Verifiable Credentials
What is a credential?
Section titled “What is a credential?”A credential is a statement about someone — a university degree, an employee badge, a passport, a professional license. In the physical world, these are paper documents with stamps and signatures. They work, but they are slow to verify, easy to forge, and impossible to use selectively.
A digital credential is the electronic equivalent: a structured set of claims (name, degree, expiry date) signed by an issuer. But a digital credential on its own is just data. What makes it verifiable?
What makes it “verifiable”?
Section titled “What makes it “verifiable”?”A verifiable credential carries a cryptographic signature from the issuer. This signature provides two guarantees:
- Authenticity — The credential was issued by the claimed organization, not a forger.
- Integrity — The credential has not been modified since it was issued. Change a single character and the signature breaks.
Anyone can verify these properties instantly by checking the signature — no need to call the issuer, wait for a response, or trust an intermediary. The math does the work.
The SD-JWT VC format
Section titled “The SD-JWT VC format”TCS uses the IETF SD-JWT VC format (dc+sd-jwt) for all credentials. SD-JWT stands for Selective Disclosure JSON Web Token. It is a modern credential format designed with privacy as a first-class feature.
An SD-JWT credential has three parts:
- Issuer JWT — The base credential, signed by the issuer. Contains fixed claims and cryptographic hashes of selectively disclosable claims.
- Disclosures — Individual claim values that the holder can choose to reveal or keep hidden.
- Key Binding JWT — Added during presentation to prove the person presenting the credential is the rightful holder.
Selective disclosure: share only what is needed
Section titled “Selective disclosure: share only what is needed”Traditional credentials are all-or-nothing. Show your passport to prove your age, and you also reveal your full name, nationality, document number, and photo.
Selective disclosure changes this. With an SD-JWT credential, the holder chooses exactly which claims to share for each presentation.
Example: Alice holds an employee credential with her name, position, department, employee ID, and start date. When a partner company asks to verify her role:
- Alice reveals: position and department
- Alice keeps hidden: employee ID, start date, and other details
The verifier receives cryptographic proof that Alice holds a valid employee credential from a trusted issuer and that her position and department are exactly as claimed — without learning anything else.
This is not redaction. The hidden claims are never transmitted to the verifier. They remain in Alice’s wallet.
Why this matters
Section titled “Why this matters”| Property | Paper credential | Digital credential (SD-JWT VC) |
|---|---|---|
| Verification speed | Days (phone calls, sealed envelopes) | Seconds (cryptographic check) |
| Forgery resistance | Stamps, watermarks (copyable) | Cryptographic signature (unforgeable) |
| Privacy | All-or-nothing | Selective disclosure per claim |
| Portability | Physical document | Digital wallet on any device |
| Issuer involvement at verification | Often required | Never required |
What’s next
Section titled “What’s next”- Credential Lifecycle — See how credentials flow from registration to verification
- Trust and Governance — How verifiers know the issuer is legitimate