Verifiable Credentials Overview

W3C Editor's Draft

More details about this document
This version:
https://w3c.github.io/vc-overview/
Latest published version:
https://www.w3.org/TR/vc-overview/
Latest editor's draft:
https://w3c.github.io/vc-overview/
History:
https://www.w3.org/standards/history/vc-overview/
Commit history
Editor:
Ivan Herman ( W3C )
Authors:
Greg Bernstein ( Invited Expert )
Daniel C. Burnett ( Invited Expert )
David Chadwick ( Crossword Cybersecurity PLC )
Gabe Cohen ( Invited Expert )
Michael B. Jones ( Invited Expert )
Dave Longley ( Digital Bazaar )
Manu Sporny ( Digital Bazaar )
Orie Steele ( Transmute )
Ted Thibodeau Jr ( OpenLink Software )
Brent Zundel ( mesur.io )
Feedback:
GitHub w3c/vc-overview ( pull requests , new issue , open issues )
public-vc-wg@w3.org with subject line [vc-overview] … message topic … ( archives )

Copyright © 2025 World Wide Web Consortium . W3C ® liability , trademark and permissive document license rules apply.

Abstract

Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. The family of W3C Recommendations for Verifiable Credentials, described in this overview document, provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.

Status of This Document

This is a preview

Do not attempt to implement this version of the specification. Do not reference this version as authoritative in any way. Instead, see https://w3c.github.io/vc-overview/ for the Editor's draft.

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index .

This document was published by the Verifiable Credentials Working Group as an Editor's Draft.

Publication as an Editor's Draft does not imply endorsement by W3C and its Members.

This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress.

This document was produced by a group operating under the W3C Patent Policy . W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent that the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy .

This document is governed by the 03 November 2023 W3C Process Document .

1. Introduction

This document provides a non-normative, high-level overview for W3C 's Verifiable Credential specifications and serves as a roadmap for the documents that define, describe, and secure these credentials. It is not the goal of this document to be very precise, nor does this overview cover all the details. The intention is to provide users, implementers, or anyone interested in the subject, a general understanding of the concepts and how the various specifications, published by the Verifiable Credentials Working Group, fit together.

1.1 High Level View of the Specifications

Figure 1 provides an overview of the main building blocks for Verifiable Credentials, including their (normative) dependencies. For more details, see the subsequent sections in this document.

The Verifiable Credentials Data Model v2.0  [ VC-DATA-MODEL-2.0 ] specification, which defines the core concepts that all other specifications depend on, plays a central role. The model is defined in abstract terms, and applications express their specific credentials using a serialization of the data model. The current specifications mostly use a JSON serialization; the community may develop other serializations in the future.

When Verifiable Credentials are serialized in JSON, it is important to trust that the structure of a Credential may be interpreted in a consistent manner by all participants in the verifiable credential ecosystem. The Verifiable Credentials JSON Schema Specification  [ VC-JSON-SCHEMA ] defines how [ JSON-SCHEMA ] can be used for that purpose.

Credentials can be secured using two different mechanisms: enveloping proofs or embedded proofs . In both cases, a Credential is cryptographically secured by a proof (for example, using digital signatures). In the enveloping case, the proof wraps around the Credential, whereas embedded proofs are included in the serialization, alongside the Credential itself.

A family of enveloping proofs is defined in the Securing Verifiable Credentials using JOSE and COSE  [ VC-JOSE-COSE ] document, relying on technologies defined by the IETF. Other types of enveloping proofs may be specified by the community.

The general structure for embedded proofs is defined in a separate Verifiable Credential Data Integrity 1.0  [ VC-DATA-INTEGRITY ] specification. The Working Group also specifies some instances of this general structure in the form of the "cryptosuites": Data Integrity EdDSA Cryptosuites v1.0  [ VC-DI-EDDSA ], Data Integrity ECDSA Cryptosuites v1.0  [ VC-DI-ECDSA ], and Data Integrity BBS Cryptosuites v1.0  [ VC-DI-BBS ]. Other cryptosuites may be specified by the community.

The Bitstring Status List v1.0  [ VC-BITSTRING-STATUS-LIST ] specification defines a privacy-preserving, space-efficient, and high-performance mechanism for publishing the status of a specific Verifiable Credential, such as its suspension or revocation, through the use of bitstrings.

Finally, the Controlled Identifiers v1.0  [ CID-1.0 ] specification defines some common terms (e.g., verification relationships and methods ) that are used not only by other Verifiable Credential specifications, but also other Recommendations such as Decentralized Identifiers (DIDs) v1.0  [ DID-CORE ].

Diagram illustrating the structure of the Verifiable Credential (VC) specifications, using boxes labeled with references to the specification. Arrows on the diagram connect some of the boxes to represent (normative) dependencies. The box labeled as the VC Data Model is at the top-center of the diagram. Additional component boxes — such as JSON Schema for structural checking; Bitstring Status List for publishing status information; and Controlled Identifiers for verification methods and relationships — are related to the VC Data Model. The box for securing mechanisms contain separate boxes for embedded proofs, on the left, and enveloping proofs, on the right. The box for embedded proofs contains a box labeled as Data Integrity, which depends both on the VC Data Model and on Controlled Identifiers, as well as boxes for the ECDSA, EdDSA, and BBS Cryptosuites, supporting different elliptic curves and signature schemes; all of these depend on Data Integrity, and the BBS Cryptosuites also depend on ECDSA. The enveloping proofs box contains a single box labeled as 'JOSE and COSE ... using JWS, SD-JWT, or CBOR'; as with Data Integrity, this depends both on the VC Data Model and on Controlled Identifiers.
Figure 1 Verifiable Credentials Working Group Recommendations
Note

As of May 2025, all but two of these documents have been published as W3C "Recommendations", which is the W3C terminology for Web Standards. The two exceptions are the Verifiable Credentials JSON Schema Specification and the Data Integrity BBS Cryptosuites v1.0 specifications; though technically complete, they are still "Candidate" Recommendations. The reasons are different. The former has not yet been implemented by at least two mutually independent implementations (which is the requirement to be published as standards) whereas the latter has to wait until the underlying cryptographic technique (i.e.,  The BBS Signature Scheme ) is finalized by the IETF. It is expected that these two documents will be published as Web Standards soon.

2. Ecosystem Overview

The Verifiable Credential specifications rely on an ecosystem consisting of entities playing different "roles". The main roles are:

Issuer
An entity that creates a Verifiable Credential, consisting of a series of statements related to its subject. An example is a university that issues credentials for university degrees or certificates for alumni.
Holder
An entity that possesses one or more Credentials, and that can transmit presentations of those Verifiable Credentials to third parties. An example may be the person who "holds" his/her own educational degrees. Another example may be a digital wallet that contains several Credentials on someone's behalf.
Verifier
An entity that performs verification on a Verifiable Credential to check the validity, consistency, etc., of a Credential. An example may be an employer's digital system that checks the validity of a university degree before deciding on the employment of a person.

For a more precise definition of these roles, as well as other roles, see the relevant section in the data model specification.

Diagram showing how credentials flow from issuer to holder, and presentations flow from holder to verifier, where all three parties can use information from a logical verifiable data registry.
Figure 2 The roles and information flows forming the basis for the VC Data Model.

3. Verifiable Credentials Data Model

3.1 Basic Concepts

3.1.1 Claims, Properties

A core concept is "claims": statements made about various entities, referred to as "subjects". Subjects may be a holder, an issuer, or a verifier as listed above, but may also any be another person (e.g., the person holding a university degree), an animal, an abstract concept, etc. Claims may also be on a Credential itself, such as issuance date, validity periods, etc. (Such claims are also loosely referred to as "credential metadata".)

Claims are expressed using "properties" referring to "values". Values may be literals, but may also be other entities referred to, usually, by a [ URL ]. It that case, that entity may become the subject of another claim; these claims, together, form a "graph" of claims that represents a Credential. (See Figure 6 for an example of such a graph represented graphically. For more complex examples, refer to the Verifiable Credentials Data Model v2.0 specification itself.)

Diagram showing an ellipse on the left labeled as 'Subject', connected by an arrow from left to right labeled as 'Property', to a box on the right labeled as 'Value'.
Figure 3 The basic structure of a claim with (in this case) a literal value.

The Verifiable Credentials Data Model v2.0 document specifies a number of standard properties. These include, for example, credentialSubject , type , issuer , or validFrom . Developers may define their own properties to express specific types of Credentials, like a driving license, a university degree, or a marriage certificate.

3.1.2 Verifiable Credentials

A Credential is a set of one or more claims made by the same entity. Credentials might also include an identifier and metadata to describe properties of the Credential, such as a reference to the issuer, the validity date, a representative image, the revocation mechanism, and so on. A Verifiable Credential is a set of claims and metadata that also includes verification mechanisms that cryptographically prove who issued it, ensures that the data has not been tampered with, etc.

For a more detailed description of abstract Verifiable Credentials, with examples, see the relevant section in the data model specification.

Diagram showing a lozenge labeled as 'Verifiable Credential' containing three vertically stacked lozenges, labeled as 'Credential Metadata', 'Claim(s)', and 'Proof(s)'.
Figure 4 Basic components of a Verifiable Credential.

3.1.3 Verifiable Presentations

Enhancing privacy is a key design feature of Verifiable Credentials. Therefore, it is important, for entities using this technology, to be able to express only the portions of their persona that are appropriate for a given situation. The expression of a subset of one's persona is called a Verifiable Presentation . Examples of different personas include a person's professional persona, their online gaming persona, their family persona, or an incognito persona.

