index.html

<!DOCTYPE html>
<html>
  <head>
    <title>Verifiable Credentials Data Model 1.0</title>
    <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
    <!--
      === NOTA BENE ===
      For the three scripts below, if your spec resides on dev.w3 you can check them
      out in the same tree and use relative links so that they'll work offline,
     -->
    <script src='https://www.w3.org/Tools/respec/respec-w3c-common' class='remove'></script>
    <script src="./common.js" class="remove"></script>
    <script type="text/javascript" class="remove">
      var respecConfig = {
        // specification status (e.g., WD, LCWD, NOTE, etc.). If in doubt use ED.
        specStatus: "ED",

        // the specification's short name, as in http://www.w3.org/TR/short-name/
        shortName: "vc-data-model",

        // subtitle for the spec
        subtitle: "Expressing verifiable information on the Web",

        // if you wish the publication date to be other than today, set this
        //publishDate:  "2017-08-03",

        // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
        // and its maturity status
        // previousPublishDate:  "1977-03-15",
        // previousMaturity:  "WD",

        // extend the bibliography entries
        localBiblio: vcwg.localBiblio,
        doJsonLd: true,

        github: "https://github.com/w3c/vc-data-model/",
        includePermalinks: false,

        // if there a publicly available Editor's Draft, this is the link
        edDraftURI: "https://w3c.github.io/vc-data-model/",

        // if this is a LCWD, uncomment and set the end of its review period
        // lcEnd: "2009-08-05",

        // editors, add as many as you like
        // only "name" is required
        editors:  [
          { name: "Manu Sporny", url: "http://manu.sporny.org/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/" },
          { name: "Daniel C. Burnett", url: "https://www.linkedin.com/in/daburnett/",
            company: "Invited Expert", companyURL: "https://www.linkedin.com/in/daburnett/"},
          { name: "Dave Longley", url: "https://github.com/dlongley",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/"},
          { name: "Gregg Kellogg", url: "http://greggkellogg.net/",
            company: "Spec-Ops", companyURL: "https://spec-ops.io/",
            w3cid: "44770" }
        ],

        // authors, add as many as you like.
        // This is optional, uncomment if you have authors as well as editors.
        // only "name" is required. Same format as editors.
        authors:
        [
          { name: "Manu Sporny", url: "http://digitalbazaar.com/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/" },
          { name: "Dave Longley", url: "http://digitalbazaar.com/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/"}
        ],

        // name of the WG
        wg:           "Verifiable Claims Working Group",

        // URI of the public WG page
        wgURI:        "https://www.w3.org/2017/vc/",

        // name (with the @w3c.org) of the public mailing to which comments are due
        wgPublicList: "public-vc-comments",

        // URI of the patent status for this WG, for Rec-track documents
        // !!!! IMPORTANT !!!!
        // This is important for Rec-track documents, do not copy a patent URI from a random
        // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
        // Team Contact.
        wgPatentURI:  "https://www.w3.org/2004/01/pp-impl/98922/status",
        maxTocLevel: 2,
        inlineCSS: true
      };
    </script>
    <style>
pre .highlight {
  font-weight: bold;
  color: green;
}
pre .subject {
  font-weight: bold;
  color: RoyalBlue;
}
pre .property {
  font-weight: bold;
  color: DarkGoldenrod;
}
pre .comment {
  font-weight: bold;
  color: Gray;
}
</style>
  </head>
  <body>
    <section id='abstract'>
      <p>
Credentials are a part of our daily lives;
driver's licenses are used to assert that we are capable of operating a motor
vehicle, university degrees can be used to assert our level of education, and
government-issued passports enable holders to travel between countries.
This specification provides a mechanism to express these sorts of
credentials on the Web in a way that is cryptographically secure,
privacy respecting, and machine verifiable.
      </p>
    </section>

    <section id='sotd'>
      <p>
Comments regarding this document are welcome. Please file issues
directly on <a href="https://github.com/w3c/vc-data-model/issues/">GitHub</a>,
or send them to
<a href="mailto:public-vc-comments@w3.org">public-vc-comments@w3.org</a>
(<a href="mailto:public-vc-comments-request@w3.org?subject=subscribe">subscribe</a>,
<a href="https://lists.w3.org/Archives/Public/public-vc-comments/">archives</a>).
      </p>

        <p class="issue" data-number=200>
There remain a list of terminology-related editorial issues that need to be
processed in this document.
        </p>

        <p class="issue" data-number=201>
There remain a list of editorial issues that need to be processed in this
document.
        </p>

    </section>

    <section>
      <h2>Introduction</h2>

      <em>This section is non-normative.</em>

      <p>
Credentials are a part of our daily lives; driver's licenses are used to
assert that we are capable of operating a motor vehicle, university degrees
can be used to assert our level of education, and government-issued passports
enable us to travel between countries. These credentials provide benefits
to us when used in the physical world, but their use on the Web continues to
be elusive.
      </p>

      <p>
It is currently difficult to express banking account information,
education qualifications, healthcare data, and other sorts of machine-readable
personal information that has been verified by a 3rd party on the Web and this
makes it difficult to receive the same benefits from the Web that physical
credentials provide us in the physical world.
      </p>

      <p>
This specification provides a standard way to express credentials on the
Web in a way that is cryptographically secure, privacy-respecting,
and machine-verifiable.
      </p>
      <p>
For those that are unfamiliar with the concepts related to verifiable
credentials, the following sections provide an overview of:
      </p>
      <ol>
        <li>
the components that constitute a <a>verifiable credential</a>,
        </li>
        <li>
the components that constitutes a <a>verifiable presentation</a>,
        </li>
        <li>
an ecosystem where verifiable credentials and verifiable presentations are
expected to be useful, and
        </li>
        <li>
the use cases and requirements that informed this specification.
        </li>
      </ol>
      </p>

    <section>
      <h3>What is a Verifiable Credential?</h3>

      <p>
In the physical world, a credential may consist of:
      </p>

      <ul>
        <li>
information related to the subject of the credential (e.g., photo, name, and
identification number),
        </li>
        <li>
information related to the issuing authority (e.g., city government,
national agency, or certification body),
        </li>
        <li>
evidence related to how the credential was derived, and
        </li>
        <li>
information related to expiration dates.
        </li>
      </ul>

      <p>
A verifiable credential can represent all of the same information that a
physical credential represents. The addition of technologies such as
digital signatures makes verifiable credentials more tamper-evident and
therefore more trustworthy than their physical counterparts. Holders can
generate presentations and share them with verifiers to prove they possess
verifiable credentials with certain characteristics. Both credentials and
presentations can be rapidly transmitted, making them more convenient than
their physical counterparts when establishing trust at a distance.
      </p>
    </section>
    <section>
      <h3>Ecosystem Overview</h3>

      <em>This section is non-normative.</em>

      <p>
This section outlines a basic set of roles and an ecosystem where verifiable
credentials are expected to be useful. In this section, we distinguish the essential
roles of core actors and the relationships between them; how do they interact?
A role is an abstraction that might be implemented in many different ways. The
separation of roles suggests likely interfaces and/or protocols for
standardization. The following roles are introduced in this specification:
      </p>

      <dl>
        <dt><a>holder</a></dt>
        <dd>
A role an <a>entity</a> may perform by possessing one or more
<a>verifiable credentials</a> and generating <a>presentations</a> from them.
Examples of holders include students, employees, and customers.
        </dd>
        <dt><a>issuer</a></dt>
        <dd>
A role an <a>entity</a> may perform by creating a <a>verifiable credential</a>,
associating it with a particular <a>subject</a>, and transmitting it to
a <a>holder</a>. Examples of issuers include corporations, non-profits,
trade associations, governments, and individuals.
        </dd>
        <dt><a>verifier</a></dt>
        <dd>
A role an <a>entity</a> may perform by requesting and receiving a
<a>verifiable presentation</a> that proves the holder possesses the required verifiable credentials with certain characteristics.
Examples of verifiers include employers, security personnel, and websites.
        </dd>
        <dt><a>identifier registry</a></dt>
        <dd>
A role a system may perform by mediating the creation and verification of <a>issuer</a> identifiers,
keys and other relevant data required to use verifiable credentials. Some configurations may require correlatable
identifiers for subjects. Examples of such data repositories include trusted databases,
decentralized databases, government ID databases, and distributed ledgers.
        </dd>
      </dl>

      <figure>
        <img style="margin: auto; display: block;" width="75%" src="diagrams/ecosystem.svg">
        <figcaption style="text-align: center;">
The roles and information flows that form the basis for this specification.
        </figcaption>
      </figure>

      <p class="note">
The ecosystem above is provided as an example to the reader in order to ground
the rest of the concepts in this specification. Other ecosystems exist, such as
protected environments or proprietary systems, where verifiable credentials also
provide benefit.
      </p>

      <p class="issue" data-number=57>
The VCWG is actively discussing the number of roles and terminology used
in this specification.
The group expects terminology and role identification to be an ongoing
discussion and will be influenced by
public feedback on the specification. At present, the following incomplete
list of roles and terminology have been considered: Subject, Issuer, Authority,
Author, Signatory, Holder, Presenter, Asserter, Claimant, Sharer,
Subject's Agent, Prover, Mediator, Inspector, Evaluator, Verifier, Consumer, and
Relying Party. Some of these are aliases for the same concept, others are
possibly new roles in the ecosystem. Reviewers should be aware that the
terminology used in this document is not necessarily final and the group is
actively soliciting feedback on the roles and terminology used in this
specification.
      </p>

        <p class="issue" data-number=80>
The group is currently discussing how the ecosystem overview could be improved
with the intent to defer future improvements as the current section seems to
be working well so far.
        </p>

        <p class="issue" data-number=32>
The group is currently discussing how to bootstrap simple Web of Trust
credentials in this ecosystem.
        </p>

    </section>

    <section>
      <h3>Use Cases and Requirements</h3>

      <em>This section is non-normative.</em>

      <p>
The Verifiable Credentials Use Cases [[VC-USECASES]] document outlines a number of
key topics that readers may find useful, including:
      </p>
      <ul>
        <li>
a more thorough explanation of the
<a href="https://www.w3.org/TR/verifiable-claims-use-cases/#user-roles">roles</a>
introduced above,
        </li>
        <li>
the
<a href="https://www.w3.org/TR/verifiable-claims-use-cases/#user-needs">needs</a>
identified in market verticals like education, finance, healthcare, retail,
professional licensing, and government,
        </li>
        <li>
common
<a href="https://www.w3.org/TR/verifiable-claims-use-cases/#user-tasks">tasks</a>
performed by the roles in the ecosystem, as well as their associated
requirements, and
        </li>
        <li>
common
<a href="https://www.w3.org/TR/verifiable-claims-use-cases/#user-sequences">sequences and flows</a>
identified by the Working Group.
        </li>
      </ul>
      <p>
As a result of documenting and analyzing the use cases document, a number of
desirable ecosystem characteristics have been identified for this
specification, namely:
      </p>
      <ul>
        <li>
<a>Holders</a> receive and store <a>verifiable credentials</a> from
<a>issuers</a>. <a>Holders</a> may interact with an issuer through an
agent that the issuer needn't trust.
        </li>
        <li>
<a>Holders</a> are positioned between <a>issuers</a> and <a>verifiers</a>
and use <a>verifiable credentials</a> to make <a>verifiable presentations</a>
to <a>verifiers</a>.
        </li>
        <li>
<a>Holders</a> may interact with <a>verifiers</a> through an agent that
verifiers needn't trust; verifiers only need to trust
<a>issuers</a>.
        </li>
        <li>
<a>Verifiable credentials</a> are associated with <a>subjects</a>, not
particular services; <a>holders</a> decide how to aggregate and manage
<a>verifiable credentials</a> and the <a>verifiable presentations</a>
associated with them.
        </li>
        <li>
<a>Holders</a> are able to easily control and own their own identifiers.
        </li>
        <li>
<a>Holders</a> control which <a>verifiable credentials</a> to use and when.
        </li>
        <li>
<a>Holders</a> are able to freely choose and change the agents they employ
to help them manage their <a>verifiable credentials</a> and generate and share <a>verifiable presentations</a>.
        </li>
        <li>
<a>Holders</a> can share <a>verifiable presentations</a> that can be verified without revealing
the identity of the <a>verifier</a> to the <a>issuer</a>.
        </li>
        <li>
<a>Holders</a> in <a>presentations</a> can either disclose the attributes or satisfy <a>predicates</a>
requested by the <a>verifier</a>. <a>Predicates</a> are boolean conditions like greater/less than or
equal to, is in set, etc.
        </li>
        <li>
<a>Verifiable credentials</a> and <a>verifiable presentations</a> are expressed in one or more standard,
machine-readable data formats which can also be extended with minimal coordination.
        </li>
        <li>
Issuers issue <a>verifiable credentials</a>, and holders store them.
Holders offer <a>verifiable presentations</a>, and verifiers verify them.
Issuance of credentials, storage of credentials, the generation and sharing
of presentations, and the verification of them are each independent processes.
        </li>
        <li>
<a>Verifiable Credentials</a> can be revoked by the <a>issuer</a>.
        </li>
      </ul>
      <p class="issue">
There are
<a href="https://www.w3.org/TR/verifiable-claims-use-cases/#user-tasks">other requirements</a>
listed in the Verifiable Credentials Use Cases
document that may or may not be aligned with the requirements listed above.
The VCWG will be ensuring alignment of the list of requirements from both
documents over time and will most likely move the list of requirements to a
single document.
      </p>
    </section>

