Links

Credentials 101

When you renew your license, you’re renewing a credential. When you receive your diploma, you’re receiving a credential. When you show your passport to get to your gate at the airport, you’re showing a credential.
A credential is a set of claims made by an organization or individual. Your driver’s license contains claims about your physical features, your eye color, whether or not you’re an organ donor, and most importantly, if you’ve been certified to operate a motor vehicle.
There are three different roles at work in our driver license scenario:
  • The issuer – The Department of Motor Vehicles that issued you a driver’s license.
  • The holder – You! Since you have and present your driver’s license, you’re the holder.
  • The verifier – Anyone requesting or verifying your license. This could be a police officer who pulls you over, or your place of employment making sure you can rent a car for business trips, or even the cashier at a liquor store checking that you’re old enough to make a purchase.
Lurking beneath the surface of our example is a verifiable data registry or a place where your identifier is stored and managed. In this example, the verifiable data registry is owned and operated by the DMV, who issues you a unique identifier called a driver’s license number. They keep track of your identifier and other information about your credential, like if it has expired or been suspended.

Verifiable + Credential

A verifiable credential is a digital version of a credential. A verifiable credential can contain all of the same information that a physical, regular credential can contain. The difference is that verifiable credentials are more trustworthy than regular credentials.
Let’s say that I’m a mischievous teenager and want to go see an R-rated movie at the movie theater with my friends. I could alter my driver license to make me seem older than I really am. If I’m exceptionally mischievous, the cashier who checks my date of birth at the movie theater would be none the wiser.
A verifiable credential makes tampering with a credential much more difficult. This is done through the addition of technologies like digital signatures, which are “tamper-evident,” meaning that if someone has changed a fact on a verifiable credential it’s obvious to a verifier that the credential has been altered. No matter how exceptionally mischievous our teenager is, they won’t be able to easily dupe the movie theater cashier with a verifiable credential.
In addition to being tamper-evident, verifiable credentials have all the convenience associated with a digital item. With a verifiable credential I can prove over the internet that my driver’s license is valid without needing to take a picture of my physical copy to send to a verifier. A digital movie company could, for instance, verify my age over the internet before allowing me to stream an R-rated movie.

The Technical Stuff

Transmute is committed to building in the open using open standards. We use a verifiable credential model defined by the W3C, where people from across the credential business ecosystem can contribute, comment, and provide insight into how to build the best verifiable credential for everyone.