A Verifiable Presentation is created by a holder, can express data stemming from multiple Verifiable Credentials, and can contain additional metadata in forms of additional claims. They are used to present claims to a verifier. It is also possible to present Verifiable Credential directly.

A Verifiable Presentation is usually short-lived, it is not meant to be stored for a longer period.

For a more detailed description of abstract Verifiable Presentations, with examples, see the relevant section in the data model specification.

Diagram showing a lozenge labeled as 'Verifiable Presentation' containing three vertically stacked lozenges, labeled as 'Presentation Metadata', 'Verifiable Credential(s)', and 'Proof(s)'.
Figure 5 Basic components of a verifiable presentation.

3.2 Serialization in JSON

In the [ VC-DATA-MODEL-2.0 ] specification, as in the other documents, Verifiable Credentials and Presentations are mostly expressed in JSON [ RFC7519 ], more specifically [ JSON-LD11 ]. In this serialization, properties of claims are represented as JSON names, and values as JSON literals or objects. Subjects of claims are either explicitly identified by an id property, or implicitly by appearing as an object of another claim.

Standard properties defined by the [ VC-DATA-MODEL-2.0 ] form a distinct set of JSON names, referred to as a (standard) vocabulary . An important characteristic of Verifiable Credentials in JSON-LD is that it favors a decentralized and permissionless approach to extend to a new application area through application-specific set of properties, i.e., vocabularies, distributed on the Web. Anyone can "publish" such a vocabulary, following some rules described in the extensibility section of the specification.

The following JSON-LD code is an example for a simple Credential. It states that the person named "Pat", identified by https://www.exampl.org/persons/pat , is an alumni of the Example University (identified by did:example:c276e12ec21ebfeb1f712ebc6f1 ). The Credential is valid from the 1st of January 2010, and is issued by an entity identified by did:example:2g55q912ec3476eba2l9812ecbfe . Most of the properties in the Credential are from the standard Verifiable Credentials vocabulary (identified by https://www.w3.org/ns/credentials/v2 ), but some terms (like alumniOf , AlumniCredential ) are added by the application-specific vocabulary referred to by https://www.w3.org/ns/credentials/examples/v2 .

Example 1 : A Simple Credential 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  }
}

Figure 6 shows the same Credential, but represented as a graph of claims, as described in 3.1.1 Claims, Properties .

Diagram showing an example of a Verifiable Credential. At top, there is an ellipse labeled 'https://university.example/Credential123 (Type: VerifiableCredential, ExampleAlumniCredential)'. This ellipse has two arrows going down. One arrow is nearer the right side of the ellipse, is labeled as 'validFrom', angles to the right, and terminates at a box labeled as '2010-01-01T00:00:00Z'. The second arrow is at the middle of the ellipse, is labeled as 'credentialSubject', and ends at an ellipse labeled as 'https://www.example.org/persons/pat'. This ellipse has two more arrows going down. One arrow is nearer the right side of the ellipse, is labeled as 'name', and angles to the right, terminating at a box labeled as 'Pat'. The second arrow is nearer the left side of the ellipse, labeled as 'alumniOf', and ends at another ellipse labeled as 'did:example:c276e12ec21ebfeb1f712ebc6f1'. This ellipse has a final arrow going down, which is labeled as 'name' and ends at a final box labeled as 'Example University'.
Figure 6 Credential in Example 1 represented as a collection of claims.
Note

The Credential in Example 1 is used throughout this document to show how to apply additional features defined by the various specifications.

The Credential in Example 1 , issued by Example University, is stored by a holder (who may be a person, a digital wallet, or any other entity). On request, the holder may "present" a Credential to a verifier, encapsulated in a Verifiable Presentation. This is how the result may look like in the JSON-LD serialization:

Example 2 : Presenting the Credential 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "type": "VerifiablePresentation",
  "id": "urn:uuid:313801ba-24b7-11ee-be02-ff560265cf9b",
  "holder": "did:example:12345678",
  "validUntil": "2020-12-31T00:00:00Z"

  "verifiableCredential": {
    "@context": [
      "https://www.w3.org/ns/credentials/v2",
      "https://www.w3.org/ns/credentials/examples/v2"
    ],

    "id": "https://university.example/Credential123",
    "type": ["VerifiableCredential", "ExampleAlumniCredential"],
    "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
    "validFrom": "2010-01-01T00:00:00Z",
    "validUntil": "2020-12-31T00:00:00Z",

    "credentialSubject": {
      "id": "https://www.example.org/persons/pat",
      "name": "Pat",
      "alumniOf": {
        "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
        "name": "Example University"
      }
    }
  }
}

Note that the holder could have presented several Credentials within the same presentation or create a new Credential by either combining it with others, or removing some claims as irrelevant for the specific context.

3.3 Checking Structure with JSON Schemas

A significant part of the integrity of a Verifiable Credential comes from the ability to structure its contents so that all three parties — issuer, holder, verifier — may have a consistent mechanism of trust in interpreting the data that they are provided with. One way of doing that is to use [ JSON-SCHEMA ] to check the structural validity of the Credential. The Verifiable Credentials JSON Schema Specification  [ VC-JSON-SCHEMA ] specification adds standard properties to express the association of a Credential with a JSON Schema.

Consider the following example:

Example 3 : A Simple Credential with a JSON Schema 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential-schema.json",
    "type": "JsonSchema"
  }
}

When dereferenced, the URL https://university.example/Credential-schema.json should return a JSON Schema, for example:

Example 4 : JSON Schema for the Simple Credential 
{
  "$id": "https://university.example/schemas/credential.json",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "ExampleAlumniCredential",
  "description": "Alumni Credential using JsonSchema",
  "type": "object",
  "properties": {
    "credentialSubject": {
      "type": "object",
      "properties": {
        "alumniOf": {
          "type": "string",
          "format": "url"
        }
      },
      "required": [
        "alumniOf"
      ]
    }
  }
}

Using this JSON Schema, a verifier can check whether the Credential is structurally valid or not.

For security reasons one may want to go a step further: check/verify the JSON Schema itself to see if, for example, it has been tempered with. This can be done by referring to the JSON Schema indirectly through a separate Verifiable Credential . The reference to such a Verifiable Credential looks very much like Example 3 except for the value of the type :

Example 5 : A Simple Credential with a JSON Schema Credential 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential-schema-credential",
    "type": "JsonSchemaCredential"
  }
}

In this case, when dereferenced, the URL https://university.example/Credential-schema-credential should return a Verifiable Credential, whose credentialSubject property refers to the required JSON Schema (i.e., https://university.example/Credential-schema.json ). See the example in the  Verifiable Credentials JSON Schema Specification specification for an example and for further details.

4. Securing Credentials

4.1 Enveloping Proofs

Enveloping proofs of Credentials, defined by this Working Group, are based on JSON Object Signing and Encryption ( JOSE ), CBOR Object Signing and Encryption (COSE) [ RFC9052 ], or Selective Disclosure for JWTs [ SD-JWT ]. These are all IETF specifications, or groups of specifications (like JOSE, that refers to JWT [ RFC7519 ], JWS [ RFC7515 ], or JWK [ RFC7517 ]). The Securing Verifiable Credentials using JOSE and COSE  [ VC-JOSE-COSE ] recommendation defines a "bridge" between these and the Verifiable Credentials Data Model v2.0 , specifying the suitable header claims, media types, etc.

In the case of JOSE, the Credential is the "payload" (to use the IETF terminology). This is preceded by a suitable header whose details are specified by the relevant section of the [ VC-JOSE-COSE ] specification. These are encoded, concatenated, and signed, to be transferred in a compact form by one entity to another (e.g., sent by the holder to the verifier). All the intricate details on signatures, encryption keys, etc., are defined by the IETF specifications; see Example 6 for a specific case.

The usage of COSE [ RFC9052 ] is similar to JOSE, except that all structures are represented in CBOR [ RFC8949 ]. From the Credentials point of view, however, the structure is similar insofar as the Credential (or the Presentation) is again the payload for COSE. The use of CBOR means that the final representation of the Verifiable Credential (or Presentation) can have a significantly reduced footprint which can be, for example, shown in a QR Code.

The [ SD-JWT ] is a variant of JOSE, which allows for the selective disclosure of individual claims. Claims can be selectively hidden or revealed to the verifier, but all claims are cryptographically protected against modification. This approach is obviously more complicated than the JOSE case but, from the Credentials point of view, the structure is again similar. The original Credential is the payload for SD-JWT; and it is the holder's responsibility to use the SD-JWT when presenting the Credential to a verifier using selective disclosure.

4.1.1 Example: the Core Example Secured with JOSE and COSE

Example 6 shows the Credential example shown in Example 1 , enriched with a reference to a JSON Schema in Example 3 . It is secured by two different enveloping proofs, namely JOSE and COSE.