  </section>

    <section>
      <h2>Terminology</h2>

      <em>This section is non-normative.</em>

      <div data-include="./terms.html"
        data-oninclude="restrictReferences">
      </div>
    </section>

    <section>
      <h2>Core Data Model</h2>

      <em>This section is non-normative.</em>

      <p>
The following sections outline core data model concepts, such as
<a>claims</a>, <a>credentials</a>, and <a>presentations</a>, that form the
foundation of this specification.
      </p>

      <section>
        <h3>Claims</h3>

        <em>This section is non-normative.</em>

        <p>
A <a>claim</a> is statement about a <a>subject</a>.
A <a>subject</a> is an <a>entity</a> about which <a>claims</a> may be made.
<a>Claims</a> are expressed using
<strong><em>subject</em></strong>-<dfn data-lt="property|properties">property</dfn>-<dfn>value</dfn>
relationships.
        </p>

      <figure>
        <img style="margin: auto; display: block;"
          width="50%" src="diagrams/claim.svg">
        <figcaption style="text-align: center;">
The basic structure of a claim.
        </figcaption>
      </figure>

      <p>
The data model for <a>claims</a> described above is powerful and can be used to
express a large variety of statements. For example, whether or not someone is over
the age of 21 may be expressed as follows:
      </p>

      <figure>
        <img style="margin: auto; display: block;"
          width="50%" src="diagrams/claim-example.svg">
        <figcaption style="text-align: center;">
An example of a basic claim that expresses that Pat is over the age of 21.
        </figcaption>
      </figure>

      <p>
If a presentation supports <a>derived predicates</a>, a claim about birthdate in a
credential can become the basis of proof that at an arbitrary point in time, the
age of a subject did or will fall within an arbitrary interval.
      </p>

      <p>
These claims may be merged together to express a graph of
information about a particular subject. The example below extends the
data model above by adding claims that state that Pat knows Sam and that
Sam is employed as a professor.
      </p>

      <figure>
        <img style="margin: auto; display: block;"
          width="75%" src="diagrams/claim-extended.svg">
        <figcaption style="text-align: center;">
Multiple claims may be combined to express a more complex graph.
        </figcaption>
      </figure>

      <p>
At this point, the concept of a <a>claim</a> has been introduced. To enable
one to trust the claims, more information must be added to the graph
of information.
      </p>

    </section>
    <section>
      <h2>Credentials</h2>

      <em>This section is non-normative.</em>

      <p>
A <a>credential</a> is set of one or more <a>claims</a> made by the
same <a>entity</a>. It may include an identifier as well as metadata that
describes properties of the credential itself such as: the <a>issuer</a>,
the expiry time, a representative image, a public key to use for the purposes
of verification, the revocation mechanism to use etc.
This metadata may be signed by the issuer. A <a>verifiable credential</a> is a
set of claims and meta data that are tamper-evident and that cryptographically
prove who issued it.
      </p>

      <figure>
        <img style="margin: auto; display: block;" width="50%" src="diagrams/credential.svg">
        <figcaption style="text-align: center;">
The basic components of a verifiable credential.
        </figcaption>
      </figure>

      <p>
Examples of verifiable credentials include digital employee identification
cards, digital birth certificates, digital educational certificates, etc.
      </p>

      <p class="note">
It is possible to have a <a>credential</a>, such as a marriage certificate,
that contains multiple <a>claims</a> about different <a>subjects</a> that are
not required to be related.
      </p>

      <p class="issue" data-number=47>
The group is currently discussing whether or not they support all the types
of claims that can be made.
      </p>

    </section>
    <section>
      <h2>Presentations</h2>

      <em>This section is non-normative.</em>

      <p>
As this specification takes a privacy-first approach, it is important that
the entities that use this technology are able to express only the portions of
their persona that are appropriate for the situation. The expression of a
subset of one's persona is called a <a>verifiable presentation</a>.
      </p>

      <p>
A <a>verifiable presentation</a> expresses data from one or more <a>verifiable
credentials</a>, and is packaged in such a way that the authorship of the data
is verifiable. If credentials are directly presented, they become a
presentation. Data formats derived from credentials that are cryptographically
verifiable but that do not, of themselves, contain credentials, may also be
presentations.
      </p>
      <p>
      The data in a presentation are often about the same <a>subject</a> that
have been issued by multiple <a>issuers</a>. The aggregation of this
information typically expresses an aspect of a person, organization, or entity.
      </p>

      <figure>
        <img style="margin: auto; display: block;"
          width="50%" src="diagrams/presentation.svg">
        <figcaption style="text-align: center;">
The basic components of a verifiable presentation.
        </figcaption>
      </figure>

      <p>
Examples of different presentations include a person's professional persona, online
gaming persona, or home-life persona.
      </p>

      <p class="note">
It is possible to have a <a>presentation</a>, such as a business persona,
that draws upon multiple <a>credentials</a> about different <a>subjects</a>
that are often, but not required to be, related.
      </p>

    </section>
    </section>

    <section>
      <h1>Trust Model</h1>

      <em>This section is non-normative.</em>

      <p>
The Verifiable Credentials trust model is as follows:
      </p>

      <ol>
        <li>
The <a>verifier</a> trusts the <a>issuer</a> to issue the <a>credential</a>
that it receives. In order to establish this trust, a credential MUST
either 1) include a <a href="#proofs-e-g-signatures">proof</a> that establishes
that the issuer generated the credential (it is a <a>verifiable credential</a>),
or 2) have been transmitted in a way that clearly establishes that the
issuer generated the credential and that the credential has not been tampered
with in transit or storage. This trust could be weakened depending upon the
risk assessment of the verifier.
        </li>
        <li>
All entities trust the <a>identifier registry</a> to be incorruptible and
to be a correct record of which identifiers belong to which <a>entities</a>.
        </li>
        <li>
The <a>subject</a> trusts the <a>issuer</a> to issue true (i.e., not false)
<a>credentials</a> about the subject, and to revoke them quickly
when appropriate.
        </li>
        <li>
The <a>holder</a> trusts the <a>repository</a> to store the
<a>credentials</a> securely, to not release them to anyone other than the
<a>holder</a>, and to not corrupt or lose them whilst they are in its care.
        </li>
      </ol>

      <p>
This trust model differentiates itself from other trust models by ensuring that:
      </p>

      <ul>
        <li>
The <a>issuer</a> and the <a>verifier</a> do not need to trust the
repository</a>, and
        </li>
        <li>
the <a>issuer</a> does not need to know or trust the <a>verifier</a>.
        </li>
      </ul>

      <p>
By decoupling the trust between the <a>identity provider</a> and the
<a>relying party</a>, a more flexible and dynamic trust model is created
such that market competition and customer choice is increased.
      </p>
    </section>

    <section>
      <h1>Basic Concepts</h1>

      <p>
This section outlines some of the basic concepts introduced in this
specification and lays the groundwork for the more advanced concepts
toward the end of the document.
      </p>

      <section>
        <h2>Types</h2>

        <p>
Software systems that process the objects specified in this document
use type information to make determinations about whether or not the provided
<a>credential</a> or <a>presentation</a> is appropriate.
Type information MUST be expressed via the <a>type</a> property:
        </p>

        <dl>
          <dt><dfn>type</dfn></dt>
          <dd>
The value of this property MUST be or map to one or more URIs.
If more than one URI is provided, the URIs MUST be interpreted as an
unordered set. Note that syntactic conveniences, such as JSON-LD terms,
SHOULD be used to ease developer usage. It is RECOMMENDED that dereferencing
the URI results in a document containing machine-readable information about
the type.
          </dd>
        </dl>

        <pre class="example nohighlight" title="Usage of the type property">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://dmv.example.gov/credentials/3732",
  <span class="highlight">"type": ["VerifiableCredential", "ProofOfAgeCredential"]</span>,
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  "proof": { ... }
}
        </pre>

        <p>
With respect to this specification, the following <a>type</a>s MUST be
specified on the following objects:
        </p>

        <table class="simple">
          <thead>
            <tr>
              <th>Concept</th>
              <th>Type</th>
            </tr>
          </thead>

          <tbody>
            <tr>
              <td>
A <a href="#credentials">credential</a> object
              </td>
              <td>
<tt>"type": ["<code>VerifiableCredential</code>"]</tt> and
a more specific credential type (e.g., <code>ProofOfAgeCredential</code>)
              </td>
            </tr>

            <tr>
              <td>
A <a href="#presentations">presentation</a> object
              </td>
              <td>
<tt>"type": ["<code>VerifiablePresentation</code>"]</tt> and optionally a
more specific presentation type
(e.g., <code>CredentialManagerPresentation</code>).
              </td>
            </tr>

            <tr>
              <td>
A&nbsp;<a href="#status">credentialStatus</a>&nbsp;object
              </td>
              <td>
A valid credential status type (e.g., <code>CredentialStatusList2017</code>)
              </td>
            </tr>

            <tr>
              <td>
A <a href="#terms-of-use">termsOfUse</a> object
              </td>
              <td>
A valid terms of use type (e.g., <code>OdrlPolicy2017</code>)
              </td>
            </tr>

            <tr>
              <td>
An <a href="#terms-of-use">evidence</a> object
              </td>
              <td>
A valid evidence type (e.g., <code>DocumentVerification2018</code>)
              </td>
            </tr>

          </tbody>
        </table>

        <p>
All <a>credentials</a>, <a>presentations</a>, and encapsulated objects MUST
specify or be associated with additional, more narrow <a>type</a>s
(e.g., <code>ProofOfAgeCredential</code>) such that software systems can use
the additional information to more easily process the data.
        </p>

        <p>
When processing encapsulated objects in this specification, (e.g., objects
associated with the <code>claim</code> property or deeply nested therein),
a software system SHOULD use type information specified in encapsulating
objects higher in the hierarchy. For the avoidance of doubt, an
encapsulating object such as <a>credential</a>, SHOULD convey the types of
associated objects so that the <a>verifier</a> can quickly determine the
contents of the associated object based on the type of the encapsulating object.
To provide a concrete example, a <a>credential</a> with the additional
<code>type</code> of <code>ProofOfAgeCredential</code> would signal to the
<a>verifier</a> that the object associated with the <a>claim</a> property will
contain the identifier for the <a>subject</a> in the <code>id</code> property
and the age assertion in the <code>ageOver</code> property. This enables
implementers to rely on values associated with the <code>type</code> property
for verification purposes. The expectation of types and their associated
properties SHOULD be documented in at least a human-readable specification
and, preferably, in an additional machine-readable representation.
        </p>

        <p class="note">
The type system for the Verifiable Credentials Data Model is the same as the
one for [[JSON-LD]] and is detailed in
<a href="https://www.w3.org/TR/json-ld/#specifying-the-type">Section 5.4: Specifying the Type</a>
and
<a href="https://www.w3.org/TR/json-ld/#json-ld-grammar">Section 8: JSON-LD Grammar</a>.
When using a JSON-LD Context (see Section <a href="#extensibility"></a>),
this specification aliases the <code>@type</code>
keyword to <code>type</code> in order to make the JSON-LD documents more
idiomatic. While application developers and document authors do not need to
understand the specifics of JSON-LD's type system, implementers of this
specification that want to support extensibility in an interoperable fashion do.
        </p>

