.

11.1 [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) internal method

When invoked, the [[DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors) internal method MUST :

  1. Let global be this 's relevant global object .
  2. Let document be global 's associated Document .
  3. If document is not a fully active descendant of a top-level traversable with user attention , throw " NotAllowedError " DOMException .
  4. If window does not have transient activation , throw " NotAllowedError " DOMException .
  5. Consume user activation of window .
  6. Let requests be options 's digital 's requests member.
  7. If requests is empty, throw a TypeError .
  8. Issue
  9. Return a DigitalCredential .

11.2 [[Store]](credential, sameOriginWithAncestors) internal method

When invoked, the [[Store]](credential, sameOriginWithAncestors) MUST call the default implementation of Credential 's [[Store]]( credential , sameOriginWithAncestors ) internal method with the same arguments.

11.3 [[Create]](origin, options, sameOriginWithAncestors) internal method

When invoked, the [[Create]](origin, options, sameOriginWithAncestors) internal method, if the user agent doesn't support issuance, call the default implementation of Credential 's [[Create]]( origin , options , sameOriginWithAncestors ) internal method with the same arguments. Otherwise:

  1. Let global be this 's relevant global object .
  2. Let document be global 's associated Document .
  3. If document is not a fully active descendant of a top-level traversable with user attention , throw " NotAllowedError " DOMException .
  4. If window does not have transient activation , throw " NotAllowedError " DOMException .
  5. Consume user activation of window .
  6. Let requests be options 's digital 's requests member.
  7. If requests is empty, throw a TypeError .
  8. Issue
  9. Return a newly constructed DigitalCredential with protocol initialized to the protocol that was used to issue this credential, and data initialized to an issuance response defined by that issuance protocol .

11.4 [[type]] internal slot

The DigitalCredential interface object has an internal slot named [[type]] whose value is "digital".

11.5 [[discovey]] internal slot

The DigitalCredential interface object has an internal slot named [[discovery]] whose value is "remote".

12. Permissions Policy integration

This specification defines a policy-controlled feature identified by the string "digital-credentials-get" . Its default allowlist is 'self' .

13. Registry of protocols

Initiating the registration a protocol is done by filing an issue in our GitHub repository.

The following is the registry of exchange protocols and issuance protocols that are supported by this specification.

Note : Official Registry

It is expected that this registry will be become a W3C registry in the future.

13.1 General inclusion criteria

Note

To be included in the registry, the exchange protocol :

  1. MUST be standardized at a consortium the W3C liaises with
  2. MUST be defined in a specification which is freely and publicly available at the stable URL listed in the registry.
  3. MUST define a representation, as either a [ WebIDL ] dictionary or a JSON object, of the exchange protocol request structure (i.e., the dictionary which defines the semantics and validation of the DigitalCredentialsProvider 's request member.
  4. MUST define a representation, as either a [ WebIDL ] dictionary or a JSON object, of the exchange protocol response structure (i.e., the dictionary which defines the semantics and validation of the DigitalCredential 's data member.
  5. MUST define validation rules for members of the request and response structures.
  6. MUST have undergone privacy review by the W3C 's Privacy Interest Group and Federated Identity Working Group .
    Note : Organizing reviews
  7. MUST have undergone security review by the Federated Identity Working Group .
  8. MUST have implementation commitment from at least one browser engine, one credential provider/wallet, and one issuer or verifier (depending on the protocol type). Each component MUST be from independent organizations.
  9. MUST have formally recorded consensus by the Federated Identity Working Group to be included in the registry.

13.1.1 Presentation-specific inclusion criteria

To be included as a presentation protocol in the registry (used with navigator.credentials.get ), the exchange protocol :

  1. MUST support response encryption.
  2. MUST encrypt any response containing personally identifiable information (PII).