Example 6 : A Simple Credential in JWT (unencoded) 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  }
}
Protected Headers 
{
  "kid": "ExHkBMW9fmbkvV266mRpuP2sUY_N_EWIN1lapUzO8ro",
  "alg": "ES256"
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  }
}
application/vc+jwt
eyJraWQiOiJFeEhrQk1XOWZtYmt2VjI2Nm1ScHVQMnNVWV9OX0VXSU4xbGFwVXpPOHJvIiwiYWxnIjoiRVMyNTYifQ . eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL3VuaXZlcnNpdHkuZXhhbXBsZS9DcmVkZW50aWFsMTIzIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjJnNTVxOTEyZWMzNDc2ZWJhMmw5ODEyZWNiZmUiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5vcmcvcGVyc29ucy9wYXQiLCJuYW1lIjoiUGF0IiwiYWx1bW5pT2YiOnsiaWQiOiJkaWQ6ZXhhbXBsZTpjMjc2ZTEyZWMyMWViZmViMWY3MTJlYmM2ZjEiLCJuYW1lIjoiRXhhbXBsZSBVbml2ZXJzaXR5In19LCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvQ3JlZGVudGlhbDEyMy1zY2hlbWEtY3JlZGVudGlhbCIsInR5cGUiOiJKc29uU2NoZW1hQ3JlZGVudGlhbCJ9fQ . 2jbU8oop_faPuN7L4S09HT47kwRE0hlal8DKg1c_AX6s9-A_SAgV1f0Hjuxvohqt8hXgGS7_GtCNRNuDPNu1_Q AuLp7aH4XhwUK4oLJyk0v0jRAS3D5NTKuGOWvtfRDt0TgU41lAMmzLQe0DaipWYnCgR6ZjYCfSJakrEuFCM9eg
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  }
}
application/cbor-diagnostic 
/ cose-sign1 / 18([
  / protected / << {
    / alg / 1 : -35 / ES384 /
  } >>,
  / unprotected / {
  },
  / payload / h'7b224063...6c227d7d',
  / signature / h'800ed625...99f829be'

  / signature / h'02ef5a01...667a0751'

])
application/vc+cose
d28444a1013822a05902417b2240636f6e74657874223a5b2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f7632222c2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f6578616d706c65732f7632225d2c226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c313233222c2274797065223a5b2256657269666961626c6543726564656e7469616c222c224578616d706c65416c756d6e6943726564656e7469616c225d2c22697373756572223a226469643a6578616d706c653a3267353571393132656333343736656261326c393831326563626665222c2276616c696446726f6d223a22323031302d30312d30315430303a30303a30305a222c2263726564656e7469616c5375626a656374223a7b226964223a2268747470733a2f2f7777772e6578616d706c652e6f72672f706572736f6e732f706174222c226e616d65223a22506174222c22616c756d6e694f66223a7b226964223a226469643a6578616d706c653a633237366531326563323165626665623166373132656263366631222c226e616d65223a224578616d706c6520556e6976657273697479227d7d2c2263726564656e7469616c536368656d61223a7b226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c3132332d736368656d612d63726564656e7469616c222c2274797065223a224a736f6e536368656d6143726564656e7469616c227d7d5840800ed625fcffbb8393f9a2a13196564ce87fc8dfb98c8e6f55f568a01a5986fdadc083dcebf3ee06723ed1951e956e643f45983363aedc7f71dd6b9499f829be d28444a1013822a05902417b2240636f6e74657874223a5b2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f7632222c2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f6578616d706c65732f7632225d2c226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c313233222c2274797065223a5b2256657269666961626c6543726564656e7469616c222c224578616d706c65416c756d6e6943726564656e7469616c225d2c22697373756572223a226469643a6578616d706c653a3267353571393132656333343736656261326c393831326563626665222c2276616c696446726f6d223a22323031302d30312d30315430303a30303a30305a222c2263726564656e7469616c5375626a656374223a7b226964223a2268747470733a2f2f7777772e6578616d706c652e6f72672f706572736f6e732f706174222c226e616d65223a22506174222c22616c756d6e694f66223a7b226964223a226469643a6578616d706c653a633237366531326563323165626665623166373132656263366631222c226e616d65223a224578616d706c6520556e6976657273697479227d7d2c2263726564656e7469616c536368656d61223a7b226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c3132332d736368656d612d63726564656e7469616c222c2274797065223a224a736f6e536368656d6143726564656e7469616c227d7d584002ef5a01267dc61850a2eb4b0d384f63f7a0d8bf8fab1f1ea891079dc00a64fdfe4ee5868b24a4d7fa04cf473922fe1c41e1166f9205655ee566e248667a0751

4.2 Embedded Proofs

4.2.1 Creation of Proofs in Data Integrity

The operation of Data Integrity is conceptually simple. To create a cryptographic proof, the following steps are performed: 1) Transformation, 2) Hashing, and 3) Proof Generation.

Simple flow diagram, with steps from left to right, labeled as 'Data', 'Transform Data', 'Hash Data', 'Generate Proof', and 'Data with Proof'.
Figure 7 View of the proof generation steps.
  1. Transformation is a process described by a transformation algorithm that takes input data and prepares it for the hashing process. In the case of data serialized in JSON this transformation includes the removal of all the artifacts that do not influence the semantics of the data, such as spaces, new lines, the order of JSON names, etc. (a step often referred to as canonicalization ). In some cases the transformation may be more involved.
  2. Hashing is a process described by a hashing algorithm that calculates an identifier for the transformed data using a cryptographic hash function . Typically, the size of the resulting hash is smaller than the data, which makes it more suitable for complex cryptographic functions like digital signatures.
  3. Proof Generation is a process described by a proof method that calculates a value that protects the integrity of the input data from modification or otherwise proves a certain desired threshold of trust. A typical example is the application of a cryptographic signature using asymmetric keys, generating the signature of the data.

Verification of a proof involves repeating the same transformation and hashing steps on the verifier's side and, depending on the proof method, validating the newly calculated hash value with the proof associated with the data. In the case of a digital signature, this means verifying, using the cryptographic algorithms associated with the asymmetric keys, that the proof value indeed signs the newly calculated hash.

4.2.2 Data Integrity of Credentials

The Verifiable Credential Data Integrity 1.0  [ VC-DATA-INTEGRITY ] specification starts with the general structure and defines a set of standard properties describing the details of the proof generation process. The specific details (i.e., the transformation, hash, and/or proof method algorithms) are defined by separate cryptosuites . The Working Group has defined a number of such cryptosuites as separate specifications, see 4.2.3 Cryptosuites below.

The core property, in the general structure, is called proof . This property embeds a claim in the Credential, referring to a separate collection of claims (referred to as a Proof Graph ) detailing all the claims about the proof itself:

Example 7 : Skeleton of a proof added to a Credential 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "proof": {
    "type": "DataIntegrityProof",
    …
    // All the details about the proof
    …
    "proofValue": "zQeVb…Wx"
  }
}

Note the proofValue property, whose object is the result of the proof generation process.

Note

The proof value is for illustrative purposes only, and does not reflect the result of real cryptographic calculations.

The definition of proof introduces a number of additional properties. Some of these are metadata properties on the proof itself, like created , expires , or domain . Others provide the necessary details on the proof generation process itself, like cryptosuite , nonce (if needed), or verificationMethod that usually refers to cryptographic keys. The exact format of the public keys, when used for Credentials, is defined in the [ CID-1.0 ] specification, and is based on either the JWK [ RFC7517 ] format or a Multibase encoding of the keys, called Multikey . Details of the key values are defined by other communities (IETF, cryptography groups, etc.) and are dependent on the specific cryptographic functions they operate with.

It is possible to embed several proofs for the same Credential. These may be a set of independent proofs (based, for example, on different cryptosuites, to accommodate to the specificities of different verifiers), but may also be a "chain" of proofs that must be evaluated in a given order.

A proof may also specify its "purpose" via the proofPurpose property: different proofs may be provided for authentication, for assertion, or for key agreement protocols. These details are also defined in the [ CID-1.0 ] specification. The verifier is supposed to choose the right proof depending on the purpose of its own operations, which is yet another possible reasons why the holder or the issuer may provide several proofs for the same Credential.

4.2.3 Cryptosuites

The Working Group has published three cryptosuite documents: Data Integrity EdDSA Cryptosuites v1.0  [ VC-DI-EDDSA ], Data Integrity ECDSA Cryptosuites v1.0  [ VC-DI-ECDSA ], and Data Integrity BBS Cryptosuites v1.0  [ VC-DI-BBS ]. As their name suggests, the documents rely on existing cryptographic signature schemes: the Edwards-Curve Digital Signature Algorithm (EdDSA) specification [ RFC8032 ], the Elliptic Curve Digital Signature Algorithm (ECDSA) specification [ FIPS-186-5 ], and the BBS Signature Scheme [ CFRG-BBS-SIGNATURE ], respectively.

Figure 8 provides an overall view of the six cryptosuites defined by the three recommendations. They all implement the general pipeline of proof generation as described in section 4.2.1 . As shown on the figure, one axis of differentiation is the data transformation function, i.e., the canonicalization of the JSON serialization: two cryptosuites use JSON Canonicalization (JCS) [ RFC8785 ], while the other four use RDF Dataset Canonicalization (RDFC-1.0) [ RDF-CANON ]. The other axis is whether the cryptosuite provides selective disclosure, which is the case for two of the six cryptosuites.

The image is a flowchart showing the categorization of various cryptographic suites and their respective canonicalization methods. The chart branches from an initial box labeled 'Cryptosuites', to three main cryptosuite documents: 'EdDSA (based on Edwards curves)', 'ECDSA (based on ECDSA curves)', and 'BBS (based on BBS schemes)'. The EdDSA suite further divides into two specific cryptosuites: 'eddsa-rdfc-2022 (using RDFC-1.0 for canonicalization)' and 'eddsa-jcs-2022 (using JCS for canonicalization)'. The ECDSA suite branches into three specific cryptosuites: 'ecdsa-rdfc-2019 (using RDFC-1.0 or canonicalization)', 'ecdsa-jcs-2019 (using JCS canonicalization)', and 'ecdsa-sd-2023 (using RDFC-1.0 for canonicalization and providing selective disclosure schemes)'. The BBS suite splits into one method: 'bbs-2023 (using RDFC-1.0 for canonicalization and providing selective disclosure schemes)'. There is an additional dotted lozenge, labeled 'Selective disclosure schemes', which contains the 'ecdsa-sd-2023' and 'bbs-2023' documents.
Figure 8 Overall view of cryptosuites.
Note

A common characteristic of all these cryptosuites is that keys must always be encoded using the Multikey encoding. For the ECDSA case the keys may also carry the choice of the hash functions to be used by the proof generation algorithm. This provides yet another differentiation axis among cryptosuites.