      </section>

      <section>
        <h2>Issuer</h2>

        <p>
Issuer information may be expressed via the following <a>properties</a>:
        </p>
        <dl>
          <dt><var>issuer</var></dt>
          <dd>
The value of this property MUST be a URI. It is RECOMMENDED that dereferencing
the URI results in a document containing machine-readable information about
the issuer that may be used to verify the information expressed in the
<a>credential</a>.
          </dd>
          <dt><var>issuanceDate</var></dt>
          <dd>
The value of this property MUST be a string value of an [[!ISO8601]] combined
date and time string and represents the date and time the <a>credential</a>
was issued. Note that this date represents the earliest date when the
information associated with the <var>claim</var> property became valid.
          </dd>
        </dl>
        <pre class="example nohighlight" title="Usage of issuer properties">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  <span class="highlight">"issuer": "https://dmv.example.gov/issuers/14"</span>,
  <span class="highlight">"issuanceDate": "2010-01-01T19:73:24Z"</span>,
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  "proof": { ... }
}
        </pre>
      </section>

      <section>
        <h2>Proofs (e.g., Signatures)</h2>

        <p>
In order for a <a>credential</a> or <a>presentation</a> to be made
verifiable, the following property MUST be present:
        </p>
        <dl>
          <dt><var>proof</var></dt>
          <dd>
The method used for a mathematical proof will vary by representation language
and the technology used.  For example, if digital signatures are used for
the proof mechanism, this property is expected to have a value that is a
set of name-value pairs including at least a signature, a reference to the
signing entity, and a representation of the signing date.</dd>
        </dl>
        <pre class="example nohighlight"
          title="Usage of proof property on a verifiable credential">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov",
  "issuanceDate": "2010-01-01",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  <span class="highlight">"proof": {
    "type": "RsaSignature2018",
    "created": "2017-06-18T21:19:10Z",
    "creator": "https://example.com/jdoe/keys/1",
    "nonce": "c0ae1c8e-c7e7-469f-b252-86e6a0e7387e",
    "signatureValue": "BavEll0/I1zpYw8XNi1bgVg/sCneO4Jugez8RwDg/+
      MCRVpjOboDoe4SxxKjkCOvKiCHGDvc4krqi6Z1n0UfqzxGfmatCuFibcC1wps
      PRdW+gGsutPTLzvueMWmFhwYmfIFpbBu95t501+rSLHIEuujM/+PXr9Cky6Ed
      +W3JT24="
  }</span>
}
        </pre>

        <p class="issue" data-number=93>
The group is currently discussing various alignments with the JOSE stack,
specifically JWS and JWK.
        </p>

      </section>

      <section>
        <h2>Expiration</h2>

        <p>
Expiration information for the <a>credential</a> MAY be provided by adding
the following <a>property</a>:
        </p>

        <dl>
          <dt><var>expirationDate</var></dt>
          <dd>
The value of this property MUST be a string value of an [[!ISO8601]] combined
date and time string and represents the date and time the <a>credential</a>
will cease to be valid.
          </dd>
        </dl>

        <pre class="example nohighlight" title="Usage of expirationDate property">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issuanceDate": "2010-01-01T19:73:24Z",
  <span class="highlight">"expirationDate": "2020-01-01T19:73:24Z"</span>,
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  "proof": { ... }
}
        </pre>

        <p class="issue" data-number=164>
The group is currently discussing expiration and caching.
        </p>

        <p class="issue" data-number=19>
The group is currently discussing how to automatically renew credentials.
        </p>

        <p class="issue" data-number=139>
The group is currently discussing how verifiable credentials may be
automatically updated.
        </p>

      </section>

      <section>
        <h2>Status</h2>

        <p>Information about the current status of a <a>verifiable credential</a>,
        such as suspension or revocation,
        may be provided by adding the <code>credentialStatus</code> <a>property</a>.
This property
       comprises the type of credential status information that is being provided
 (sometimes referred to as the credential status scheme), plus the id of the status
type instance. The precise contents of the credential status information is
           determined by the specific <code>credentialStatus</code> type definition,
    and will vary
 depending upon a variety of factors, such as whether it is
            simple to implement or privacy-enhancing.
        </p>

        <dl>
          <dt><var>credentialStatus</var></dt>
          <dd>The value of this property MUST be a credential status scheme that
            provides enough information to determine the current status of the
            credential (e.g., suspended, revoked, etc.).
          </dd>
        </dl>

        <pre class="example nohighlight" title="Usage of status property">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issuanceDate": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  <span class="highlight">"credentialStatus": {
    "id": "https://dmv.example.gov/status/24,
    "type": "CredentialStatusList2017"
  }</span>,
  "proof": { ... }
}
        </pre>

        <p>
Defining the data model, formats, and protocols for status schemes are out
of scope for this specification. A status scheme registry [[VC-STATUS-REGISTRY]]
exists for implementers that would like to implement credential status checking.
        </p>
      </section>

      <section>
        <h2>Presentations</h2>

        <p>
Credentials MAY be used to construct a <a>verifiable presentation</a>. A
verifiable presentation may be of a verifiable credential itself, or
of data derived from verifiable credentials in a format that is
cryptographically verifiable.
        </p>

        <p>
In the example below, we show a verifiable presentation that embeds
verifiable credentials:
        </p>

        <pre class="example nohighlight" title="Basic structure of a presentation">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
  "type": ["VerifiablePresentation"],
  <span class="highlight">"verifiableCredential": [{ ... }],
  "proof": [{ ... }]</span>
}
        </pre>
        <p class="issue" data-number=133>
The group is currently discussing whether the "id" field is appropriately
defined for Presentations.
        </p>

        <p class="issue" data-number=106>
The group is currently discussing how the data model expresses when the
subject is not the holder of the credential/presentation.
        </p>

        <p class="issue" data-number=105>
The group is currently discussing holders, subjects, and identifier
control.
        </p>

        <p>
The contents of the <code>verifiableCredential</code> property shown above are
<a>verifiable credentials</a> as described by this specification. The contents
of the <code>proof</code> property are proofs as described by the
Linked Data Proofs [[LD-PROOFS]] specification. The <code>id</code> property
is optional and MAY be used to provide a unique identifier for the presentation.
The value associated with the <code>id</code> property MUST be a URI.
        </p>

        <p>
Some zero-knowledge cryptography schemes may enable holders to indirectly
prove that they hold a credential without revealing the credential itself. In
these schemes, the original attribute, such as a date of birth, may be
translated into another value, such as "over the age of 15", that is
cryptographically asserted such that a <a>verifier</a> can trust the value if
they trust the <a>issuer</a>.
        </p>

        <p class="issue" title="ZKP-style verifiable presentation">
We are currently working on an example of a ZKP-style verifiable presentation
that contains derived data instead of directly embedded verifiable credentials.
        </p>
      </section>
    </section>

    <section>
      <h1>Advanced Concepts</h1>

      <section>
        <h2>Extensibility</h2>

        <p>
One of the goals of the Verifiable Credentials Data Model is to enable
permissionless innovation. This requires that the data model is extensible
in a number of different ways:
        </p>

        <ul>
          <li>
The requirement to model complex multi-entity relationships is provided
through the use of a graph-based data model.
          </li>
          <li>
The requirement to be able to extend the machine-readable vocabularies
used to describe information in the data model without the use of a
centralized system for doing so is accomplished via the use
of [[LINKED-DATA]].
          </li>
          <li>
The requirement to support multiple types of cryptographic proof formats is
accomplished via the use of Linked Data Proofs [[LD-PROOFS]],
Linked Data Signatures [[LD-SIGNATURES]], and a variety of signature suites.
          </li>
          <li>
The requirement to provide all of the extensibility mechanisms outlined above
in a data format that is popular among software developers and web page authors
is enabled via the use of [[!JSON-LD]].
          </li>
        </ul>

        <p>
This approach to data modelling is often called an "open world assumption,"
meaning that any entity can say anything about any other entity. This approach
often feels in conflict with building simple and predictable software systems.
Balancing extensibility with program correctness is always more challenging
with an open world assumption than it is with closed software systems.
        </p>

        <p>
The rest of this section describes how both extensibility and program
correctness are achieved through a series of examples.
        </p>

        <p class="issue" data-number=187>
The group is currently discussing how a travel use case could be covered as
an extension.
        </p>

        <p>
Let us assume that we start with the following <a>verifiable credential</a>:
        </p>

        <pre class="example nohighlight" title="A simple credential">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://example.com/credentials/4643",
  "type": ["VerifiableCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2018-02-24T05:28:04Z",
  "claim": {
    "id": "did:example:abcdef1234567",
    "name": "Jane Doe"
  },
  "proof": { ... }
}
        </pre>

        <p>
The credential above simply states that the entity associated with
<code>did:example:abcdef1234567</code> has a <code>name</code> with a
value of <code>Jane Doe</code>. Let's assume that a developer wanted to
extend the <a>verifiable credential</a> to store two additional pieces of
information: an internal corporate reference number, and Jane's favorite
food.
        </p>

        <p>
The first thing that a developer would do is create a JSON-LD Context
containing two new terms:
        </p>

        <pre class="example nohighlight" title="An example JSON-LD Context">
{
  "@context": {
    "referenceNumber": "https://example.com/vocab#referenceNumber",
    "favoriteFood": "https://example.com/vocab#favoriteFood"
  }
}
        </pre>

        <p>
Now that the JSON-LD Context has been created, the developer must publish it
somewhere that is accessible to <a>verifiers</a> that will be processing the
<a>verifiable credential</a>. For this example, let us assume that the
JSON-LD Context above is published at the following URL:
<code>https://example.com/contexts/mycontext.jsonld</code>. At this point,
extending the first example in this section is a simple matter of including the
context above and adding the new properties to the <a>verifiable credential</a>.
        </p>

        <pre class="example nohighlight"
          title="A verifiable credential with a custom extension">
{
  "@context": <span class="highlight">[
    </span>"https://w3id.org/credentials/v1",
    <span class="highlight">"https://example.com/contexts/mycontext.jsonld"
  ]</span>,
  "id": "http://example.com/credentials/4643",
  "type": ["VerifiableCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2018-02-24T05:28:04Z",
  <span class="highlight">"referenceNumber": 83294847,</span>
  "claim": {
    "id": "did:example:abcdef1234567",
    "name": "Jane Doe",
    <span class="highlight">"favoriteFood": "Papaya"</span>
  },
  "proof": { ... }
}
        </pre>

        <p>
The examples so far have shown that it is easy to extend the Verifiable
Credentials Data Model in a permissionless and decentralized way. The
mechanism shown also ensures that verifiable credentials that were created
in this way provide a mechanism to prevent namespace conflicts and
semantic ambiguity.
        </p>

        <p>
An extensibility model that is this dynamic does increase implementation burden.
Software written for such a system will have to determine if accepting
<a>verifiable credentials</a> with extensions is acceptable based on the
risk profile of the application. Some applications may choose to only accept
certain extensions while highly secure environments may require that no
extensions are allowed. These decisions are up to the developers of these
applications and are specifically not the domain of this specification.
Applications that do not understand the semantic meaning of all properties
while processing a verifiable credential or a verifiable presentation MUST
produce an error.
        </p>

        <p>
Developers are urged to ensure that extension JSON-LD Contexts are highly
available. Implementations that cannot fetch a context will produce an error.
Strategies for ensuring that extension JSON-LD Contexts are always available
include using content-addressed URLs for contexts, bundling context documents
with implementations, or enabling aggressive caching of contexts.
        </p>

        <section>
          <h3>Semantic Interoperability</h3>

          <p>
This specification endeavors to enable both the JSON and JSON-LD syntaxes
to be semantically compatible with one another without the JSON implementations
needing to process the documents as JSON-LD. In order to achieve this, the
specification creates the following additional restrictions on both syntaxes:
          </p>

          <ul>
            <li>
JSON-based processors MUST process the <code>@context</code> property, ensuring
the expected values exist in the expected order for the <code>type</code> of
<a>credential</a> that they are processing. The expected order MUST be defined
by at least a human-readable extension specification and, preferably, a
machine-readable specification.
            </li>
            <li>
In addition to the rule above, JSON-LD-based processors MUST produce an error
when a JSON-LD Context redefines any term in the
<a href="https://www.w3.org/TR/json-ld/#dfn-active-context">active context</a>.
            </li>
          </ul>

          <p>
To avoid the possibility of accidentally overriding terms, developers are urged
to scope their extensions. For example, the following extension scopes the
new <code>favoriteFood</code> term so that it may only be used within the
<code>claim</code> property:
          </p>

          <pre class="example nohighlight" title="Scoping terms in a JSON-LD Context">
{
  "@context": {
    "referenceNumber": "https://example.com/vocab#referenceNumber",
    <span class="highlight">"claim": {
      "@id": "https://w3id.org/credentials#claim",
      "@context": {
        "favoriteFood": "https://example.com/vocab#favoriteFood"
      }
    }</span>
  }
}
          </pre>