13.2 Change process

To add a new exchange protocol to the registry, or to update an existing one:

Define a protocol identifier
The protocol identifier MUST be a unique string that is not already in use in the registry. Use only lowercase ASCII letters, digits, and hyphens (e.g., "protocol", "the-protocol"). The protocol identifier MUST uniquely define the set of required parameters and/or behavior that a digital credential provider implementation needs to support to successfully handle the request. If the set of required parameters or behaviors is updated in a way which would require a digital credential provider to also require an update to remain functional, a new protocol identifier MUST be assigned and be added to the registry.
Specify a protocol type
The protocol type is either "Presentation" for presentation protocols used with navigator.credentials.get or "Issuance" for issuance protocols used with navigator.credentials.create .
Describe the protocol
The description MUST be a brief summary of the protocol's purpose and use case.
Provide a link to the specification
The specification MUST be a stable URL that points to the authoritative source for the protocol, including validation rules.

User agents MUST support the following exchange protocols :

Table of officially registered exchange protocols .
Protocol identifier Type Specification
Coming soon...

14. Security Considerations

This section is non-normative.

Issue : Security Considerations section is a work in progress

This section is a work in progress as this document evolves.

The documents listed below outline initial security considerations for Digital Credentials, both broadly and for presentation on the web. Their contents will be integrated into this document gradually.

14.1 Credential Protocols

Issue : Work in progress

Explain that while the API provides security at the browser API level, that security for the underlying credential issuance or presentation protocol is a separate concern and that developers need to understand that layer of the stack to get a total picture of the protections that are in place during any given transaction.

14.2 Cross-device Protocols

Issue : Work in progress

Explain that cross-device issuance or presentation uses a separate protocol that has its own security characteristics.

14.3 Quishing

Issue : Work in progress

Explain that the API is designed to avoid the problem of quishing (phishing via QR Codes) and other QR Code and non-browser API-based attacks and to be aware of exposure of QR Codes during digital credential interactions.

14.4 Data Integrity

Issue : Work in progress

Explain that the API does not provide data integrity on the digital credential requests or responses and that responsibility is up to the underlying protocol used for the request or response.

14.5 Authentication

Issue : Work in progress

Explain that authentication (such as a PIN code to unlock) to a particular app, such as a digital wallet, that responds to an API request is crucial in high-risk use cases.

14.6 Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)

Issue : Work in progress

Explain what attacks are possible via XSS and CSRF, if any.

14.7 Session Security

Issue : Work in progress

Explain that once a secure session is established at a website using credentials exchanged over this API, that the subsequent security is no longer a function of the credential used or this API and is up to the session management utilized on the website.

15. Privacy Considerations

This section is non-normative.

Issue : Privacy Considerations section is a work in progress

This section is a work in progress as this document evolves.

The documents listed below outline various privacy considerations for Digital Credentials, both broadly and for presentation on the web. Their contents will be integrated into this document gradually.

15.1 Unnecessary Requests for Credentials

Issue : Work in progress

Explain how the API could be used to unnecessarily request digital credentials from individuals such as requesting a driver's license to log into a movie rating website and how the ecosystem can mitigate this risk.

15.2 Over Collection of Data

Issue : Work in progress

Explain how the API could be used to request more data than necessary for a transaction and how the ecosystem can mitigate that over collection.

15.4 Data Retention

Issue : Work in progress

Explain how verifiers might retain data and what the ecosystem does to mitigate excessive data retention policies.

15.5 Compliance with Privacy Regulations

Issue : Work in progress

Explain to what extent the API complies with known privacy regulations (e.g., consent) and what parts of those regulations are not possible to enforce via the API (e.g., retention).

15.6 Selective and Unlinkable Disclosure

Issue : Work in progress

Explain how selective disclosure and unlinkable disclosure help preserve privacy as well as their limitations in doing so.

15.7 Phoning Home

Issue : Work in progress

Explain how some systems might "phone home", the impact on privacy that might have, and what the ecosystem provides to mitigate the risk.