Note

Applications may define their own cryptosuites by applying different transformation and/or cryptographic signature schemes in similar patterns. For example, it would be possible to define a cryptosuite using the SM2 algorithm [ RFC9563 ] instead of, say, EdDSA.

4.2.3.1 Full Disclosure Schemes

The two EdDSA cryptosuites, as well as ecdsa-rdfc-2019 and ecdsa-jcs-2019 , follow a simple version of the proof generation pipeline as described in section 4.2.1 : the Credential is canonicalized (using either JCS or RDFC-1.0) and the result is hashed (using the hash functions as defined by the signature key). The calculation of the hash values depend on the canonicalization method: in the JCS case the canonical JSON data is hashed directly, whereas in the RDFC-1.0 case the individual canonicalized claims are first sorted and then concatenated before being hashed.

However, before signing the hash values, there is an extra twist: the same pipeline is also used on a set of claims called proof options , i.e., all the claims of the proof graph except proofValue . This set of claims is also canonicalized and hashed, following the same process as for the Credential itself, yielding a second hash value. It is the concatenation of these two values that is signed by EdDSA or ECDSA, respectively, producing the value for the proofValue property. By doing so, the various proof metadata, as well as the public key reference itself, are also signed and become verifiable.

4.2.3.2 Selective Disclosure Schemes

The ecdsa-sd-2023 and bbs-2023 cryptosuites provide selective disclosures of individual claims. In both cases, the process separates the base proof (calculated by the issuer for the holder), and the derived proof (which is typically calculated by the holder when selectively presenting credential claims to the verifier).

To calculate the base proof, the Credential is supplemented with extra information that separates the mandatory and non-mandatory claims. Using that information, the issuer's transformation step in section 4.2.1 produces a data structure containing the hash of the proof options (much like in the case of the full disclosure schemes) and of the set of mandatory claims, plus the identification of mandatory claims. Some elements of this data structure are then signed, the resulting structure is converted into CBOR, and encoded to provide as a multibase-encoded proofValue .

The derived proof is generated by the holder upon a request containing JSON pointers [ RFC6901 ] identifying the claims to be disclosed. To answer the request the information in the proofValue is used to create a reveal document , i.e., a new Credential containing the mandatory claims and the requested non-mandatory claims. Finally, the holder generates a derived proof for this reveal document, which is sent to the verifier.

The verifier should able to test the proof of the reveal document without having access to the original data and its (base) proof. With ecdsa-sd-2023 , each non-mandatory claim is signed separately by the issuer using a common, ephemeral ECDSA secret key, whose public counterpart is part of the both the base and derived proof values. That can be used to check the disclosed non-mandatory claims. The bbs-2023 cryptosuite relies on the cryptographic properties of the BBS scheme itself, which support the creation of proofs for the verification of selectively disclosed data. This is based on the mathematical nature of the BBS scheme: the BBS signature of all the claims (generated by the issuer and part of the base proof) can be reused by the holder to generate a BBS Proof of the subset of the claims (which is part of the derived proof). The BBS specific verification step ensures the required trust.

It is worth noting that the bbs-2023 cryptosuite also offers a number of additional, privacy preserving options; see the sections on anonymous holder biding , pseudonyms with issuer-known id , or pseudonyms with hidden id in the Data Integrity BBS Cryptosuites v1.0 specification.

4.2.4 Example: the Core Example Secured with EdDSA and ECDSA

Example 8 shows the Credential example, shown in Example 1 and enriched with a reference to a JSON Schema in Example 3 . It is secured by two different embedded proofs, using the ecdsa-rdfc-2019 and eddsa-rdfc-2022 cryptosuites.

Example 8 : EdDSA and ECDSA proofs added to a Credential 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  }
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "created": "2025-08-17T08:44:36Z",
    "verificationMethod": "did:key:zDnaeYrCSB1SQvdxnYenA38fSATfSVPq444rjfXJ
RCR8hVnKT",

    "verificationMethod": "did:key:zDnaeyo5K4gzKZVTvEBAyd9a42geWbketVaF2ZUZ
xYLAeJyYT",

    "cryptosuite": "ecdsa-rdfc-2019",
    "proofPurpose": "assertionMethod",
    "proofValue": "z3T8nwW8uKw1hkMxjCQJNVeshA6KvvM98GwmQSuDNMjnnxgCU4iqWrFe
5sX3GZJi6c12hKRutH7o9a19GRw2y3e11"

    "proofValue": "z58rrjeKLdHbxKbZ7qHYkA9imSvW7zAz1WyAtznVWmMVa6FFNuVDtK9V
fueDGZpAv9oyzzuHW4B2A6ocu9ZHfwHnw"

  }
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "created": "2025-08-17T08:44:36Z",
    "verificationMethod": "did:key:z6MkksFxpNedEo4ksC6ksLHmq33yfhSKgYHFYsuX
1yG9JdN7",

    "verificationMethod": "did:key:z6MknnfYo9AR5VyD3pzFkeVv52gK3VZKpZk8jxAp
UpLC8koS",

    "cryptosuite": "eddsa-rdfc-2022",
    "proofPurpose": "assertionMethod",
    "proofValue": "z4kzSes5csnhmnRHoB5vcqhEwsmbQE3r6KZ9WZyUhD3UAL67nexzwBD4
UAbVn7hLEtb8ft5So2kfa2zSMyfXoJRkX"

    "proofValue": "z4rKH4pNgqZf1p9FmEXbv8eWxdkyqFmVHpkSPdeYZ7FjWJHnXpoemjuv
eKVqE4HHxvBSkm96YP37b7eAQ8waHVjEi"

  }
}

When dereferenced, the URL value of the verificationMethod property should return a public key in Multikey format. For example:

Example 9 : An ECDSA public key 
{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/multikey/v1"
  ],
  "id": "did:example:2g55q912ec3476eba2l9812ecbfe#ecdsa-public-key",
  "type": "Multikey",
  "controller": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "publicKeyMultibase": "z42twTcNeSYcnqg1FLuSFs2bsGH3ZqbRHFmvS9XMsYhjxvHN"
}

Note that the value of the verificationMethod property may have been the public key itself, instead of a reference to a separate resource containing the key.

5. Bitstring Status List

It is often useful for an issuer of Verifiable Credentials to link to a location where a verifier can check whether a credential has been suspended or revoked. This additional resource is referred to as a "status list".

The simplest approach for a status list, where there is a one-to-one mapping between a Verifiable Credential and a URL where the status is published, raises privacy as well as performance issues. In order to meet privacy expectations, it is useful to bundle the status of large sets of credentials into a single list to help with group privacy. However, doing so can place an impossible burden on both the server and client if the status information is as much as a few hundred bytes in size per credential across a population of hundreds of millions of holders. The Bitstring Status List v1.0  [ VC-BITSTRING-STATUS-LIST ] specification defines a highly compressible, highly space-efficient bitstring-based status list mechanism.

Conceptually, a bitstring status list is a sequence of bits. When a single bit specifies a status, such as "revoked" or "suspended", then that status is expected to be true when the bit is set and false when unset. One of the benefits of using a bitstring is that it is a highly compressible data format since, in the average case, large numbers of credentials will remain unrevoked. If compressed using run-length compression techniques such as GZIP [ RFC1952 ] the result is a significantly smaller set of data: the default status list size is 131,072 entries, equivalent to 16 KB of single bit values and, when only a handful of verifiable credentials are revoked, GZIP compresses the bitstring down to a few hundred bytes.

This diagram shows a horizontal series of adjacent boxes: on the left, there are 14 boxes, and on the right, 3 boxes, with these two groups connected by four dot characters. The groups of boxes are annotated on the right by the text '16KB'. All boxes are filled with one color (green), except for those in the 5th and 10th positions, that are filled with a different color (red). These two red boxes are labeled as 'Revoked Credentials'. All of these elements are annotated, beneath, by the remark 'ZLIB Compression' and '135 bytes', with a small icon representing computer data.
Figure 9 A visual depiction of the concepts outlined in this section.

The specification introduces the credentialStatus property, as well as some additional sub-properties, that should be used to add this additional information to a Verifiable Credential.

Example 10 shows the example from Example 8 , combined with the information on the credential status: the purpose of that status information, the reference to the bitstring, and the index into this bitstring for the enclosing credential:

Example 10 : Verifiable Credential with a Reference to a Status List 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusList"
  }
}

The statusListCredential property, when dereferenced, should return a separate Credential for the status list. The status list itself is the subject of that Credential (which, of course, can also be signed). An example is:

Example 11 : A Credential for a Bitstring Status List 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2"
  ],
  "id": "https://university.example/CredentialStatusList",
  "type": ["VerifiableCredential", "BitstringStatusListCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe"",
  "validFrom": "2005-01-01T00:00:00",
  "credentialSubject": {
    "id": "https://university.example/statuslist#list",
    "type": "BitstringStatusList",
    "statusPurpose": "revocation",
    "encodedList": "uH4sIAAAAAAAAA-3BMQEAAADCoPVPbQwfoAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA"
  }
}

The core property in this case is encodedList , which is a base64url encoded version of the GZIP compressed bitstring status list.