        </section>

      </section>

      <section>
        <h2>Refreshing</h2>

        <p>
It is often useful for systems to enable the manual or automatic refresh of a
<a>verifiable credential</a> that has <a href="#expiration">expired</a>.
This specification enables an <a>issuer</a> to include a link to a refresh
service.
        </p>
        <p>
The issuer may include the refresh service as an element inside the <a>verifiable
credential</a> if it is intended for either the verifier or the holder or both, or
inside the <a>verifiable presentation</a> if it is intended for the holder only.
        </p>
        <p>
Including the refresh reference in the presentation enables the holder to refresh the
credential details before creating a presentation to share with a verifier, while including
the refresh reference in the <a>verifiable credential</a> enables the both the holder and
the verifier to perform future updates of the credential.
        </p>
       <p>
The expression of a refresh service may be performed via the following
<a>property</a>:
        </p>

        <dl>
          <dt><var>refreshService</var></dt>
          <dd>The value of this property MUST be one or more refresh services
            that provides enough information to the <a>holder</a>'s software
            such that it may refresh the credential.
            Each <code>refreshService</code> comprises at least its
            <code>type</code> (e.g. <code>ManualRefreshService2018</code>),
            and the serviceEndpoint URL. The precise contents of each
            refresh service is determined by the specific type definition.
          </dd>
        </dl>

        <pre class="example nohighlight" title="Usage of termsOfUse property by an Issuer">
{
  "@context": [
    "https://w3id.org/credentials/v1",
    "https://example.org/motorlicense/v1"
  ],
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issuanceDate": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  <span class="highlight">"refreshService": {
    "type": "ManualRefreshService2018",
    "serviceEndpoint": "https://dmv.example.gov/refresh/283947"
  }</span>,
  "proof": { ... }
}
        </pre>

        <p>
In the example above, the <a>issuer</a> is specifying a
manual <code>refreshService</code> that can be used by directing the
<a>holder</a> to the following URL:
<code>https://dmv.example.gov/refresh/283947</code>.
        </p>

      </section>

      <section>
        <h2>Terms of Use</h2>

        <p>Terms of use can be utilized by an <a>issuer</a>, a <a>subject</a>, or a
        <a>holder</a> to constrain the use of information expressed by the Verifiable
        Credentials Data Model. The <a>issuer</a> places their terms of use inside
        the <a>credential</a> before it is converted into a <a>verifiable credential</a>.
        The <a>holder</a> places holder terms of use inside a <a>presentation</a>.
        </p>

       <p class="note"> it is for further study how a subject who is not a
       holder places terms of
       use on his or her verifiable credentials. One way could be for the subject to
       request the issuer to place them inside the issued verifiable credentials. Another
       way could be by the subject delegating a verifiable credential to a holder and
       placing terms of use restrictions on the delegated verifiable credential.
       </p>
       <p> The expression of
        terms of use may be performed via the following <a>property</a>:
        </p>

        <dl>
          <dt><var>termsOfUse</var></dt>
          <dd>The value of this property MUST be one or more terms of use
            that tell the <a>verifier</a> what actions it MUST perform if it is to
           accept the verifiable credential or verifiable presentation.
          If the verifier is not willing to accept these terms of use then it MUST reject
          the verifiable credential or verifiable presentation.
          Each <code>termsOfUse</code> comprises its type,
            for example, <code>IssuerPolicy</code>, and
            optionally its instance id. The precise contents of each term of use is
            determined by the specific <code>TermsOfUse</code> type definition.
          </dd>
        </dl>

        <p class="issue" data-title="Direct the reader to a Terms of Use vocabulary">
The group is currently exploring a variety of ways of expressing the terms of
use associated with a Verifiable Credential, namely, the
<a href="http://w3c.github.io/poe/model/">Open Digital Rights Language</a>.
A related initiative is the one at <a href="https://customercommons.org">Customer Commons</a>.
        </p>

        <pre class="example nohighlight" title="Usage of termsOfUse property by an Issuer">
{
  "@context": [
    "https://w3id.org/credentials/v1",
    "https://example.org/motorlicense/v1"
  ],
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issuanceDate": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  <span class="highlight">"termsOfUse": [{
    "type": "IssuerPolicy",
    "id": "http://example.com/policies/credential/4",
    "profile": "http://example.com/profiles/credential",
    "prohibition": [{
      "assigner": "https://dmv.example.gov/issuers/14",
      "assignee": "AllVerifiers",
      "target": "http://dmv.example.gov/credentials/3732",
      "action": ["Archival"]
    }]
  }</span>,
  "proof": { ... }
}
        </pre>

        <p>
In the example above, the <a>issuer</a> is prohibiting a <a>verifier</a> from
storing the data in an archive.
        </p>

        <pre class="example nohighlight" title="Usage of termsOfUse property by a Holder">
{
  "@context": [
    "https://w3id.org/credentials/v1",
    "https://example.org/motorlicense/v1"
  ],
  "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
  "type": "VerifiablePresentation",
  "credential": [{
    "id": "http://dmv.example.gov/credentials/3732",
    "type": ["VerifiableCredential", "ProofOfAgeCredential"],
    "issuer": "https://dmv.example.gov/issuers/14",
    "issuanceDate": "2010-01-01T19:73:24Z",
    "claim": {
      "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
      "ageOver": 21
    },
    "proof": { ... }
  }],
  <span class="highlight">"termsOfUse": [{
    "type": "HolderPolicy",
    "id": "http://example.com/policies/credential/6",
    "profile": "http://example.com/profiles/credential",
    "prohibition": [{
      "assigner": "did:example:ebfeb1f712ebc6f1c276e12ec21",
      "assignee": "https://wineonline.example.org/",
      "target": "http://dmv.example.gov/credentials/3732",
      "action": ["3rdPartyCorrelation"]
    }]
  }</span>,
  "proof": [ ... ]
}
        </pre>

        <p>
In the example above, the <a>holder</a>, who is also the <a>subject</a>,
is prohibiting the <a>verifier</a> (<code>https://wineonline.example.org</code>)
from using the information provided to correlate the
<a>holder</a>/<a>subject</a> by using a 3rd party service.
        </p>

        <p class="issue" data-number=133>
The group is currently discussing how one knows who specified the Terms of Use.
        </p>

      </section>

      <section>
        <h2>Evidence</h2>

        <p>
The <em>evidence</em> property is used by an <a>issuer</a> to represent the
set of evidence that was used to determine whether or not to issue
a <a>credential</a>. For example, an issuer might check physical documentation
provided by the <a>subject</a> or might perform a set of background checks
before issuing the credential. In certain scenarios, this information is useful
to the <a>verifier</a> when determining the risk associated with accepting
the credential.
        </p>

        <p>
Evidence information for the credential in the Verifiable Credentials Data
Model is provided by adding the following <a>property</a>:
        </p>

        <dl>
          <dt><var>evidence</var></dt>
          <dd>The value of this property MUST be one or more evidence schemes
            that provides enough information to a <a>verifier</a>
            to determine whether or not the evidence gathered meets their
            requirements. The contents of each evidence scheme is determined
            by the particular scheme itself.
          </dd>
        </dl>

        <p class="issue" data-title="Define ONE concrete format for the evidence parameter ">
The group is currently determining whether or not they should publish a
very simple scheme for evidence as a part of this specification.
        </p>

        <p class="issue" data-number=136>
The group is currently discussing how attachments and references to
non-credential data are supported by the specification.
        </p>

        <p class="issue" data-number=135>
The group is currently discussing how attachments and references to
credentials are supported by the specification.
        </p>

        <pre class="example nohighlight" title="Usage of evidence property">
{
  "@context": [
    "https://w3id.org/credentials/v1",
    "https://example.org/motorlicense/v1"
  ],
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issuanceDate": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  <span class="highlight">"evidence": [{
    "id": "https://dmv.example.gov/evidence/f2aeec97-fc0d-42bf-8ca7-0548192d4231",
    "type": ["DocumentVerification"],
    "verifier": "https://dmv.example.gov/issuers/14",
    "evidenceDocument": "DriversLicense",
    "subjectPresence": "Physical",
    "documentPresence": "Physical"
  }]</span>,
  "proof": { ... }
}
        </pre>

        <p class="note">
For the avoidance of doubt, the <em>evidence</em> <a>property</a> provides
information that is different from and complementary to the
<a href="#proofs-e-g-signatures">proof</a> property. The <em>evidence</em>
property is used to express supporting information, such as documentary
evidence, related to the integrity of the credential. In contrast, the
<em>proof</em> property is used to express machine-verifiable mathematical
proofs related to the authenticity of the issuer and integrity of the
credential.
        </p>

        <p class="issue" data-number=42>
The group is currently discussing how to visualize verifiable credentials and
any media associated with them.
        </p>

    </section>

    <section>

      <h1>Subject-Holder Relationships</h1>

      <p>
This section describes the possible relationships between the subject
and the holder and how the data model expresses the various relationships. The
following diagram depicts the various types of relationships that are covered in
the rest of this section:
     </p>

      <figure>
        <img style="margin: auto; display: block;" width="75%"
          src="diagrams/subject-ne-holder.svg">
        <figcaption style="text-align: center;">
Subject-Holder Relationships in Verifiable Credentials.
        </figcaption>
      </figure>

     <p>
The following sections describe how each of these instances are handled in
the data model.
     </p>

    <section>
      <h2>Subject is the Holder</h2>

      <p>
The most common case is when the <a>subject</a> is the <a>holder</a>. For
example, the <a>verifier</a> can easily deduce that the subject is the
holder if the <a>verifiable presentation</a> is digitally signed by the
holder and all contained <a>verifiable credentials</a> are about a subject
that can be identified to be the same as the holder.
      </p>

    </section>

    <section>
      <h2>Credential Uniquely Identifies Subject</h2>

      <p>.
In this case, the <a>claim</a> may contain multiple properties that each
provide an aspect of the identity of the subject, and which together
unambiguously identify the subject. Some use cases may not require the
holder to be identified at all, such as checking to see if a doctor (the
subject) is board certified. Other use cases may require the verifier to
use out-of-band knowledge to determine the relationship between the
subject and the holder.
      </p>

      <pre class="example nohighlight" title="An example of a credential
that uniquely identifies a subject">
{
  "@context": ["https://w3id.org/credentials/v1", "https://schema.org/"]
  "id": "http://dmv.example.gov/credentials/332",
  "type": ["VerifiableCredential", "IdentityCredential"],
  "issuer": "https://dmv.example.gov/issuers/4",
  "issued": "2017-02-24",
  "claim": {
    "name": "J. Doe",
    "address": {
      "streetAddress": "10 Rue de Chose",
      "postalCode": "98052",
      "addressLocality": "Paris",
      "addressCountry": "FR"
    },
    "birthDate": "1989-03-15"
    ...
  },
  "proof": { ... }
}
      </pre>

      <p>
The example above uniquely identifies the subject through the use of the
name, address, and birth date of the individual.
      </p>

   </section>

    <section>
      <h2>Subject Passes the Verifiable Credential to a Holder</h2>

      <p class="issue" data-number=204>
The group is currently debating the best security model for delegation. Readers
should treat this entire section as at-risk and currently under debate.
      <p>

      <p>
Normally verifiable credentials will be presented to verifiers by the
subject. However in some cases, the subject may need to pass the whole or
part of a verifiable credential to another holder. The data model allows for
both cases as follows.
      </p>

      <p>
If only the subject is allowed to present the verifiable credential to a
verifier, the issuer MUST insert the "subject only" Terms of Use into the
verifiable credential, as defined below. <span class="issue">
This feature is at risk and is likely to be removed due to lack of consensus.
</span>
      </p>

      <p>
If the subject is not forbidden by the issuer to pass the whole or part of a
verifiable credential to a holder, for example, a patient may pass a
prescription verifiable credential to a relative for the relative to present
it to a pharmacist for dispensing, then the subject MUST issue a verifiable
credential to the holder containing the claim properties that are being
passed on, as described below. <span class="issue">
This feature is at risk and is likely to be removed and replaced with
another solution, possibly created by another Working Group, that focuses on
delegation of authority instead of delegation of attributes.
</span>
      </p>

   <section>

   <h3> 'Subject Only' Terms of Use </h3>

      <p class="issue" data-number=204>
The group is currently debating the best security model for delegation. Readers
should treat this entire section as at-risk and currently under debate.
      </p>

  <p>
The Subject Only Terms of Use states that a verifiable credential MUST only be
presented to a verifier by the subject. If a verifier is presented with a
verifiable credential containing the Subject Only Terms of Use, by anyone other
    than the subject, it MUST refuse to accept it.
     </p>