15.8 Transmission of Personally Identifiable Information

Issue : Work in progress

Explain that the API does enable the transmission of personally identifiable information and that it does its best to ensure there is informed consent by the individual, but that the consent might be provided due to exhaustion or not understanding what PII is being transmitted and how to mitigate those concerns.

16. Accessibility Considerations

This section is non-normative.

Issue : Work

User agents SHOULD mediate presentation and issuance requests in Progress This section is a work in progress as this document evolves. way that offers support for a wide range of user input methods, including input hardware like keyboards, pointing devices, touch screens, voice recognition, etc. Additionally, user agents SHOULD support accessible output methods during these requests to ensure that prompts for user consent during such requests can be meaningfully communicated to the widest range of end-users.

17. IDL Index

WebIDLpartial dictionary CredentialRequestOptions {
  DigitalCredentialRequestOptions digital;
};
dictionary DigitalCredentialRequestOptions {
  sequence<DigitalCredentialGetRequest> requests;
};
dictionary DigitalCredentialGetRequest {
  required DOMString protocol;
  required object data;
};
partial dictionary CredentialCreationOptions {
  DigitalCredentialCreationOptions digital;
};
dictionary DigitalCredentialCreationOptions {
  sequence<DigitalCredentialCreateRequest> requests;
};
dictionary DigitalCredentialCreateRequest {
  required DOMString protocol;
  required object data;
};
[Exposed=Window, SecureContext]
interface DigitalCredential : Credential {
  readonly attribute DOMString protocol;
  [SameObject] readonly attribute object data;
};

18. Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY and , MUST , and SHOULD in this document are to be interpreted as described in BCP 14 [ RFC2119 ] [ RFC8174 ] when, and only when, they appear in all capitals, as shown here.

A. References

A.1 Normative references

[credential-management-1]
Credential Management Level 1 . Nina Satragno; Marcos Caceres. W3C. 13 August 2024. W3C Working Draft. URL: https://www.w3.org/TR/credential-management-1/
[fetch]
Fetch Standard . Anne van Kesteren. WHATWG. Living Standard. URL: https://fetch.spec.whatwg.org/
[html]
HTML Standard . Anne van Kesteren; Domenic Denicola; Dominic Farolino; Ian Hickson; Philip Jägenstedt; Simon Pieters. WHATWG. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[infra]
Infra Standard . Anne van Kesteren; Domenic Denicola. WHATWG. Living Standard. URL: https://infra.spec.whatwg.org/
[permissions-policy]
Permissions Policy . Ian Clelland. W3C. 6 May 2025. W3C Working Draft. URL: https://www.w3.org/TR/permissions-policy-1/
[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels . S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words . B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174
[vc-data-model]
Verifiable Credentials Data Model v1.1 . Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; Kyle Den Hartog. W3C. 3 March 2022. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model/
[vc-data-model-2.0]
Verifiable Credentials Data Model v2.0 . Ivan Herman; Michael Jones; Manu Sporny; Ted Thibodeau Jr; Gabe Cohen. W3C. 20 March 2025. W3C Proposed Recommendation. URL: https://www.w3.org/TR/vc-data-model-2.0/
[WebIDL]
Web IDL Standard . Edgar Chen; Timothy Gu. WHATWG. Living Standard. URL: https://webidl.spec.whatwg.org/

A.2 Informative references

[permissions]
Permissions . Marcos Caceres; Mike Taylor. W3C. 20 December 2024. W3C Working Draft. URL: https://www.w3.org/TR/permissions/
[security-privacy-questionnaire]
Self-Review Questionnaire: Security and Privacy . Theresa O'Connor; Peter Snyder; Simone Onofri. W3C. 18 April 2025. W3C Working Group Note. URL: https://www.w3.org/TR/security-privacy-questionnaire/
[w3c-process]
W3C Process Document . Elika J. Etemad (fantasai); Florian Rivoal. W3C. 3 November 2023. URL: https://www.w3.org/policies/process/