6. Additional Publications

6.1 Working Group Notes

The VC Working Group has also published, and maintains, a few additional documents in the form of Working Group Notes. Although these are not formal standards, they represent consensus among the Working Group Participants. These documents are:

Verifiable Credentials Use Cases
The use cases outlined in this document were, and are, instrumental in making progress toward standardization and interoperation of both low– and high–stake claims, with the goals of storing, transmitting, and receiving digitally verifiable proof of attributes such as qualifications and achievements. The use cases focus on concrete scenarios that the technology defined by the group aims to address (including for future revisions).
Verifiable Credentials Implementation Guidelines 1.0
This document provides implementation guidance for Verifiable Credentials.
Verifiable Credential Extensions
This document serves as an unofficial list of all known Verifiable Credential specifications whether they are released by a global standards setting organization, a community group, an open source project, or an individual.

6.2 Standard Vocabularies

As explained in the introductory sections, the specifications define a number of standard vocabularies , i.e., standard sets of properties used as JSON names. These are used by Verifiable Credentials to ensure interoperability. Although the formal specifications of these terms are provided by the respective specifications, the vocabularies are also published as separates documents. This is done for an easier reference and overview, and these documents are also important if Credentials are used by applications based on RDF [ RDF11-CONCEPTS ]. These vocabulary documents are:

Verifiable Credentials Vocabulary v2.0
Definition of property names defined, primarily, by the VC Data Model specification, with some terms defined by the VC JSON Schema specification.
Security Vocabulary
Property name definitions in the VC Data Integrity and the Controlled Identifiers specifications.
Bitstring Status List Vocabulary
Property name definitions in the Bitstring Status List specification.

A. The complete example

Example 12 shows the Credential example used throughout this document, enriched with a reference to a JSON Schema and to the status information. It is secured via different securing mechanisms defined for Verifiable Credentials.

Example 12 : Verifiable Credential with a Reference to a Credential Schema and to a Status List 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": ["VerifiableCredential", "ExampleAlumniCredential"],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusList"
  }
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusLis
t"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "created": "2025-08-17T08:44:36Z",
    "verificationMethod": "did:key:zDnaeYrCSB1SQvdxnYenA38fSATfSVPq444rjfXJ
RCR8hVnKT",

    "verificationMethod": "did:key:zDnaeyo5K4gzKZVTvEBAyd9a42geWbketVaF2ZUZ
xYLAeJyYT",

    "cryptosuite": "ecdsa-rdfc-2019",
    "proofPurpose": "assertionMethod",
    "proofValue": "z5vtwu2V7yYfVLNfBWg4hsBTaZLGoXeC5ZrxuDAZBsDo9vik6Dua1kuu
Bd6L6M6EwpVGE1opXwEVmKNtP58J5csAA"

    "proofValue": "z3Fzuwf2RnpZecmmifsv4DMvTNHiPb7qSStQbJiKJaeYmgehP5cBzRb1
bGS3RJGbZ3yWk5rbkZKZzmf4GdvsFypyf"

  }
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusLis
t"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "created": "2025-08-17T08:44:36Z",
    "verificationMethod": "did:key:z6MkksFxpNedEo4ksC6ksLHmq33yfhSKgYHFYsuX
1yG9JdN7",

    "verificationMethod": "did:key:z6MknnfYo9AR5VyD3pzFkeVv52gK3VZKpZk8jxAp
UpLC8koS",

    "cryptosuite": "eddsa-rdfc-2022",
    "proofPurpose": "assertionMethod",
    "proofValue": "z2BMZBvRrxVazLAvDe7xaZQWoKMrnW4ZVbBMzwHbvcV7ccbDbfqiSFzt
x5EDYJyr32mLq4SFR9h1aJrTVm2kMaJP"

    "proofValue": "zjaWRdEv5XnxZpwuohByb8vs7ZcgaZiwqJrFaJijTcSAThiUX5mhC749
6U46gV4wESXL18b4Lj5iCRFKmnV4SAgP"

  }
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusLis
t"
  },
  "proof": {
    "type": "DataIntegrityProof",
    "verificationMethod": "did:key:zUC73Fiquuba49to5M3AdH3SfAL3nJpSME4etXvV
ZMAeMieCnLi1xn2U1beA7jBgNrcgUVmEU7LjTgWpifvmKWz3B1kWcUHZNrF89tEnfmBHQiT81id
QbvVeuW1v3XSfHcFVvxu",

    "verificationMethod": "did:key:zUC7CtJVQmS4aR7nQwLhTxkapZk5yPaveLwucCrv
y4bG6G4UYxpZ36nVgcgg7u6mwchkuTjPDVXG3DEHVsmRC11GdfSm7mLYyuupxuxmEksKCnCN8SC
Grmva2f6PLBZa1rrKS4P",

    "cryptosuite": "bbs-2023",
    "proofPurpose": "assertionMethod",
    "proofValue": "u2V0ChVhQmF1GV7SXY0Wqx3CdpKTmPrlrQl6xwfkM7HiTZ___UPtESks
xYGHPfNfeb9sgR4UvaSe3ZGC-w9fBDol0vlb-UEasW63zqRJmfXQY1vBi2tlYQOeTb2eQEzNrRk
1bUrkwyVdGATDfg5qsZsBRKbahvwnzq55pIrtFHSJQO7wOSd6iet3GiHpGE_HGk6G6KLCUQT9YY
Ia_FU123c14-QxaqOgf4WEeRZpkMjFapLYS9VFUeWs46CjsuDiCZlr39Eo4q2F4LwIIqsuVUXwj
Kl0yAZx0GK7HpdSJTc7XTArtP8ZALK57kxs5dSjticn1WGIm7ZjVPlggULGFILCUU2PqYW74T1t
K-Z1B8OJo2li26h5hZRRE2oKBZy9pc3N1ZXI"

    "proofValue": "u2V0ChVhQuGViqFrDzbSyW0igI__KQSFwz1kPSdaztO1O5n1Kp6QETk8
BiSFh3BeW6_Lpj2g8WAtIYFFVKWwVoJcRqFNTt-EtxoW0OtCwe8cIuCXdn15YQGAS26jpMIvxtB
SHLn6OCRwu9lgLhjXvtpqzP0ueAhKZq55pIrtFHSJQO7wOSd6iet3GiHpGE_HGk6G6KLCUQT9YY
KK0OsY-O8L_FLIwUXMDDTyoB0szPuxlaPQ9_KSL11M6Ld9-6C7eNLWuWUpnZ3PEXhgIRz2Ed1a6
t-8u54xXru2uicn2PIb5_60V6eFK2ogAHtry2yDHW8lxS_OQFI2OSFgg5vz2QS8w7u1AIPzAuvg
DrUYnDNvfrUJAkKI6lR82QHWBZy9pc3N1ZXI"

  }
}
Protected Headers 
{
  "kid": "ExHkBMW9fmbkvV266mRpuP2sUY_N_EWIN1lapUzO8ro",
  "alg": "ES256"
}
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusList"
  }
}
application/vc+jwt
eyJraWQiOiJFeEhrQk1XOWZtYmt2VjI2Nm1ScHVQMnNVWV9OX0VXSU4xbGFwVXpPOHJvIiwiYWxnIjoiRVMyNTYifQ . eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL3VuaXZlcnNpdHkuZXhhbXBsZS9DcmVkZW50aWFsMTIzIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjJnNTVxOTEyZWMzNDc2ZWJhMmw5ODEyZWNiZmUiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5vcmcvcGVyc29ucy9wYXQiLCJuYW1lIjoiUGF0IiwiYWx1bW5pT2YiOnsiaWQiOiJkaWQ6ZXhhbXBsZTpjMjc2ZTEyZWMyMWViZmViMWY3MTJlYmM2ZjEiLCJuYW1lIjoiRXhhbXBsZSBVbml2ZXJzaXR5In19LCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvQ3JlZGVudGlhbDEyMy1zY2hlbWEtY3JlZGVudGlhbCIsInR5cGUiOiJKc29uU2NoZW1hQ3JlZGVudGlhbCJ9LCJjcmVkZW50aWFsU3RhdHVzIjp7ImlkIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvc3RhdHVzbGlzdCMxMjM0NTYiLCJ0eXBlIjoiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Iiwic3RhdHVzUHVycG9zZSI6InJldm9jYXRpb24iLCJzdGF0dXNMaXN0SW5kZXgiOiIxMjM0NTYiLCJzdGF0dXNMaXN0Q3JlZGVudGlhbCI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWxTdGF0dXNMaXN0In19 . ngheC2Zv4ShtpylDowgXN7AAbxc_sTNe2UrYpHlp7p-bri8CRQeQDljw0u26g8Ug5WGMVbh1UPXb_nE0H94ZJg KAU_q9Ost3R5a58vsYrzX78WcuW91C3OJz4SmufeLOm7U-Hr2QYQQpzhDcuIoIRydbzIlvOiF4NAGdcYfCp8MA
application/vc 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://university.example/Credential123",
  "type": [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ],
  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",
  "validFrom": "2010-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "https://www.example.org/persons/pat",
    "name": "Pat",
    "alumniOf": {
      "id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
      "name": "Example University"
    }
  },
  "credentialSchema": {
    "id": "https://university.example/Credential123-schema-credential",
    "type": "JsonSchemaCredential"
  },
  "credentialStatus": {
    "id": "https://university.example/statuslist#123456",
    "type": "BitstringStatusListEntry",
    "statusPurpose": "revocation",
    "statusListIndex": "123456",
    "statusListCredential": "https://university.example/CredentialStatusList"
  }
}
application/cbor-diagnostic 
/ cose-sign1 / 18([
  / protected / << {
    / alg / 1 : -35 / ES384 /
  } >>,
  / unprotected / {
  },
  / payload / h'7b224063...74227d7d',
  / signature / h'5b2a3048...1c1d664e'