        <pre class="example nohighlight" title="Subject Only termsOfUse property by an Issuer">
{
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issued": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  <span class="highlight">"termsOfUse": [{
    "type": "SubjectOnly",
    }]
  }</span>,
  "proof": { ... }
}
        </pre>

       </section>

  <section>
   <h3> Passing on a Verifiable Credential </h3>

      <p class="issue" data-number=204>
The group is currently debating the best security model for delegation. Readers
should treat this entire section as at-risk and currently under debate.
      <p>

   <p>

When the subject passes a verifiable credential to a
holder, the subject SHOULD issue a new verifiable credential to the holder in which:
the issuer is the subject,
the subject is the holder to whom the verifiable credential is being passed,
and the claim contains the properties that are being passed on. In addition, the
holder creates a verifiable presentation that contains these two
verifiable credentials.
</p>

        <pre class="example nohighlight" title="An example of a holder presenting verifiable
credential properties that have been passed to it by the subject">
{
  "id": "did:example:76e12ec21ebhyu1f712ebc6f1z2",
  "type": ["VerifiablePresentation"],
  "credential": [{
      "id": "http://example.gov/credentials/3732",
      "type": ["VerifiableCredential", "PrescriptionCredential"],
      "issuer": "https://dmv.example.gov",
      "issued": "2010-01-01",
      "claim": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "prescription": {....}
      },
      "revocation": {
        "id": "http://example.gov/revocations/738",
        "type": "SimpleRevocationList2017"
      },
      "proof": {....}
    },
    {
      "id": "https://example.com/VC/123456789",
      "type": ["VerifiableCredential", "PrescriptionCredential"],
      "issuer": "did:example:ebfeb1f712ebc6f1c276e12ec21",
      "issued": "2010-01-03",
      "claim": {
        "id": "did:example:76e12ec21ebhyu1f712ebc6f1z2",
        "prescription": {....}
      },
      "proof": {
        "type": "RsaSignature2018",
        "created": "2017-06-17T10:03:48Z",
        "creator": "did:example:ebfeb1f712ebc6f1c276e12ec21/keys/234",
        "nonce": "d61c4599-0cc2-4479-9efc-c63add3a43b2",
        "signatureValue": "pYw8XNi1..Cky6Ed = "
      }
    }
  ],
  "proof": [{
    "type": "RsaSignature2018",
    "created": "2017-06-18T21:19:10Z",
    "creator": "did:example:76e12ec21ebhyu1f712ebc6f1z2/keys/2",
    "nonce": "c0ae1c8e-c7e7-469f-b252-86e6a0e7387e",
    "signatureValue": "BavEll0/I1..W3JT24 = "
  }]
}
        </pre>


   </section>
  </section>

   <section>
      <h2>Holder Acts on Behalf of the Subject</h2>

      <p>
The data model supports the <a>holder</a> acting on behalf of the
<a>subject</a> in at least the following ways:
      </p>

      <ul>
        <li>
The issuer may include the relationship between the holder and the subject
in the <code>claim</code> data.
        </li>
        <li>
The issuer may express the relationship between the holder and the subject
by issuing a new <a>verifiable credential</a> which the holder utilizes.
        </li>
        <li>
The subject may express their relationship with the holder by issuing a
new <a>verifiable credential</a> which the holder utilizes.
        </li>
      </ul>

      <p>
The mechanisms above describe the relationship between the holder and the
subject and helps the verifier to decide whether the relationship is
sufficiently expressed for the given use case.
      </p>

      <p class="note">
The additional mechanisms that the issuer or the verifier uses to verify the
relationship between the subject and the holder are outside of the scope of
this specification.
      </p>

      <p class="issue">
It is for further study which, if any, of these mechanisms is to be
standardised by the working group.
      </p>

      <pre class="example nohighlight" title="An example of the relationship
property in a child's credential">{
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issued": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "ageUnder": 16,
    "parent": {
      "id": "did:example:ebfeb1c276e12ec211f712ebc6f",
      "type": "Mother"
    }
  },
  "proof": { ... } // the proof is generated by the DMV
}
      </pre>

      <p>
In the example above, the issuer has expressed the relationship between the
child and the parent such that a verifier would most likely accept the
credential if it is provided by the child or the parent.
      </p>

      <pre class="example nohighlight" title="An example of a relationship
credential issued to a parent">{
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "RelationshipCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issued": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1c276e12ec211f712ebc6f",
    "child": {
      "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
      "type": ["Person", "Child"]
    }
  },
  "proof": { ... } // the proof is generated by the DMV
}
</pre>

     <p>
In the example above, the issuer has expressed the relationship between the
child and the parent in a separate credential such that a verifier would most
likely accept any of the child's credentials if it is provided by the child or
if the credential above is provided with any of the child's credentials.
     </p>

     <pre class="example nohighlight" title="An example of a relationship
credential issued by a child">{
  "id": "http://example.org/credentials/23894",
  "type": ["VerifiableCredential", "RelationshipCredential"],
  "issuer": "http://example.org/credentials/23894",
  "issued": "2010-01-01T19:73:24Z",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "parent": {
      "id": "did:example:ebfeb1c276e12ec211f712ebc6f",
      "type": "Mother"
    }
  },
  "proof": { ... } // the proof is generated by the child
}
</pre>

      <p>
In the example above, the child has expressed the relationship between the
child and the parent in a separate credential such that a verifier would most
likely accept any of the child's credentials if the credential above is
provided.
      </p>

      <p>
Similarly, these same strategies can be used for many other types of use cases
such as power of attorney, pet ownership, and patient prescription pick up.
      </p>

    </section>

  <section>
      <h2>Issuer Authorises Holder</h2>

      <p>
When the issuer wishes to authorise a holder to possess a credential that
describes a subject who is not the holder, and the holder has no known relationship
 with the subject, then the issuer inserts the
relationship of the holder to itself into the subject's credential.
      </p>


        <pre class="example nohighlight" title="An example of a credential
issued to a holder who is not the subject of the credential, who has no relationship
with the subject of the credential, but who has a relationship with the issuer">

{
  "id": "http://dmv.example.gov/credentials/3732",
  "type": ["VerifiableCredential", "NameAndAddress"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "holder": {
    "type": "LawEnforcement",
    "id": "did:example:ebfeb1276e12ec21f712ebc6f1c"
  },
  "issued": "2010-01-01",
  "claim": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "name": "Mr John Doe",
    "address": "10 Some Street, Anytown, ThisLocal, Country X"
  },
  "proof": {
    "type": "RsaSignature2018",
    "created": "2017-06-17T10:03:48Z",
    "creator": "https://dmv.example.gov/issuers/14/keys/234",
    "nonce": "d61c4599-0cc2-4479-9efc-c63add3a43b2",
    "signatureValue": "pY9...Cky6Ed = "
  }
}        </pre>




     </section>

  <section>
      <h2>Holder Acts on Behalf of Verifier or has no Relationship with the
Subject, Issuer or Verifier</h1>

      <p>

The data model currently does not support either of these scenarios. It is
for further study how they might be supported.
      </p>
      </section>

   </section>

      <section>
        <h2>Disputes</h2>

        <p>
The time may come when an <a>entity</a> wants to dispute a <a>credential</a>
issued by another entity. The mechanism for doing this is the same as issuing
a regular credential except that the <a>subject</a> identifier for the
<a>claims</a> are those of the disputed credential. For example, if a disputed
credential with an identifier of
<code>http://con-artist.example.com/credentials/3732</code>
contains disputed statements, an entity would issue the following credential
in a public venue to make it known that the credential is disputed:
        </p>

        <pre class="example nohighlight"
          title="Expressing a disputed credential">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://example.com/credentials/245",
  "type": ["VerifiableCredential", "DisputeCredential"],
  <span class="highlight">"claim": {
    "id": "http://con-artist.example.com/credentials/3732",
    "currentStatus": "Disputed",
    "statusReason": "Credential contains disputed statements",
    "disputedClaim": {
      "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
      "ageOver": 21
    }
  }</span>,
  "issuer": "https://example.com/people#me",
  "issuanceDate": "2017-12-05T14:27:42Z",
  "proof": { ... }
}
        </pre>

        <p>
A <code>DisputeCredential</code> issued by anyone other than the
<a>subject</a>, or its authorised agent, SHOULD be disregarded by a
<a>verifier</a>, unless the verifier has some out of band means of
ascertaining the truth of the dispute.
        </p>

        <p class="note">
If a credential does not have an identifier, a content-addressed identifier
can be used to identify the disputed credential. Similarly, content-addressed
identifiers can be used to uniquely identify individual claims.
        </p>

        <p class="issue">
The group is currently exploring whether the specification of a vocabulary
term to express content-based identifiers for claims is within scope as well
as the specific vocabulary terms for disputed claims.
        </p>

      </section>

      <section>
        <h2>Conformance</h2>

        <p>
A concrete expression of the data model in this specification is a
<em>conforming document</em> if it complies with the normative statements in
this specification regarding syntax (e.g., the content in
<a href="#basic-concepts">Basic Concepts</a>,
<a href="#advanced-concepts">Advanced Concepts</a>, and
<a href="#syntaxes">Syntaxes</a>).
For convenience, normative statements for <em>conforming documents</em> are
often phrased as statements on the syntax used in properties and their
associated values in the document (e.g., "MUST be a URI",
"MUST be a string value of an ISO8601 combined date and time string").
        </p>

        <p>
A <em>conforming processor</em> is a software or hardware-based implementation
of the normative statements in this specification regarding the expected
contents of property-value pairs (e.g., the content in <a>Verification</a>).
For convenience, normative statements for <em>conforming processors</em> are
often phrased as behavioral statements regarding the contents of
property-value pairs (e.g., "MUST NOT be revoked", "MUST be in the expected range").
        </p>

      </section>

    </section>

    <section>
      <h2>Syntaxes</h2>


      <p>
Many of the data model concepts in this document thus far have been introduced
by example using the JSON syntax. This section formalizes how the data model
(described in Sections <a href="#core-data-model"></a>,
<a href="#basic-concepts"></a>, and <a href="#advanced-concepts"></a>
) is realized in JSON and JSON-LD. Although syntactic mappings are only provided for these two syntaxes,
applications and services may also use any other data representation syntax,
such as XML, YAML, or CBOR, that is capable of expressing the data model.
      </p>

      <section>
        <h2>JSON</h2>

          <p>
The data model as described in Section <a href="#core-data-model"></a> can be
encoded in Javascript Object Notation (JSON) [[!RFC8259]] by mapping
property values to the following JSON types:
          </p>

          <ul>
            <li>Numeric values representable as IEEE754 SHOULD be represented
            as a Number type.</li>
            <li>Any boolean value SHOULD be represented as a Boolean type.</li>
            <li>Any sequence value SHOULD be represented as an Array type.</li>
            <li>Any unordered set of values SHOULD be represented as
            an Array type.</li>
            <li>Any set of <a>properties</a> SHOULD be represented as
            an Object type.</li>
            <li>Any empty value SHOULD be represented as a null value.</li>
            <li>Any other value MUST be represented as a String type.</li>
          </ul>

        <section>
          <h3>JSON Web Token</h3>

          <p class="issue">
This section will be moved into its own specification before this document
enters the Candidate Recommendation stage.
          </p>

          <p>The following example demonstrates how one could
          express this data model using a JSON Web Token.</p>

  <pre class="example" title="A JOSE JWT verifiable credential">
  eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2Rtdi
  5leGFtcGxlLmdvdiIsImlhdCI6MTI2MjMwNDAwMCwiZXhwIjoxNDgzMjI4ODAwL
  CJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJkaWQ6ZWJmZWIxZjcxMmVi
  YzZmMWMyNzZlMTJlYzIxIiwiZW50aXR5Q3JlZGVudGlhbCI6eyJAY29udGV4dCI
  6Imh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdjEiLCJpZCI6Imh0dHA6Ly9leG
  FtcGxlLmdvdi9jcmVkZW50aWFscy8zNzMyIiwidHlwZSI6WyJDcmVkZW50aWFsI
  iwiUHJvb2ZPZkFnZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9kbXYu
  ZXhhbXBsZS5nb3YiLCJpc3N1ZWQiOiIyMDEwLTAxLTAxIiwiY2xhaW0iOnsiaWQ
  iOiJkaWQ6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwiYWdlT3ZlciI6Mj
  F9fX0.LwqH58NasGPeqtTxT632YznKDuxEeC59gMAe9uueb4pX_lDQd2_UyUcc6
  NW1E3qxvYlps4hH_YzzTuXB_R1A9UHXq4zyiz2sMtZWyJkUL1FERclT2CypX5e1
  fO4zVES_8uaNoinim6VtS76x_2VmOMQ_GcqXG3iaLGVJHCNlCu4
  </pre>

