This specification defines the Confidence Method property that can be used with the the W3C Verifiable Credentials Data Model (VCDM). An issuer can include one or more Confidence Methods in a verifiable credential to inform verifiers of mechanisms they could use to increase their confidence in the truth of a variety of things, including the following:
This is an experimental specification and is undergoing regular revisions. It is not fit for production deployment.
The following terms are used to describe concepts involved in the generation of Verifiable Credentials and Verifiable Presentations using the confidence method property defined by this specification.
This specification defines the confidenceMethod
property
for expressing confidence method information in a
credentialSubject
in a verifiable credential.
A verifier can decide to accept claims in a verifiable
credential without requiring use of the confidence method, or use a
different mechanism to increase their confidence about whether, for
example, the holder is the same entity the issuer made
claims about in the verifiable credential. Such a decision
can impact the verifier's liability or lack thereof if not
specified by other means such as a termsOfUse
policy.
For example, an issuer can include a confidence method based on public key cryptography in the verifiable credential. A holder can demonstrate they are able to generate and include a proof with a cryptographic signature in the verifiable presentation that will verify against the verification key expressed in the confidence method in the embedded verifiable credential.
A verifier can validate that the holder controls,
or has been designated the ability to use, a confidence method
by verifying the proof of the verifiable
presentation using the information in the confidence method. The
confidence method can include the verification key, or the type of the
confidence method can define that the verification key is to be inferred from
other properties in the verifiable credential, such as the
credentialSubject.id
.
If present, the value of the confidenceMethod
property is
one or more confidence methods. Each confidence method is bound to one or more
claims in the verifiable credential, and provides enough information for a
verifier to determine whether the holder can generate a
verifiable presentation to increase the verifier's confidence
that they are the same entity referenced by the confidence method.
This is referred to as satisfying the confidence method. It is required that
the issuer verifies the holder can satisfy each
confidenceMethod
the issuer includes in the
claims of the verifiable credentials they issue.
Each confidence method MUST specify its type
and MAY specify an
id
. The precise properties and semantics of each
confidence method are determined by the specific
confidenceMethod
type definition.
The following example demonstrates a confidence method based on proving possession of a cryptographic key. The corresponding public key is a type-specific property of the confidence method.
{ "@context": [ "https://www.w3.org/ns/credentials/v2", "https://www.w3.org/ns/credentials/examples/v2" ], "id": "http://example.edu/credentials/3732", "type": ["VerifiableCredential", "UniversityDegreeCredential"], "issuer": "https://example.edu/issuers/14", "validFrom": "2010-01-01T19:23:24Z", "credentialSubject": { "confidenceMethod": [{ "type": "VerificationKeyConfirmation", "publicKeyJwk": { "crv": "Ed25519", "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ", "kty": "OKP", "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A" } },{ "type": "VerificationKeyConfirmation", "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" }], "degree": { "type": "BachelorDegree", "name": "Bachelor of Science and Arts" } }, "proof": { ... } }
A confidence method can express various metadata such as the issuer's level of confidence that the holder is the entity referenced by a subject of the verifiable credential, specific form factors or mechanisms of authenticators, and/or references to other verifiable credentials or versioned trust frameworks. For example, an issuer can make a claim about a confidence method that is based on a cryptographic key pair, but to produce a signature using that key, the holder has to unlock a device using multi-factor authentication.
Add conformance section
Add security considerations section
This table summarizes the Confidence Method specifications currently in development. The table lists the method name, associated specification, authors, stability of the specification, and conformance test suite (if applicable).
Method Name | Specification | Authors | Stability | Test Suite |
---|---|---|---|---|
VerificationKeyConfirmation | This document | Oliver Terbu | Experimental | None |