  / signature / h'a56fce5c...771a0da1'

])
application/vc+cose
d28444a1013822a059032d7b2240636f6e74657874223a5b2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f7632222c2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f6578616d706c65732f7632225d2c226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c313233222c2274797065223a5b2256657269666961626c6543726564656e7469616c222c224578616d706c65416c756d6e6943726564656e7469616c225d2c22697373756572223a226469643a6578616d706c653a3267353571393132656333343736656261326c393831326563626665222c2276616c696446726f6d223a22323031302d30312d30315430303a30303a30305a222c2263726564656e7469616c5375626a656374223a7b226964223a2268747470733a2f2f7777772e6578616d706c652e6f72672f706572736f6e732f706174222c226e616d65223a22506174222c22616c756d6e694f66223a7b226964223a226469643a6578616d706c653a633237366531326563323165626665623166373132656263366631222c226e616d65223a224578616d706c6520556e6976657273697479227d7d2c2263726564656e7469616c536368656d61223a7b226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c3132332d736368656d612d63726564656e7469616c222c2274797065223a224a736f6e536368656d6143726564656e7469616c227d2c2263726564656e7469616c537461747573223a7b226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f7374617475736c69737423313233343536222c2274797065223a22426974737472696e675374617475734c697374456e747279222c22737461747573507572706f7365223a227265766f636174696f6e222c227374617475734c697374496e646578223a22313233343536222c227374617475734c69737443726564656e7469616c223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c5374617475734c697374227d7d58405b2a304829fb282b6427909674d4a602a74b2b024264bb6bca6c61cbe0439e0ae694576afae580aec5cebad5c34fee1f9a177793307667ef1d11de251c1d664e d28444a1013822a059032d7b2240636f6e74657874223a5b2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f7632222c2268747470733a2f2f7777772e77332e6f72672f6e732f63726564656e7469616c732f6578616d706c65732f7632225d2c226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c313233222c2274797065223a5b2256657269666961626c6543726564656e7469616c222c224578616d706c65416c756d6e6943726564656e7469616c225d2c22697373756572223a226469643a6578616d706c653a3267353571393132656333343736656261326c393831326563626665222c2276616c696446726f6d223a22323031302d30312d30315430303a30303a30305a222c2263726564656e7469616c5375626a656374223a7b226964223a2268747470733a2f2f7777772e6578616d706c652e6f72672f706572736f6e732f706174222c226e616d65223a22506174222c22616c756d6e694f66223a7b226964223a226469643a6578616d706c653a633237366531326563323165626665623166373132656263366631222c226e616d65223a224578616d706c6520556e6976657273697479227d7d2c2263726564656e7469616c536368656d61223a7b226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c3132332d736368656d612d63726564656e7469616c222c2274797065223a224a736f6e536368656d6143726564656e7469616c227d2c2263726564656e7469616c537461747573223a7b226964223a2268747470733a2f2f756e69766572736974792e6578616d706c652f7374617475736c69737423313233343536222c2274797065223a22426974737472696e675374617475734c697374456e747279222c22737461747573507572706f7365223a227265766f636174696f6e222c227374617475734c697374496e646578223a22313233343536222c227374617475734c69737443726564656e7469616c223a2268747470733a2f2f756e69766572736974792e6578616d706c652f43726564656e7469616c5374617475734c697374227d7d5840a56fce5ce8c540e17ca9dbd9325bc224323a95cd10433931d819faf5955c98e169b20f49718bc269dd607e15f222818668bd9f85ce9462aaa5bc3515771a0da1
eyJraWQiOiJFeEhrQk1XOWZtYmt2VjI2Nm1ScHVQMnNVWV9OX0VXSU4xbGFwVXpPOHJvIiwiYWxnIjoiRVMyNTYifQ . eyJfc2RfYWxnIjoic2hhLTI1NiIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy92MiIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy9leGFtcGxlcy92MiJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZToyZzU1cTkxMmVjMzQ3NmViYTJsOTgxMmVjYmZlIiwidmFsaWRGcm9tIjoiMjAxMC0wMS0wMVQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJuYW1lIjoiUGF0IiwiYWx1bW5pT2YiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSIsIl9zZCI6WyJtekdVRzdISHNTZHVMbEwtWWNDVW94cDROc0pBNlQtcE4yMGlsa1U5dTJ3Il19LCJfc2QiOlsiT2s2VHVmQjNzQ185S18zWURvZ1diX0xlQS0zSHJJT2tseGJjeVhJejl0TSJdfSwiY3JlZGVudGlhbFNjaGVtYSI6eyJfc2QiOlsiN3JSZFpCUnJPbUVDY09GY29iX0dCTEFONmpvd0dmR2tELUsxWmt1SnNYMCIsIkJtRFJWQll6Y1FIRXZ6LWc4VFBfdUhZN0VhSzVubksyanliOGZpUXY4dmsiXX0sImNyZWRlbnRpYWxTdGF0dXMiOnsic3RhdHVzUHVycG9zZSI6InJldm9jYXRpb24iLCJzdGF0dXNMaXN0SW5kZXgiOiIxMjM0NTYiLCJzdGF0dXNMaXN0Q3JlZGVudGlhbCI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWxTdGF0dXNMaXN0IiwiX3NkIjpbIjY5eC13Nkc4R19fNU12RUNKc1lCdjVWSTk2N2VqVlEtYk0ydlZqM1FQc1kiLCJiYVFIUDFuclZNV0RfSGxpc21kelhQdHBTVno0dzRSOFZHLWpmUTd5dW5FIl19LCJfc2QiOlsiTGowSTFoUTZmNkNSOVVaRWRIcFN0bFZDQTZibGs2Ylh6VEsxVnhvb0VCcyIsInphMmoyVkFNYVBTemxZQzZ0emF5NGJzeEVyRERRbWNWZ3JqU2hhVUw1RHciXX0 eyJfc2RfYWxnIjoic2hhLTI1NiIsIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy92MiIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9jcmVkZW50aWFscy9leGFtcGxlcy92MiJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZToyZzU1cTkxMmVjMzQ3NmViYTJsOTgxMmVjYmZlIiwidmFsaWRGcm9tIjoiMjAxMC0wMS0wMVQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJuYW1lIjoiUGF0IiwiYWx1bW5pT2YiOnsibmFtZSI6IkV4YW1wbGUgVW5pdmVyc2l0eSIsIl9zZCI6WyJjdE9HOFhWb3BMTUJRVnFqSGZkeXRVb2laNUF2MkREZE1nMjdwdmJyd2VBIl19LCJfc2QiOlsiQkRKaUZXOEp1ek90c0djaDUyUWJjS1pQemtoOElPREZYTmpIb3lQME00RSJdfSwiY3JlZGVudGlhbFNjaGVtYSI6eyJfc2QiOlsiWDFqb2pUcGh2RzV4TUExZmJBMmNVQWsxQ1pOQWxJVU5TUmkxRkdsaUdKUSIsImYwMGhoLUkyZXN4ekYyemQzc1RscjBzQUpiTi1wTVhVRnlRSDBKdUd4N00iXX0sImNyZWRlbnRpYWxTdGF0dXMiOnsic3RhdHVzUHVycG9zZSI6InJldm9jYXRpb24iLCJzdGF0dXNMaXN0SW5kZXgiOiIxMjM0NTYiLCJzdGF0dXNMaXN0Q3JlZGVudGlhbCI6Imh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWxTdGF0dXNMaXN0IiwiX3NkIjpbIjRha1VjcmhiY3lLQmFxMEcyNTJHbnBYekN6THcxMExWS1RjVGs3VWFJYkEiLCJGdjh0OWUtU1h6WGVLdDl0S2RvclVMcnM1aV9QUzdWc1RaU1c5SHp0YTVrIl19LCJfc2QiOlsiT2dSc2c4cHpwNVFtbzdSa0J2Q2FjWE1YSFdBeV9DTjRURGtjQmNsdjdDVSIsIm43S1I1bVJGTFd4SFFSX1VoWFgxd1hKMWxtd1RXN0Z2TGZzLW5zTDdMOUEiXX0 . BdP84L-MUkjljEFJ_ziUwxvyZIGO6hMVkDfYludQJ5K00ol5eLFZWg1Fuy_VH6Jmy4zeKPOGDxnfhIKgSuUZ4g 2yV61aojguuks7nMPX4LNFOkBSFjraL87LDKfgXlsAvIXPJkP3cGeVka_a1gCR_aCWIehOAEoGGqCQ9HwFxpAA ~ WyJQWi10UHgyYjNwMC01QzlNcE9jLUl3IiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMiXQ WyJBZ2pMN2FZeVVHRHhnWkZEajN2OVZ3IiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMiXQ ~ WyItNzFqd1JGYXFhY3VGNy1GZHBhcHFnIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d WyJ6bE1YX2xMWDY2d2pwaGE5cjMtZUxBIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d ~ WyJ2cWhGSWtRbTF2VkctemJyTmFGXzdBIiwgImlkIiwgImh0dHBzOi8vd3d3LmV4YW1wbGUub3JnL3BlcnNvbnMvcGF0Il0 WyJXS0RxbjdFWTg0cjRvaDNlcmludW1nIiwgImlkIiwgImh0dHBzOi8vd3d3LmV4YW1wbGUub3JnL3BlcnNvbnMvcGF0Il0 ~ WyJENjJuYlVsSy1OTGE2cGs1eGZ2TW53IiwgImlkIiwgImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJd WyJiSVlHQWNTeUUwNzh5eTVLNTNhTWtRIiwgImlkIiwgImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJd ~ WyJudWFEcW5ZOTZxNHgzOU5kcW1HM0VBIiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMtc2NoZW1hLWNyZWRlbnRpYWwiXQ WyJ0N01reEQxZW42OEF6cFVBbXZud1dRIiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMtc2NoZW1hLWNyZWRlbnRpYWwiXQ ~ WyJGVjBDaWJIMDFncFRDcUwtT2NiY2pRIiwgInR5cGUiLCAiSnNvblNjaGVtYUNyZWRlbnRpYWwiXQ WyJ1NmhKRVBQUS03b0JMT2hGQS1vajNnIiwgInR5cGUiLCAiSnNvblNjaGVtYUNyZWRlbnRpYWwiXQ ~ WyJpZVJtZ041enlBTlZqX0hudE1kMUR3IiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL3N0YXR1c2xpc3QjMTIzNDU2Il0 WyJYQW0zLTZGdmZNYUItUjY1MTRnZGxnIiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL3N0YXR1c2xpc3QjMTIzNDU2Il0 ~ WyJqYVZ0NUhLdGl0a2tyYW1XRUp3WERRIiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0 WyJwM3VMUE5kTFJYMnhOanB3cUpKNU13IiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0 ~ 
{