  <p>
  The JWT above was produced using the inputs below:
  </p>

  <p class="issue">
  A number of the concerns have been raised around security,
  composability, reusability, and extensibility with respect
  to the use of JWTs for Verifiable Credentials. These concerns
  will be documented in time in at least the Verfiable Claims Model
  and Security Considerations section of this document.
  </p>

  <pre>
  // JWT Header
  {
    "alg": "RS256",
    "typ": "JWT"
  }
  // JWT Payload
  {
    "iss": "https://dmv.example.gov",
    "iat": 1262304000,
    "exp": 1483228800,
    "aud": "www.example.com",
    "sub": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "verifiableCredential": {
      "@context": "https://w3id.org/security/v1",
      "id": "http://example.gov/credentials/3732",
      "type": ["VerifiableCredential", "ProofOfAgeCredential"],
      "issuer": "https://dmv.example.gov",
      "issuanceDate": "2010-01-01",
      "claim": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "ageOver": 21
      }
    }
  }
  </pre>

        </section>

      </section>

      <section>
        <h2>JSON-LD</h2>

        <p>
[[!JSON-LD]] is a JSON-based format that is used to serialize
<a href="http://www.w3.org/TR/ld-glossary/#linked-data">Linked Data</a>.
The syntax is designed to easily integrate into deployed systems that
already use JSON, and provides a smooth upgrade path from JSON to JSON-LD.
It is primarily intended to be a way to use Linked Data in
Web-based programming environments, to build interoperable Web services,
and to store Linked Data in JSON-based storage engines.
        </p>

        <p>
JSON-LD is useful when extending the data model described in this
specification. Instances of the data model are encoded in JSON-LD in
the same way that they are encoded in JSON (Section <a href="#json"></a>),
with the addition of the <code>@context</code> property. The
<a href="https://www.w3.org/TR/json-ld/#the-context">JSON-LD Context</a>
is described in detail in the [[!JSON-LD]] specification and its use
is elaborated upon in Section <a href="#extensibility"></a>.
        </p>

        <p>
Multiple contexts MAY be used or combined to express any arbitrary
information about credentials in idiomatic JSON. If an application is
processing a <a>verifiable credential</a> or <a>verifiable presentation</a>,
and a <code>@context</code> property is not present at the top-level of the
JSON-LD document, then a <code>@context</code> property with a value of
<code>https://w3id.org/credentials/v1</code> MUST be assumed.
        </p>

      </section>

  <section>
        <h2>IPLD</h2>
        
        <p>
Content addressing through hashes has become a widely-used means of connecting 
data in distributed systems. <a href="https://ipld.io">IPLD</a> is a way of representing 
hash-linked data to be used in content-addressed data retrieval systems such as 
<a href="https://ipfs.io">IPFS</a>. Other content that can be resolved using IPLD include 
blockchains such as Bitcoin, Ethereum, ZCash and Git repositories. IPLD enables 
creation of decentralized data-structures that are universally addressable facilitating 
resolving content accross different protocols. It achieves this through an interoperable 
data model that represents various protocol formats. IPLD relies on self-describing 
<a href="https://github.com/ipld/cid">Content Identifiers (CIDs)]</a> for content addressing. 
CIDs are a self-describing, flexible, and interoperable way of expressing cryptographic hashes. 
It uses several multiformats to achieve flexible self-description, namely 
<a href="https://github.com/multiformats/multihash"> multihash </a> for hashes, 
<a href="https://github.com/multiformats/multicodec"> multicodec </a> for data content types, and 
<a href="https://github.com/multiformats/multibase">multibase </a> to represent the base encoding 
of the CID itself. This interoperability makes IPLD a valuable structure for the DID document 
that can be used across a variety of DID methods or distributed ledgers and 
ensures cryptographic validity of the DID document.  Since both IPLD and JSON-LD 
are 100% compatible with JSON, the large number of JSON parsers and libraries are already available. 
      </p>
      <p>
The key symbol <code>"/"</code> (foward slash) SHOULD be reserved to represent a self describing 
content indentifier (CID) for content addressing resolved using 
<a href="https://github.com/ipld/specs">Interplanetary Linked Data (IPLD)</a>.  
      </p>

 <p>The following example demonstrates how one could
          express this data model using IPLD.</p>

  <pre class="example" title="A verifiable claim with @context and creator of the claim as linked data using IPLD">
{ "@context" : 
    { "/" : "zdpuAmoZixxJjvosviGeYcqduzDhSwGV2bL6ZTTXo1hbEJHfq" }, 
    ... 
    "creator" : 
    { "/" : "zdpuAvqt1YTeAdcyyncBDdJLVgKyZNbHm17rBEJNqFzVbg24B" }
    ... 
}
  </pre>

      </section>


    </section>

    <section>
      <h1>Verification</h1>

      <p>
This section describes a number of checks required to verify a credential.
Some checks are essential for all verifiable credentials, while some are
applicable to only some credentials.
      </p>

      <p class="issue" data-number=128>
The group is currently discussing whether a mechanism should be provided
that enables linkages to JSON Schema or other optional validation mechanisms.
      </p>

      <section>
        <h3>Syntax</h3>
        <ul>
          <li>The document is syntactically valid (e.g., JSON, JSON-LD).</li>
        </ul>
      </section>
      <section>
        <h3>Credential</h3>
        <ul>
          <li>Required properties MUST be present. For example, for a
          <a>verifiable credential</a>, <code>type</code>
          and <code>proof</code> properties are required.</li>
          <li>Property values MUST match expectations described in this
          specification. For example, the document <code>type</code> property
          for a verifiable credential MUST contain the class
          <code>VerifiableCredential</code>.</li>
        </ul>
      </section>
      <section>
        <h3>Issuer</h3>
        <ul>
          <li>The value associated with the <code>issuer</code>
          property MUST identify an <a>issuer</a> that is known to and trusted
          by the <a>verifier</a>.</li>
          <li>Pertinent metadata about the <code>issuer</code> MUST be
          available to the <a>verifier</a>. For example, an issuer may publish
          information that contains the public keys it uses to digitally
          sign <a>verifiable credentials</a> that it has issued. This
          metadata is pertinent when checking the proofs on the
          <a>verifiable credential</a>.</li>
        </ul>
      </section>
      <section>
        <h3>Subject</h3>
        <ul>
          <li>The value associated with the <code>id</code> property for each
          <a>credential</a> MUST identify a <a>subject</a> to the
          <a>verifier</a>. For example, if a subject is identified and the
          verifier has public key metadata related to the subject that is
          used for authentication purposes, then the verifier MAY be able to
          authenticate the subject via a signature generated by the subject
          that is contained in the <a>verifiable presentation</a>.</li>
        </ul>

        <p class="issue" data-number=162>
The group is currently discussing how authentication and WebAuthn may work.
        </p>

        <p class="note">
The <code>id</code> property is optional, and <a>verifiers</a> MAY use other
properties in a credential to uniquely identify the <a>subject</a>.
        </p>
      </section>
      <section>
        <h3>Proofs (e.g., Signatures)</h3>

        <p>
The cryptographic mechanism used to prove that the information in a
<a>verifiable credential</a> or a <a>verifiable presentation</a> has not been
tampered with is called a <em>proof</em>. There are many types of cryptographic proofs
including but not limited to, digital signatures, zero-knowledge proofs,
proofs of work, and proofs of stake. In general, when verifying proofs,
implementations MUST ensure that:
        </p>

        <ul>
          <li>The proof is available in the form of a known proof suite.</li>
          <li>All required proof suite properties are present.</li>
          <li>The proof suite verification agorithm, when applied to the
          data, results in an acceptable proof.</li>
        </ul>

        <p>
Some proofs are digital signatures. In general, when verifying digital
signatures, implementations MUST ensure that:
        </p>

        <ul>
          <li>Acceptably recent metadata regarding the public key
          associated with the signature is available. For example, the
          metadata may include properties related to expiration, key owner,
          or key purpose.</li>
          <li>The key MUST NOT be revoked or expired.</li>
          <li>The cryptographic signature MUST be valid.</li>
          <li>
            If the cryptographic suite expects a <code>proofPurpose</code>,
            it MUST exist and be a valid value (such as
            <code>credentialIssuance</code>) per the cryptographic suite.
          </li>
        </ul>

        <p class="note">
The digital signature provides a number of protections, other than tamper
resistance, that are not immediately obvious.
For example, a Linked Data Signature's <code>created</code> property
establishes a date and time where the credential SHOULD NOT be considered
valid before that date and time. The  <code>creator</code> property enables
the ability to dynamically discover information about the entity that created
the data to ensure that the public key has not been revoked or expired.
The <code>proofPurpose</code> property ensures that the reason the entity
created the signature, such as for the purposes of authentication or creating
a verifiable credential, is clear and protected in the signature.
        </p>
      </section>
      <section>
        <h3>Issuance</h3>

        <ul>
          <li>The <code>issuanceDate</code> MUST be in an expected range for
          the <a>verifier</a>. For example, a verifier may ensure that the
          issuance date of a <a>verifiable credential</a> is not in the
          future.</li>
        </ul>
      </section>
      <section>
        <h3>Expiration</h3>

        <ul>
          <li>The <code>expirationDate</code> MUST be in an expected range for
          the <a>verifier</a>. For example, a verifier may ensure that the
          expiration date is not in the past.</li>
        </ul>
      </section>
      <section>
        <h3>Revocation</h3>
        <ul>
          <li>If revocation instructions are present, the credential must not
          have been revoked.</li>
        </ul>
      </section>
      <section>
        <h3>Fitness for Purpose</h3>

        <ul>
          <li>The custom properties in the <a>credential</a> are
          appropriate for the <a>verifier</a>'s purpose. For example if a
          verifier needs to determine that a <a>subject</a> is older than 21
          years of age, they may accept claims of specific
          <code>birthdate</code> or abstract properties such as
          <code>ageOver</code>.</li>
          <li>The <a>issuer</a> is trusted by the <a>verifier</a> to make the
          claims at hand. For example, a franchised Fast Food restaurant
          location will trust discount coupon claims made by the
          corporate headquarters of the franchise.</li>
          <li>All policy information expressed by the <a>issuer</a>
          in the <a>verifiable credential</a> MUST be enforced unless
          verifiers accept the risk of not enforcing the policy information.
          For example, the issuer may limit the use
          of the credential to specific <a>verifiers</a>, certain <a>holder</a>
          age ranges, or during certain dates.</li>
          <li>All policy information expressed by the <a>holder</a>
          in the <a>verifiable presentation</a> MUST be enforced unless
          verifiers accept the risk of not enforcing the policy information.
          For example, the holder may limit the use of the credential to
          specific <a>verifiers</a> or for specific purposes
          (such as authentication, but not data mining).</li>
        </ul>
      </section>
    </section>

    <section>
      <h2>Accessibility Considerations</h2>

      <em>This section is non-normative.</em>

      <p>
This section details the general accessibility considerations that should be
taken into account when utilizing this data model.
      </p>

      <section>
        <h3>Data First Approaches</h3>
        <p>
Many physical credentials in use today, such as government identification
cards, have poor accessibility characteristics. Some of these poor
characteristics include, but are not limited to, small print,
reliance on small, high resolution images, and no affordances for people with
vision disabilities.
        </p>
        <p>
When utilizing this data model to create verifiable credentials, it is
suggested that data model designers use a "data first" approach. For example,
given the choice of using data or a graphical image to depict a credential,
a designer should choose to express every element of the image,
such as the name of an institution or the professional credential, in a
machine readable way rather than solely relying on the image to convey this
information. This approach is preferred because a "data first" approach
provides the foundational elements of building different interfaces for
people with disabilities.
        </p>
      </section>
    </section>

    <section>
      <h2>Privacy Considerations</h2>

      <em>This section is non-normative.</em>

      <p>
This section details the general privacy considerations and specific privacy
implications of deploying the verifiable credentials data model into production
environments.
      </p>

      <section>
        <h3>Spectrum of Privacy</h3>
        <p>
It is important to recognize that there is a spectrum of privacy that ranges
from pseudonymous to strongly identified. Depending on the use case,
people have different appetites when it comes to what information they
are willing to provide and what information may be derived from what
is provided.
        </p>

        <figure>
          <img style="margin: auto; display: block;" width="80%"
            src="diagrams/privacy-spectrum.svg">
          <figcaption style="text-align: center;">
- Privacy is a spectrum that ranges from pseudonymous to fully identified.
          </figcaption>
        </figure>

