Holders, Issuers, Verifiers, & Subjects

A Holder, an Issuer, a Subject, and a Verifier Walk Into a Bar…
When we typically think of credentials, the issuer, holder, and verifier of a credential are three different people or organizations. For example, the Department of Motor Vehicles (issuer) has given me (holder) a copy of my license (which is about me, so I’m the subject). I will show this credential to the police officer (verifier) after she has pulled me over for speeding.
However, this arrangement of separate holders, verifiers, subjects, and issuers is not always the case. If I create a “World’s Best Roller Skater” credential, I can issue that credential to myself and hold it myself. Now, admittedly, calling oneself the “World’s Best Roller Skater” would be better performed by a party with outside expertise in the matter. Nevertheless, the important point is that there are important exceptions to the commonplace mental model of credentials.
It can also be true that the holder changes over time. I may first issue and hold my “World’s Best Roller Skater” credential but then decide that you should really have the honor of being the “World’s Best Roller Skater,” so I give you my credential. You’re now the “World’s Best Roller Skater,” right? Not necessarily. Instead, you would now be acting as the holder but are still not the subject of the credential. I would need to issue a new credential with you as the credential subject to show that your are, in fact, the new “World’s Best Roller Skater.”
If it seems confusing, that because it is! In fact, some credentials don’t even have uniquely-identified subjects (these are called “bearer credentials” for those curious). Indeed, multiple subjects can even be represented in a single credential. But we’re here to help dispel your confusion, not to add to it, so let’s just focus on the basics:
  • A credential holder is an entity that has possession of a credential.
  • A credential issuer is an entity that creates a credential.
  • A credential subject is the entity that the credential is about.
  • A credential verifier is an entity that verifies the validity, verification status, and/or veracity of a credential.
These different roles can be combined in unusual and seemingly strange ways, so be sure to check in on the Verifiable Credential Data Model to gain a deep, technical understanding of what’s happening under the hood of verifiable credentials.