  "kid": "ExHkBMW9fmbkvV266mRpuP2sUY_N_EWIN1lapUzO8ro",


  "alg": "ES256"


}

{


  "_sd_alg": "sha-256",


  "@context": [


    "https://www.w3.org/ns/credentials/v2",


    "https://www.w3.org/ns/credentials/examples/v2"


  ],


  "issuer": "did:example:2g55q912ec3476eba2l9812ecbfe",


  "validFrom": "2010-01-01T00:00:00Z",


  "credentialSubject": {


    "name": "Pat",


    "alumniOf": {


      "name": "Example University",


      "_sd": [


        "mzGUG7HHsSduLlL-YcCUoxp4NsJA6T-pN20ilkU9u2w"

        "ctOG8XVopLMBQVqjHfdytUoiZ5Av2DDdMg27pvbrweA"



      ]


    },


    "_sd": [


      "Ok6TufB3sC_9K_3YDogWb_LeA-3HrIOklxbcyXIz9tM"

      "BDJiFW8JuzOtsGch52QbcKZPzkh8IODFXNjHoyP0M4E"



    ]


  },


  "credentialSchema": {


    "_sd": [


      "7rRdZBRrOmECcOFcob_GBLAN6jowGfGkD-K1ZkuJsX0",

      "X1jojTphvG5xMA1fbA2cUAk1CZNAlIUNSRi1FGliGJQ",



      "BmDRVBYzcQHEvz-g8TP_uHY7EaK5nnK2jyb8fiQv8vk"

      "f00hh-I2esxzF2zd3sTlr0sAJbN-pMXUFyQH0JuGx7M"



    ]


  },


  "credentialStatus": {


    "statusPurpose": "revocation",


    "statusListIndex": "123456",


    "statusListCredential": "https://university.example/CredentialStatusList",


    "_sd": [


      "69x-w6G8G__5MvECJsYBv5VI967ejVQ-bM2vVj3QPsY",

      "4akUcrhbcyKBaq0G252GnpXzCzLw10LVKTcTk7UaIbA",



      "baQHP1nrVMWD_HlismdzXPtpSVz4w4R8VG-jfQ7yunE"

      "Fv8t9e-SXzXeKt9tKdorULrs5i_PS7VsTZSW9Hzta5k"



    ]


  },


  "_sd": [


    "Lj0I1hQ6f6CR9UZEdHpStlVCA6blk6bXzTK1VxooEBs",

    "OgRsg8pzp5Qmo7RkBvCacXMXHWAy_CN4TDkcBclv7CU",



    "za2j2VAMaPSzlYC6tzay4bsxErDDQmcVgrjShaUL5Dw"

    "n7KR5mRFLWxHQR_UhXX1wXJ1lmwTW7FvLfs-nsL7L9A"



  ]


}

Claim: id

SHA-256 Hash: za2j2VAMaPSzlYC6tzay4bsxErDDQmcVgrjShaUL5Dw OgRsg8pzp5Qmo7RkBvCacXMXHWAy_CN4TDkcBclv7CU

Disclosure(s): WyJQWi10UHgyYjNwMC01QzlNcE9jLUl3IiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMiXQ WyJBZ2pMN2FZeVVHRHhnWkZEajN2OVZ3IiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMiXQ

Contents: [
  "PZ-tPx2b3p0-5C9MpOc-Iw",   "AgjL7aYyUGDxgZFDj3v9Vw",
  "id",
  "https://university.example/Credential123"
]

Claim: type

SHA-256 Hash: Lj0I1hQ6f6CR9UZEdHpStlVCA6blk6bXzTK1VxooEBs n7KR5mRFLWxHQR_UhXX1wXJ1lmwTW7FvLfs-nsL7L9A

Disclosure(s): WyItNzFqd1JGYXFhY3VGNy1GZHBhcHFnIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d WyJ6bE1YX2xMWDY2d2pwaGE5cjMtZUxBIiwgInR5cGUiLCBbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwgIkV4YW1wbGVBbHVtbmlDcmVkZW50aWFsIl1d

Contents: [
  "-71jwRFaqacuF7-Fdpapqg",   "zlMX_lLX66wjpha9r3-eLA",
  "type",
  [
    "VerifiableCredential",
    "ExampleAlumniCredential"
  ]
]

Claim: id

SHA-256 Hash: Ok6TufB3sC_9K_3YDogWb_LeA-3HrIOklxbcyXIz9tM BDJiFW8JuzOtsGch52QbcKZPzkh8IODFXNjHoyP0M4E

Disclosure(s): WyJ2cWhGSWtRbTF2VkctemJyTmFGXzdBIiwgImlkIiwgImh0dHBzOi8vd3d3LmV4YW1wbGUub3JnL3BlcnNvbnMvcGF0Il0 WyJXS0RxbjdFWTg0cjRvaDNlcmludW1nIiwgImlkIiwgImh0dHBzOi8vd3d3LmV4YW1wbGUub3JnL3BlcnNvbnMvcGF0Il0

Contents: [
  "vqhFIkQm1vVG-zbrNaF_7A",   "WKDqn7EY84r4oh3erinumg",
  "id",
  "https://www.example.org/persons/pat"
]

Claim: id

SHA-256 Hash: mzGUG7HHsSduLlL-YcCUoxp4NsJA6T-pN20ilkU9u2w ctOG8XVopLMBQVqjHfdytUoiZ5Av2DDdMg27pvbrweA

Disclosure(s): WyJENjJuYlVsSy1OTGE2cGs1eGZ2TW53IiwgImlkIiwgImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJd WyJiSVlHQWNTeUUwNzh5eTVLNTNhTWtRIiwgImlkIiwgImRpZDpleGFtcGxlOmMyNzZlMTJlYzIxZWJmZWIxZjcxMmViYzZmMSJd

Contents: [
  "D62nbUlK-NLa6pk5xfvMnw",   "bIYGAcSyE078yy5K53aMkQ",
  "id",
  "did:example:c276e12ec21ebfeb1f712ebc6f1"
]

Claim: id

SHA-256 Hash: BmDRVBYzcQHEvz-g8TP_uHY7EaK5nnK2jyb8fiQv8vk f00hh-I2esxzF2zd3sTlr0sAJbN-pMXUFyQH0JuGx7M

Disclosure(s): WyJudWFEcW5ZOTZxNHgzOU5kcW1HM0VBIiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMtc2NoZW1hLWNyZWRlbnRpYWwiXQ WyJ0N01reEQxZW42OEF6cFVBbXZud1dRIiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL0NyZWRlbnRpYWwxMjMtc2NoZW1hLWNyZWRlbnRpYWwiXQ

Contents: [
  "nuaDqnY96q4x39NdqmG3EA",   "t7MkxD1en68AzpUAmvnwWQ",
  "id",
  "https://university.example/Credential123-schema-credential"
]

Claim: type

SHA-256 Hash: 7rRdZBRrOmECcOFcob_GBLAN6jowGfGkD-K1ZkuJsX0 X1jojTphvG5xMA1fbA2cUAk1CZNAlIUNSRi1FGliGJQ

Disclosure(s): WyJGVjBDaWJIMDFncFRDcUwtT2NiY2pRIiwgInR5cGUiLCAiSnNvblNjaGVtYUNyZWRlbnRpYWwiXQ WyJ1NmhKRVBQUS03b0JMT2hGQS1vajNnIiwgInR5cGUiLCAiSnNvblNjaGVtYUNyZWRlbnRpYWwiXQ

Contents: [
  "FV0CibH01gpTCqL-OcbcjQ",   "u6hJEPPQ-7oBLOhFA-oj3g",
  "type",
  "JsonSchemaCredential"
]