        <p>
For example, one would most likely desire to remain anonymous when purchasing
alcohol because the regulatory check that’s required is solely whether or
not the person is above a particular age. However, when a doctor is writing a
prescription for a patient, the pharmacy fulfilling the prescription is
required to more strongly identify the medical professional. Therefore it
is important to recognize that there is not one approach to privacy that
works for all use cases; privacy solutions tend to be use case specific.
        </p>

        <p class="note">
Even if one may desire to remain anonymous when purchasing
alcohol, a photo ID may still be required to provide appropriate
assurance to the merchant. The merchant may not need to know your
name or other details (other than that you are over a certain age),
but in many cases a mere proof of age may still be insufficient to
meet regulations.
        </p>

        <p>
The Verifiable Credentials data model strives to support the full spectrum of
privacy and does not take philosophical positions on the right level of
anonymity for any particular transaction. The following sections provide
guidance for implementers that want to avoid specific scenarios that are
hostile to privacy.
        </p>

        <p class="issue" data-number=125>
The group is currently discussing how the specification should be modified to
support ZKPs and other forms of anonymous credentials.
        </p>
      </section>

      <section>
        <h3>Personally Identifiable Information</h3>

        <p>
The data associated with verifiable credentials stored in the
<code>credential.claim</code> field are largely susceptible to privacy
violations when shared with verifiers. Personally identifying data
such as a government-issued identifier, shipping address, and full name
can be easily used to determine, track, and correlate an entity. Even
information that does not seem personally identifiable like the
combination of a birth date and zip code have very powerful correlation
and de-anonymizing capabilities.
        </p>

        <p>
Implementers are strongly advised to
warn holders when they share data with these sorts of characteristics.
Issuers are strongly advised to provide privacy-protecting credentials
when possible. For example, issuing ageOver credentials instead of
birthdate credentials when the verifier desires to determine if an
entity is over the age of 18.
        </p>
      </section>

      <section>
        <h3>Identifier-Based Correlation</h3>

        <p>
Subjects of verifiable credentials are identified via the
<code>credential.claim.id</code> field. The identifiers that are used
to identify the subject create a danger of correlation when
the identifiers are long-lived or used across more than one web domain.
        </p>
        <p>
If strong anti-correlation properties are a requirement in a system using
verifiable credentials, it is strongly advised that identifiers are bound to a
single origin or that identifiers are single-use or not used at all and
are replaced by short-lived, single-use bearer tokens.
        </p>
      </section>

      <section>
        <h3>Signature-Based Correlation</h3>

        <p>
The contents of verifiable credentials are secured via the
<code>credential.proof</code> field. The properties in this field
create a danger of correlation when the same values are used across more than
one session or domain and the value does not change. Examples include the
<code>creator</code>, <code>created</code>,
<code>domain</code> (for very specific domains),
<code>nonce</code>, and <code>signatureValue</code> fields.
        </p>

        <p>
If strong anti-correlation properties are desired,
it is advised that signature values and metadata are regenerated
each time using technologies like third-party pairwise signatures,
zero-knowledge proofs, or group signatures. It is also important to note
that even when using anti-correlation signatures that information may still
be contained in the credential that defeats the anti-correlation properties
of the cryptography.
        </p>
      </section>

      <section>
        <h3>Long Lived Identifier-Based Correlation</h3>

        <p>
Verifiable <a>credentials</a> may contain long lived identifiers that could
be used to correlate individuals. These types of identifiers include:
subject identifiers, email addresses, government-issued identifiers,
organization-issued identifiers, addresses, healthcare vitals,
credential-specific JSON-LD Contexts, and many other sorts of long-lived
identifiers.
        </p>

        <p>
Organizations providing software to <a>holders</a> should strive to identify
fields in credentials containing information that could be used to correlate
them and warn the holder when this information is shared.
        </p>
      </section>

      <section>
        <h3>Device Fingerprinting</h3>

        <p>
There are mechanisms external to Verifiable Credentials that are used to track and
correlate individuals on the Internet and the Web. Some of these mechanisms
include Internet Protocol address tracking, web browser fingerprinting,
evercookies, advertising network trackers, mobile network position information,
and in-application Global Positioning System APIs. The use of Verifiable
Claims cannot prevent the use of these other tracking technologies. In addition,
when these technologies are used in concert with Verifiable Credentials, new
correlatable information may be discovered. For example, a birthday coupled
with a GPS position can be used to strongly correlate an individual across
multiple websites.
        </p>

        <p>
It is advised that privacy-respecting systems prevent the use of these other
tracking technologies when verifiable credentials are being utilized. In some cases,
these tracking technologies may need to be disabled entirely on devices that
transmit verifiable credentials on behalf of the Holder.
        </p>
      </section>

      <section>
        <h3>Favor Abstract Claims</h3>

        <p>
In order to enable recipients of verifiable credentials to use them in a
variety of circumstances without revealing more personally identifiable
information than necessary for the transaction, issuers should consider
limiting the information published in a credential to a minimal set needed for
the expected purposes. One way to avoid placing personally identifiable
information in a credential is to use an "abstract" property that meets the
needs of verifiers without providing specific information about the subject.
        </p>
        <p>
An example in this document is the use of the <code>ageOver</code> property as
opposed to a specific birthdate that would constitute much stronger personally
identifiable information. If retailers in a market commonly require purchasers
to be older than a specific age, an issuer trusted in that market may choose
to offer a credential claiming that subjects have met that requirement as
opposed to offering credentials containing claims of their specific birthdates.
This enables individual customers to purchase items without revealing specific
personally identifiable information.
        </p>
      </section>

      <section>
        <h3>The Principle of Minimum Disclosure</h3>

        <p>
Privacy violations occur when information divulged in one context leaks into
another. Accepted best practice for preventing such violations is to limit
the information requested, and received, to the absolute minimum necessary.
This minimal disclosure approach is required by regulation in multiple
jurisdictions, including HIPAA in the US and GDPR in the EU.
        </p>
        <p>
With verifiable credentials, minimal disclosure for issuers means limiting the
content of a credential to the minimum required by potential verifiers for
expected use. For verifiers, it means limiting the scope of the information
requested or required for accessing services.
        </p>
        <p>
For example, a driver's license containing a driver's ID number,
height, weight, birthday, and home address is an example of a credential
containing more information than is necessary to establish that the person
is above a certain age.
        </p>

        <p>
It is considered a best practice for issuers to atomize information or
use a signature scheme that allows for selective disclosure.
For example, an issuer
that issues driver's licenses could issue a set of credentials containing every
attribute that appears on a driver's license in addition to atomized
credentials (a credential containing only the person's birthday), and atomized
credentials that are more abstract (a credential containing only an
<code>ageOver</code> attribute). One possible simple adaptation is for the issuer to
provide secure HTTP endpoints for retrieving single-use bearer credentials to
promote the pseudonymous usage of credentials. Implementers that find this
impractical or unsafe should consider the use of selective disclosure schemes
that eliminate dependence on issuers at proving time and reduce temporal
correlation risk from the issuer.
        <p>
Verifiers are urged to only request information that is absolutely
necessary for a particular transaction to occur. This is important for at
least two reasons: 1) it reduces the liability on the verifier for
handling highly sensitive information that it does not need, and 2)
it enhances the privacy of the individual by only asking for information
that is required for the particular transaction.
        </p>
        <p class="note">
While it is possible to practice the Principle of Minimum Disclosure, it may
be impossible to avoid the strong identification of an individual for
specific use cases during a single session or over multiple sessions. The
authors of this document cannot stress how difficult it is to meet this
principle in real world scenarios.
        </p>
      </section>

      <section>
        <h3>Bearer Credentials</h3>

        <p>
A <em>bearer credential</em> is a privacy-enhancing piece of information,
such as a concert ticket, that entitles the <a>holder</a> of the credential to a
particular resource without divulging sensitive information about the holder.
        </p>

        <p>
Verifiable Credentials that are bearer credentials are possible by not
specifying the <a>subject</a> identifier, expressed using the
<code>id</code> property that is nested in the <code>claim</code> property.
For example, the following Verifiable Credential is a bearer credential:
        </p>

        <pre class="example nohighlight" title="Usage of issuer properties">
{
  "@context": "https://w3id.org/credentials/v1",
  "id": "http://dmv.example.gov/credentials/temporary/28934792387492384",
  "type": ["VerifiableCredential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov/issuers/14",
  "issuanceDate": "2017-10-22T12:23:48Z",
  "claim": {
    <span class="comment">// note that the 'id' property is not specified for bearer credentials</span>
    "ageOver": 21
  },
  "proof": { ... }
}
        </pre>

        <p>
While bearer credentials can be privacy enhancing, their use must be carefully
crafted to not accidentally divulge more information than the holder of the
credential expects. For example, repeated use of the same bearer credential
across sites enables each site to potentially collude to unduly track or
correlate the holder. Additionally, information that may seem non-identifying
such as a birthdate and zip code can be used to statistically identify an
individual when used together in the same credential or session.
        </p>

        <p>
<a>Issuers</a> of bearer credentials SHOULD ensure that bearer credentials that
are expected to provide privacy-enhancing benefits 1) are single use, when
possible, 2) do not contain personally identifying information, and 3) are not
unduly correlatable.
        </p>

        <p>
<a>Holders</a> SHOULD be warned by their software if bearer credentials
containing sensitive information are issued or requested, or if there is a
correlation risk when combining two or more bearer credentials across one
or more sessions. While it may be impossible to detect all correlation risks,
some may be detectable.
        </p>

        <p>
<a>Verifiers</a> SHOULD NOT request bearer credentials that can be used to
unduly correlate the user.
        </p>
      </section>

      <section>
        <h3>Validity Checks</h3>

        <p>
When processing verifiable credentials, <a>verifiers</a> typically perform
many of the checks listed in Section <a href="#verification"></a> as well as
a variety of business-process-specific checks. For example, validity checks
may include any of the following:
        </p>

        <ul>
          <li>
Checking the professional licensure status of the holder.
          </li>
          <li>
Checking a date of license renewal or revocation.
          </li>
          <li>
Checking sub-qualifications of an individual.
          </li>
          <li>
Ensuring that a relationship exists between the holder and the entity
with whom the holder is attempting to interact.
          </li>
          <li>
Checking the geolocation information associated with the holder.
          </li>
        </ul>

        <p>
The process of performing these checks may result in information leakage that
leads to a privacy violation of the holder. For example, an operation as
simple as checking a revocation list can notify the issuer that a very specific
business is most likely interacting with the holder. This would enable
issuers to collude and correlate individuals without their knowledge.
        </p>

        <p>
<a>Issuers</a> are urged to not use mechanisms, such as credential revocation
lists that are unique per credential, during the verification process that
would lead to privacy violations. Organizations providing software to
<a>holders</a> should warn when credentials include information that could
lead to privacy violations during the verification process. <a>Verifiers</a>
should consider rejecting credentials that produce privacy violations or that
enable bad privacy practices.
        </p>
      </section>

      <section>
        <h3>Storage Providers and Data Mining</h3>

        <p>
When a holder receives a credential from an issuer, the
credential will need to be stored somewhere (e.g., in a credential repository).
Holders are warned that the information in a verifiable credential may be
sensitive in nature and highly individualized, making it a high value
target for data mining. Therefore, there may be services
that store verifiable credentials for free and mine personal data and sell it
to organizations that desire individualized profiles on people and
organizations (i.e., if the service is free, you are the product).
        </p>
        <p>
It is suggested that holders be aware of the terms of service for their
credential repository, specifically the correlation and data mining
protections that are in place for those who store their verifiable credentials
at the service provider.
        </p>
        <p>
There are a number of effective mitigations for data mining and profiling:
        </p>

        <ul>
          <li>
Use service providers that do not sell your information to third parties.
          </li>
          <li>
Use software that encrypts verifiable credentials such that a service provider
cannot view the contents of the credential.
          </li>
          <li>
Use software that stores verifiable credentials locally on a device that you
control and that does not upload or analyze your information beyond
your expectations.
          </li>
        </ul>
      </section>

      <section>
        <h3>Aggregation of Credentials</h3>

        <p>
Two pieces of information about the same <a>subject</a> almost always reveal
more information than just a single piece of information, even when delivered
through different channels. The aggregation of credentials is a privacy risk and
all participants in the ecosystem need to be aware of the risks of data
aggregation.
        </p>

        <p>
For example, if a bearer credential for an email address and then a bearer
credential
stating that the holder is over the age of 21 are provided across multiple
sessions, the verifier of the information has 1) a unique identifier to
associate with the individual, and 2) age-related information for that
individual. It then becomes trivial to
create a profile for the holder such that more and more information is leaked
over time. Aggregation of credentials can be performed across multiple sites that
are colluding as well, leading to privacy violations.
        </p>

