Standards and Interoperability
Why standards matter
Section titled “Why standards matter”Verifiable credentials are only useful if they work across systems. An employee credential issued through one platform should be verifiable by any compliant verifier, regardless of vendor. Open standards make this possible.
TCS implements a complete stack of open standards — with OID4VCI tracks conformance-passed and OID4VP tracks in conformance processing. This is not a claim about intent; it is based on conformance testing status.
The standards TCS implements
Section titled “The standards TCS implements”OID4VCI v1 — Getting a credential from an issuer
Section titled “OID4VCI v1 — Getting a credential from an issuer”OpenID for Verifiable Credential Issuance defines the protocol for how a wallet requests and receives a credential from an issuer. It covers the entire exchange: discovering what credentials an issuer offers, authenticating, and receiving the signed credential.
TCS supports two issuance flows:
- Pre-authorized code flow — The issuer creates an offer and the holder redeems it. No interactive login required.
- Authorization code flow — The holder authenticates interactively before receiving the credential.
OID4VP v1 — Showing a credential to a verifier
Section titled “OID4VP v1 — Showing a credential to a verifier”OpenID for Verifiable Presentations defines how a verifier requests credentials from a holder and how the holder responds. The verifier specifies exactly which credential types and claims it needs using DCQL (Digital Credentials Query Language), and the holder presents only what is requested.
HAIP v1 — The interoperability profile
Section titled “HAIP v1 — The interoperability profile”High Assurance Interoperability Profile is a constrained profile of OID4VCI and OID4VP designed for high-security use cases. It mandates specific choices:
- ES256 signing with X.509 certificates
- Mandatory DPoP nonces on every request
- The
dc+sd-jwtcredential format
HAIP ensures that independently built systems can interoperate without configuration negotiations. If two systems both pass HAIP conformance testing, they will work together.
SD-JWT VC — The credential format with privacy built in
Section titled “SD-JWT VC — The credential format with privacy built in”IETF SD-JWT-based Verifiable Credentials is the credential format used by TCS. It uses the dc+sd-jwt format identifier and provides selective disclosure through the _sd mechanism — holders choose which claims to reveal in each presentation.
This is the IETF standard, distinct from W3C Verifiable Credentials Data Model 2.0. The two specifications serve different ecosystems and are mutually exclusive.
DPoP — Protection against token theft
Section titled “DPoP — Protection against token theft”Demonstrating Proof-of-Possession (RFC 9449) binds access tokens to the client that requested them. If a token is stolen, it cannot be used by another party because the thief does not possess the corresponding private key. TCS enforces DPoP for credential requests.
Conformance testing
Section titled “Conformance testing”TCS currently has conformance-passed OID4VCI tracks and in-progress OID4VP tracks:
| Profile | Result |
|---|---|
| OID4VCI Credential Issuer | Passing |
| OID4VP Verifier | Processing |
| HAIP + OID4VCI Issuer | Passing |
| HAIP + OID4VP Verifier | Processing |
The conformance suite emulates a wallet client and validates that TCS endpoints produce spec-compliant responses for all required protocol interactions, including error cases.
What this means for enterprises
Section titled “What this means for enterprises”- Vendor independence — Credentials issued through TCS can be verified by any standards-compliant system, not just TCS.
- Future-proofing — Standards evolve through open governance processes, not vendor roadmaps.
- Regulatory alignment — Open standards are increasingly required by regulatory frameworks for digital identity.
- Interoperability by default — No custom integrations needed between compliant systems.
What’s next
Section titled “What’s next”- Use Cases — See these standards in action across industries
- Standards Compliance Reference — Detailed specification table with implementation notes