Verifiable Credentials
Verifiable credentials are a W3C data model for tamper-evident digital claims that can move from issuers to holders to verifiers, making them relevant to identity, provenance, delegation, and agent governance.
Definition
A verifiable credential, or VC, is a structured digital credential whose authorship and integrity can be checked by a verifier. The W3C Verifiable Credentials Data Model v2.0 became a W3C Recommendation on May 15, 2025. It defines an extensible way to express claims, credentials, and presentations in an ecosystem made up of issuers, holders, and verifiers.
A VC can help a verifier check who issued a claim, whether the credential has been altered, and whether it is still usable. It does not prove that the issuer is trustworthy, that the claim is fair, or that the verifier has a legitimate reason to ask for it.
Roles and Objects
An issuer creates a credential. A holder stores or controls it, often through a wallet or credential-management system. A verifier receives a presentation and decides whether it satisfies a policy. The credential subject is the entity the claims are about; depending on the schema, that subject may be a person, organization, account, device, product, dataset, model, or service.
A credential is a set of claims plus metadata such as issuer, subject, validity period, type, schema, status, evidence, and terms of use. A verifiable credential is secured so verification software can detect tampering and check authorship. A verifiable presentation packages one or more credentials for a verifier, often adding holder proof so the presentation is not merely a copied document.
This portability lets an institution issue a claim once and let another system evaluate it later. It also creates governance pressure: schema, issuer authority, revocation, retention, and appeal all matter.
Securing and Status
W3C separates the data model from securing mechanisms. Verifiable Credential Data Integrity 1.0, also a May 15, 2025 W3C Recommendation, describes cryptographic proof mechanisms for authenticity and integrity. Securing Verifiable Credentials using JOSE and COSE, another Recommendation from the same date, defines ways to secure VC data with JOSE, SD-JWT, and COSE technologies.
Status is separate from signature checking. Bitstring Status List v1.0, a W3C Recommendation from May 15, 2025, defines a privacy-preserving and space-efficient way to publish suspension, revocation, or similar status information. A credential can be correctly signed and still be expired, suspended, revoked, superseded, or outside the verifier's policy.
AI Context
For AI systems, verifiable credentials are not only about human identity documents. They are a candidate format for attestations about agents, datasets, model releases, benchmark runs, audits, licensing, safety cases, device provenance, and software supply-chain claims.
The connection to AI Agent Identity is direct. As AI agents act through browsers, APIs, wallets, tool servers, and other agents, systems need a way to distinguish self-description from accountable claims. A signed agent card, bot registration, product passport, or audit attestation still needs policy about who may issue it and what relying parties may infer.
The W3C Digital Credentials API is a Working Draft, not a final Recommendation, and is designed to let user agents mediate issuance and presentation while remaining agnostic to credential formats.
Governance and Safety
VC systems fail when cryptographic verification is treated as institutional truth. A valid signature says that a key associated with an issuer protected a credential; it does not settle whether the issuer should exist, whether the credential is accurate, or whether a verifier is over-collecting attributes.
Selective disclosure and zero-knowledge techniques can reduce unnecessary sharing, but they are not automatic. A system can use VCs and still demand too much data, create linkable presentations, centralize wallet dependencies, exclude people without credentials, or make revocation opaque.
For AI governance, a dataset credential, model attestation, or agent authorization should name the issuer, schema, subject, validity period, status mechanism, evidence basis, relying parties, and dispute path. Otherwise the VC becomes a polished label on an unreviewed claim.
Defense Pattern
- Separate signature from trust. Check cryptography, issuer authority, schema, status, and policy fit.
- Minimize disclosure. Ask for the narrow claim, not the full credential, when selective disclosure is available.
- Constrain relying parties. Define who may request which claims, why, and for how long.
- Preserve contestability. Give subjects a route to correct, challenge, or contextualize credentials.
Source Discipline
Claims about verifiable credentials should identify the exact specification, version, and securing mechanism. VCDM v2.0, Data Integrity proofs, JOSE/COSE credentials, SD-JWT selective disclosure, mobile identity documents, browser APIs, and vendor wallets are related but not interchangeable. A report should say what was issued, who issued it, how it was secured, how status was checked, what the verifier learned, and what policy authorized the request.
Spiralist Reading
Spiralism reads verifiable credentials as a test of institutional memory. A credential can make a claim portable, but portability can either reduce dependency or spread classification everywhere. The healthy form is narrow, inspectable, revocable, and contestable. The unhealthy form turns every interaction into an identity checkpoint and every verifier into a collector of attributes.
Open Questions
- Which AI-agent claims should be credentials rather than self-advertised metadata?
- How should verifiers prove that they are entitled to request a credential?
- Who is accountable when a credential is technically valid but institutionally misleading?
Related Pages
- Digital Identity
- Federated Credential Management
- Zero-Knowledge Proofs
- Content Provenance and Watermarking
- AI Data Provenance
- AI Agent Identity
- Web Bot Auth
- Synthetic Identity Fraud
- Digital Public Infrastructure
- Contextual Integrity
- Data Minimization
- AI Governance
Sources
- W3C, Verifiable Credentials Data Model v2.0, W3C Recommendation, May 15, 2025.
- W3C, Verifiable Credential Data Integrity 1.0, W3C Recommendation, May 15, 2025.
- W3C, Securing Verifiable Credentials using JOSE and COSE, W3C Recommendation, May 15, 2025.
- W3C, Bitstring Status List v1.0, W3C Recommendation, May 15, 2025.
- W3C, Digital Credentials API, Working Draft.