        <p>
Preventing the aggregation of information is a very difficult privacy problem
to address from a technological perspective. While new cryptographic techniques,
such as zero-knowledge proofs, have been proposed as solutions to the problem
of aggregation and correlation, the existence of long-lived identifiers
and browser tracking techniques easily defeat even the most modern
cryptographic techniques.
        </p>

        <p>
The solution to the privacy implications of correlation or aggregation tend
to not be technological in nature, but policy driven instead. Therefore, if
a holder does not wish information to be aggregated about them, then they
must express this in the <a>verifiable presentations</a> that they transmit.
        </p>

      </section>

      <section>
        <h3>Usage Patterns</h3>

        <p>
Despite the best efforts to assure privacy, the actual use of verifiable
credentials can potentially lead to de-anonymization and a loss of privacy.
This correlation can occur:
        </p>

        <ol>
          <li>
When the same credential is presented to the same verifier more than once &mdash; that
verifier could infer that the holder is the same individual.
          </li>
          <li>
When the same credential is presented to different verifiers, and either those
verifiers collude or a third party has access to transaction records from
both verifiers &mdash; the observant party could infer that the individual
presenting the credential is the same person at both services, i.e., the
accounts are controlled by the same person.
          </li>
          <li>
When the same subject identifier of a credential refers to the same subject across presentations or
verifiers, then loss of privacy is possible. Even when different credentials are presented, if the
subject identifier is the same, verifiers (and those with access to verifier logs) could infer that
the holder of the credential is the same person.
          </li>
          <li>
When the underlying information in a credential can be used to identify an
individual across services &mdash; using information from other sources
(including information provided directly by the user), verifiers can use
the information inside the credential to correlate the individual with an
existing profile. For example, if a holder presents credentials that include
zip code, age, and sex, the verifier can potentially correlate the
subject of that credential with an established profile [see Sweeney 2000
<a href="http://dataprivacylab.org/projects/identifiability/paper1.pdf">Simple Demographics Often Identify People Uniquely</a>].
          </li>
          <li>
When passing the identifier of a credential to a centralized revocation server &mdash; the
centralized server can correlate the credential usage across interactions.
For example, if a verifiable credential is used for proof of age in this manner,
the centralized service could know everywhere that credential was presented: all
liquor stores, bars, adult stores, lottery purchases, etc.
          </li>
        </ol>

        <p>
It’s possible to mitigate this in part:
        </p>

        <ol>
          <li>
Use a globally-unique identifier as the subject for any given credential and
never re-use that credential.
          </li>
          <li>
If the credential supports revocation, use a globally-distributed service for
revocation.
          </li>
          <li>
Design revocation APIs that do not depend on submitting the ID
of the credential, e.g., use a revocation list rather than a query.
          </li>
          <li>
Avoid associating personally identifiable information with any particular
long-lived subject identifier.
          </li>
        </ol>

        <p>
It is understood that these mitigation techniques are not always practical
or even compatible with necessary usage. Sometimes correlation is the point.
        </p>
        <p>
In state prescription monitoring programs, usage monitoring is a
requirement: enforcement entities need to be able to confirm that
individuals are not cheating the system to get multiple prescriptions
for controlled substances. This statutory or regulatory need to correlate
usage overrides individual privacy concerns.
        </p>

        <p>
Verifiable credentials will so be used to intentionally correlate individuals
across services, for example, when using a common persona to log in to
multiple services, so all activity on each of those services is
intentionally linked to the same individual. This is not a privacy issue
as long as each of those services uses the correlation in the expected
manner.
        </p>

        <p>
Privacy risks of credential usage occur when unintended or unexpected
correlation arises from the presentation of verifiable credentials.
        </p>
      </section>

      <section>
        <h3>Sharing Information with the Wrong Party</h3>

        <p>
When a <a>holder</a> chooses to share information with a <a>verifier</a>, it
may be the case that the verifier is acting in bad faith and requests
information that could be used to harm the holder. For example, a
verifier may ask for a bank account number, which could then be used in
concert with other information to defraud the holder or the bank.
        </p>

        <p>
<a>Issuers</a> should strive to tokenize as much information as possible such
that if a holder accidentally transmits credentials to the wrong
verifier that the information loss isn't catastrophic.
        </p>

        <p>
For example, instead of including a bank account number
for the purposes of checking a bank balance for an individual, provide a
token that enables the verifier to use the token to check to see if the
balance is above a certain amount. In this case, the bank could
issue a verifiable credential containing a token for checking balance
to a holder. A holder would then include the verifiable credential in a
verifiable presentation and bind the token to a credit checking agency via a digital
signature. The verifier would then wrap the verifiable presentation in their digital
signature, and hand it back to the issuer to dynamically check the account
balance.
        </p>

        <p>
This approach ensures that even if the holder shares the account balance token
with the wrong party that the attacker doesn't discover the bank account
number, nor the exact value in the account, and given the validity period for
the counter-signature, doesn't gain access to the token for more than a few
minutes.
        </p>
      </section>

      <section>
        <h3>Frequency of Claim Issuance</h3>

        <p>
As Section <a href="#usage-patterns"></a> details, usage patterns can be
correlated into certain types of behavior. Part of this correlation is
mitigated when a <a>holder</a> uses a verifiable credential without the
knowledge of the <a>issuer</a>. Issuers may defeat this protection by making
their credentials short lived and renewal automatic.
        </p>

        <p>
For example, an "over the age of 21" credential may be useful when gaining
access to a bar. If an issuer makes the credential have a very short expiration
date and an automatic renewal mechanism, then they could possibly correlate
the holder's behavior in a way that negatively impacts the holder.
        </p>

        <p>
Organizations providing software to holders should warn <a>holders</a> if they
repeatedly use credentials with short lifespans that could result in
behavior correlation. Issuers should avoid issuing credentials in a way that
enables them to correlate usage patterns.
        </p>

      </section>

      <section>
        <h3>Prefer Single-Use Credentials</h3>

        <p>
An ideal privacy-respecting system would only require information to be
disclosed by the holder that is necessary for the interaction with the verifier.
The verifier would then record that the disclosure requirement was met and
forget any sensitive information that was disclosed. In many cases,
competing priorities, such as regulatory burden, prevent this ideal system
from being employed.
In other cases, long-lived identifiers prevent single use.
The design of any verifiable credentials ecosystem, however, should strive to
be as privacy-respecting as possible by preferring single-use credentials
when possible.
        </p>

        <p>
The usage of these type of credentials provides several benefits. The first
benefit is to verifiers who can be sure that the data in the credential is
fresh. The second benefit is to holders, who know that if there are no long-lived
identifiers in the credential that the credential itself cannot be used
to track or correlate them online. Finally, the third benefit ensures that
there is nothing for attackers to steal, making the entire ecosystem safer
to operate within.
        </p>
      </section>
        <section>
            <h3>Avoid Disclosing Credential Identifier</h3>
            <p>
Disclosing the credential identifier leads to situations where multiple
verifiers or an issuer and a verifier can collude to correlate the holder.
If the holder desires to reduce correlation, they should use credential
schemes which allow hiding the identifier during presentation. Such schemes
expect the holder to generate the identifier and may even allow hiding the
identifier from the issuer, whilst still keeping the identifier embedded
and signed in the credential.
            </p>
        </section>
    </section>

    <section>
      <h2>Security Considerations</h2>

      <em>This section is non-normative.</em>

      <p>
There are a number of security considerations that <a>issuers</a>,
<a>holders</a>, and <a>verifiers</a> should be aware of when processing
data described by this specification. Ignoring or not understanding the
implications of this section can result in security vulnerabilities.
      </p>

      <p>
While this section attempts to highlight a broad set of security
considerations, it should not be interpreted as a complete list of all
security considerations. Implementers are urged to seek the advice of security
and cryptography professionals when implementing mission critical systems
using the technology outlined in this specification.
      </p>

      <section>
        <h3>Cryptography Suites and Libraries</h3>

        <p>
Some aspects of the data model described in this specification can be
protected through the use of cryptography.
Implementers should be aware of the underlying
cryptography suites and libraries that are used to implement the
creation and verification of digital signatures and mathematical proofs
utilized by their systems when processing <a>credentials</a> and
<a>presentations</a>. Software developers with extensive experience implementing
or auditing systems that use cryptography must be used to ensure that
systems are properly designed. Proper
<a href="https://en.wikipedia.org/wiki/Red_team">red teaming</a>
is also suggested to remove bias from security reviews.
        </p>

        <p>
Cryptography suites and libraries have a shelf life and eventually fall to
new attacks and technology advances. Any production quality system must take
this reality into account and ensure that mechanisms exist to easily upgrade
old or broken cryptographic suites and libraries in a proactive manner.
Mechanisms should also exist to invalidate and replace existing credentials
in the event of a cryptography suite or library failure.
Regular monitoring of systems to ensure proper upgrades are made in a timely
manner are also important to ensure the long term viability of systems
processing verifiable credentials.
        </p>

      </section>

      <section>
        <h3>Unsigned Claims</h3>

        <p>
This specification allows <a>credentials</a> to be produced that do not
contain signatures or proofs of any kind. These types of credentials are often
useful for intermediate storage, or self-asserted information, which is
analogous to filling out a form on a web page. Implementers should note that
these types of credentials are not verifiable because the authorship
is either not known or cannot be trusted.
        </p>
      </section>

      <section>
        <h2>Token Binding</h2>
        <p>
A <a>verifier</a> may need to ensure that it is the intended recipient
of a <a>verifiable presentation</a> and is not the target of a
<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">
man-in-the-middle attack</a>. Any protocol that utilizes the
Verifiable Credentials Data Model and requires protection against these
sorts of attacks needs to perform some sort of token binding, such
as using <a href="https://tools.ietf.org/html/draft-ietf-tokbind-protocol-18">
The Token Binding Protocol v1.0</a>, that ties
the request for a <a>verifiable presentation</a> with the response. Any
protocol that does not perform token binding is susceptible to
man-in-the-middle attacks.
        </p>

      </section>

      <section>
        <h3>Bundling Dependent Claims</h3>
        <p>
It is considered a best practice for issuers to atomize information in a
credential, or use a signature scheme that allows for selective disclosure.
In the former case, if the atomization is not done securely by the issuer,
the holder might bundle together different credentials in a way that was not
intended by the issuer.
        </p>
        <p>
For example a university might issue two credentials to a person, each
containing two properties, i.e., "Staff Member" in the
"Department of Computing" and "Post Graduate Student" in the
"Department of Economics". If these credentials are atomized into separate
properties, then the university would issue four credentials to the person,
each containing one of the following properties:
"Staff Member", "Post Graduate Student", "Department of Computing", and
"Department of Economics". The holder could then transfer
the "Staff Member" and "Department of Economics" to a verifier,
which together would comprise a false claim.
        </p>

      </section>

      <section>
        <h3>Highly Dynamic Information</h3>

        <p>
When verifiable <a>credentials</a> are issued for highly dynamic information,
implementers should ensure that the expiration times for the credential are
set appropriately. Expiration periods that are longer than the timeframe
where the credential is valid may create exploitable security vulnerabilities.
Expiration periods that are shorter than the timeframe where the information
expressed by the credential is valid create a burden on <a>holders</a> and
<a>verifiers</a>. It is therefore important to set validity periods for
credentials that are appropriate to the use case and the expected lifetime
for the information contained in the credential.
        </p>

      </section>

      <section>
        <h3>Device Theft and Impersonation</h3>

        <p>
When <a>verifiable credentials</a> are stored on a device and that
device is stolen by an attacker, it may be possible for the attacker to then
gain access to systems using the victim's verifiable credentials. Mitigations
for this attack include:
        </p>

        <ul>
          <li>
Enabling password, pin, pattern, or biometric screen unlock protection.
          </li>
          <li>
Enabling password, biometric, or multi-factor authentication for the
credential repository.
          </li>
          <li>
Enabling password, biometric, or multi-factor authentication when
accessing cryptographic keys.
          </li>
          <li>
Utilizing a separate hardware-based signature device.
          </li>
          <li>
All or any combination of the above.
          </li>
        </ul>

    </section>
      <section>
        <h2>Accessibility Impact</h2>
        <p>There are a number of accessibility considerations of which implementors should be aware when processing data described in this specification. As with any implementation of web standards or protocols, ignoring accessibility issues will make this information unusable to a large subset of the population. It is important to follow accessiblity guidelines and standards such as [WCAG21] to ensure that all people, regardless of ability can make use of this data. This is especially important when establishing cryptography and encryption which historically have created problems for assistive technologies. 
      
  </body>
</html>