Claim: id

SHA-256 Hash: 69x-w6G8G__5MvECJsYBv5VI967ejVQ-bM2vVj3QPsY 4akUcrhbcyKBaq0G252GnpXzCzLw10LVKTcTk7UaIbA

Disclosure(s): WyJpZVJtZ041enlBTlZqX0hudE1kMUR3IiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL3N0YXR1c2xpc3QjMTIzNDU2Il0 WyJYQW0zLTZGdmZNYUItUjY1MTRnZGxnIiwgImlkIiwgImh0dHBzOi8vdW5pdmVyc2l0eS5leGFtcGxlL3N0YXR1c2xpc3QjMTIzNDU2Il0

Contents: [
  "ieRmgN5zyANVj_HntMd1Dw",   "XAm3-6FvfMaB-R6514gdlg",
  "id",
  "https://university.example/statuslist#123456"
]

Claim: type

SHA-256 Hash: baQHP1nrVMWD_HlismdzXPtpSVz4w4R8VG-jfQ7yunE Fv8t9e-SXzXeKt9tKdorULrs5i_PS7VsTZSW9Hzta5k

Disclosure(s): WyJqYVZ0NUhLdGl0a2tyYW1XRUp3WERRIiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0 WyJwM3VMUE5kTFJYMnhOanB3cUpKNU13IiwgInR5cGUiLCAiQml0c3RyaW5nU3RhdHVzTGlzdEVudHJ5Il0

Contents: [
  "jaVt5HKtitkkramWEJwXDQ",   "p3uLPNdLRX2xNjpwqJJ5Mw",
  "type",
  "BitstringStatusListEntry"
]

B. Lifecycle Details

The previous sections provided an overview of the Verifiable Credential ecosystem. This section provides more details about how the ecosystem is envisaged to operate.

Diagram showing credentials flowing from issuer to holder, and optionally from one holder to another; and presentations flowing from holder to verifier, and optionally from one verifier to another through verification and validation. Verifiers can Check Status with Issuers or with a logical verifiable data Registry. Holders may also delete, and Issuers may also revoke, credentials.
Figure 10 Lifecycle of a single Verifiable Credential: the roles and information flows for this specification.

The roles and information flows in the Verifiable Credential ecosystem are as follows:

Note

The order of the actions above is not fixed, and some actions might be taken more than once. Such action-recurrence might be immediate or at any later point.

The most common sequence of actions is envisioned to be:

  1. An issuer issues a verifiable credential to a holder.
  2. The holder presents the verifiable credential to a verifier.
  3. The verifier verifies the verifiable credential.
  4. The verifier validates claims made in the verifiable credential against the verifier's business rules.
  5. The verifier applies valid claims.

These specifications do not define any protocol for transferring Verifiable Credentials or Verifiable Presentations, but assuming other specifications do specify how they are transferred between entities, then the Verifiable Credential Data Model is directly applicable.

These specifications neither define an authorization framework nor does it restrict the business decisions that a verifier might make after verifying a Verifiable Credential or Verifiable presentation. Rather, verifiers apply their own business rules before treating any claim as valid, taking into account the holder, the issuer of the Verifiable Credential, the claims of the Verifiable Credential, and the verifier's own policies.

In particular, sections Terms of Use in the Data Model specification, and the Subject-Holder Relationships section in the Verifiable Credentials Implementation Guide [ VC-IMP-GUIDE ] specify how a verifier can determine:

C. References

C.1 Informative references

[CFRG-BBS-SIGNATURE]
The BBS Signature Scheme . Tobias Looker; Vasilis Kalos; Andrew Whitehead; Mike Lodder. IETF. I-D. URL: https://www.ietf.org/archive/id/draft-irtf-cfrg-bbs-signatures-05.html
[CID-1.0]
Controlled Identifiers v1.0 . Michael Jones; Manu Sporny. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/cid-1.0/
[DID-CORE]
Decentralized Identifiers (DIDs) v1.0 . Manu Sporny; Amy Guy; Markus Sabadello; Drummond Reed. W3C. 19 July 2022. W3C Recommendation. URL: https://www.w3.org/TR/did-core/
[FIPS-186-5]
FIPS PUB 186-5: Digital Signature Standard (DSS) . U.S. Department of Commerce/National Institute of Standards and Technology. 3 February 2023. National Standard. URL: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
[JSON-LD11]
JSON-LD 1.1 . Gregg Kellogg; Pierre-Antoine Champin; Dave Longley. W3C. 16 July 2020. W3C Recommendation. URL: https://www.w3.org/TR/json-ld11/
[JSON-SCHEMA]
JSON Schema: A Media Type for Describing JSON Documents . Austin Wright; Henry Andrews; Ben Hutton; Greg Dennis. Internet Engineering Task Force (IETF). 10 June 2022. Internet-Draft. URL: https://datatracker.ietf.org/doc/html/draft-bhutton-json-schema
[RDF-CANON]
RDF Dataset Canonicalization . Gregg Kellogg; Dave Longley; Dan Yamamoto. W3C. 21 May 2024. W3C Recommendation. URL: https://www.w3.org/TR/rdf-canon/
[RDF11-CONCEPTS]
RDF 1.1 Concepts and Abstract Syntax . Richard Cyganiak; David Wood; Markus Lanthaler. W3C. 25 February 2014. W3C Recommendation. URL: https://www.w3.org/TR/rdf11-concepts/
[RFC1952]
GZIP file format specification version 4.3 . P. Deutsch. IETF. May 1996. Informational. URL: https://www.rfc-editor.org/rfc/rfc1952
[RFC6901]
JavaScript Object Notation (JSON) Pointer . P. Bryan, Ed.; K. Zyp; M. Nottingham, Ed. IETF. April 2013. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc6901
[RFC7515]
JSON Web Signature (JWS) . M. Jones; J. Bradley; N. Sakimura. IETF. May 2015. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc7515
[RFC7517]
JSON Web Key (JWK) . M. Jones. IETF. May 2015. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc7517
[RFC7519]
JSON Web Token (JWT) . M. Jones; J. Bradley; N. Sakimura. IETF. May 2015. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc7519
[RFC8032]
Edwards-Curve Digital Signature Algorithm (EdDSA) . S. Josefsson; I. Liusvaara. IETF. January 2017. Informational. URL: https://www.rfc-editor.org/rfc/rfc8032
[RFC8785]
JSON Canonicalization Scheme (JCS) . A. Rundgren; B. Jordan; S. Erdtman. IETF. June 2020. Informational. URL: https://www.rfc-editor.org/rfc/rfc8785
[RFC8949]
Concise Binary Object Representation (CBOR) . C. Bormann; P. Hoffman. IETF. December 2020. Internet Standard. URL: https://www.rfc-editor.org/rfc/rfc8949
[RFC9052]
CBOR Object Signing and Encryption (COSE): Structures and Process . J. Schaad. IETF. August 2022. Internet Standard. URL: https://www.rfc-editor.org/rfc/rfc9052
[RFC9563]
SM2 Digital Signature Algorithm for DNSSEC . C. Zhang; Y. Liu; F. Leng; Q. Zhao; Z. He. IETF. December 2024. Informational. URL: https://www.rfc-editor.org/rfc/rfc9563
[SD-JWT]
Selective Disclosure for JWTs (SD-JWT) . Daniel Fett; Kristina Yasuda; Brian Campbell. The IETF OAuth Working Group. I-D. URL: https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
[URL]
URL Standard . Anne van Kesteren. WHATWG. Living Standard. URL: https://url.spec.whatwg.org/
[VC-BITSTRING-STATUS-LIST]
Bitstring Status List v1.0 . Manu Sporny; Dave Longley; Mahmoud Alkhraishi; Michael Prorock. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-bitstring-status-list/
[VC-DATA-INTEGRITY]
Verifiable Credential Data Integrity 1.0 . Ivan Herman; Manu Sporny; Ted Thibodeau Jr; Dave Longley; Greg Bernstein. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-integrity/
[VC-DATA-MODEL-2.0]
Verifiable Credentials Data Model v2.0 . Ivan Herman; Michael Jones; Manu Sporny; Ted Thibodeau Jr; Gabe Cohen. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model-2.0/
[VC-DI-BBS]
Data Integrity BBS Cryptosuites v1.0 . Greg Bernstein; Manu Sporny. W3C. 3 April 2025. CRD. URL: https://www.w3.org/TR/vc-di-bbs/
[VC-DI-ECDSA]
Data Integrity ECDSA Cryptosuites v1.0 . Manu Sporny; Dave Longley; Greg Bernstein. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-di-ecdsa/
[VC-DI-EDDSA]
Data Integrity EdDSA Cryptosuites v1.0 . Manu Sporny; Ted Thibodeau Jr; Greg Bernstein. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-di-eddsa/
[VC-IMP-GUIDE]
Verifiable Credentials Implementation Guidelines 1.0 . Andrei Sambra. W3C. 24 September 2019. W3C Working Group Note. URL: https://www.w3.org/TR/vc-imp-guide/
[VC-JOSE-COSE]
Securing Verifiable Credentials using JOSE and COSE . Michael Jones; Gabe Cohen; Michael Prorock. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-jose-cose/
[VC-JSON-SCHEMA]
Verifiable Credentials JSON Schema Specification . Gabe Cohen; Michael Prorock; Mahmoud Alkhraishi. W3C. 4 February 2025. CRD. URL: https://www.w3.org/TR/vc-json-schema/