A verifiable claim is a qualification, achievement, quality, or piece of information about an entity's background such as a name, government ID, payment provider, home address, or university degree. The use cases outlined here are provided in order to make progress toward possible future standardization and interoperability of both low and high-stakes claims with the goals of storing, transmitting, and receiving digitally verifiable proof of qualifications and achievements. The following use cases focus on concrete scenarios that the technology created by the group should address.

While use cases always evolve, the ones in this document are stable and relatively comprehensive. As such, they are a representative sample that can be used as the basis for establishing the scope for an eventual Working Group.

Introduction

The Verifiable Claims Task Force at the W3C is investigating the requirements around secure, verifiable, and richly descriptive "claims". The goal of the Task Force is to determine if there is a sufficient understanding and need to merit the creation of a W3C Working Group to develop Recommendations in this space.

This document does NOT attempt to define an architecture for the support of Verifiable Claims. Instead it expresses the sorts of needs that real users have that could be addressed through support for some sort of user-centric claim environment. It attempts to use terminology that is consistent with the other deliverables of the Verifiable Claims Task Force (you can see a summary of these terms in Appendix A).

Importance of this Work

People need to make many kinds of claims as part of their everyday lives. As more important business moves to the Internet, people need to be able to transmit instantly verifiable claims about their accomplishments and qualifications. From educational records to payment account access, the next generation of web applications will authorize users to perform actions based on rich sets of credentials issued by trusted parties. Human-mediated decisions about job applications, collaboration and professional development will depend on filtering and analyzing growing amounts of data about individuals' experience and accomplishments.

Standardization of digital claim technologies makes it possible for many stakeholders to issue, earn, and trust these essential records about their counterparties, without being locked into proprietary platforms.

How to Read This Document

First, review the basic terminology used in section 2. This will give you a good foundation for understanding the rudimentary examples of how claims might be issued and later verified in section 3.

Finally, review the detailed requirements and supporting scenarios in Section 4. There are also a significant number of "Extended Use Cases" in Appendix A. We expect these are important, but possibly could be dealt with in subsequent phases of work.

The use cases in this document are organized around the basic operations that might be performed on a Verifiable Claim. For each of these operations, the document captures some high level use cases grouped by the requirement they represent. Each use case contains information about its motivation, relative priority, and one or more examples to help define the target beneficiaries of its support.

Terminology

Examples

These examples describe basic ways in which Verifiable Claims might be used. They are not meant to be architecturally constraing. Instead, they are meant to help illustrate the basic way it could be done in a typical commerce situation. Again - please remember that it is just an example, and should not be thought of as the canonical way such a claims environment must be implemented.

How a Verifiable Claim Might be Created

In this first example, a user will request a Verifiable Claim - a confirmation of their identity. Consider this illustration:

Verifiable Claim Creation Flow Description

Expanding on these steps:

  1. Jane asks her User Agent to help her get a Verifiable Claim about her identity.
  2. Her user agent connects her to a Certifying Authority that is able to verify her identity.
  3. The CA examimes her documentation.
  4. They are satisfied, so the CA generates a Verifiable Claim for Jane that includes information about her identity linked to their own trusted credential.
  5. The CA delivers the credential back to Jane's User Agent.
  6. Jane views the credential to ensure it reflects he requirements.
  7. When she is satisfied, she instructs her User Agent to save the Verifiable Claim so she can use it in the future.
  8. The UA communicates with her Credential Curator, instructing it to store the new claim.
  9. The Credential Curator returns a list of the claims it is holding for Jane to the UA.
  10. The UA shows Jane her claim collection - confirming everything she has available.

How a Verifiable Claim Might be Used

This sub-section illustrates a simple example of how a claim might be used in a typical commerce situation. Please remember that it is just an example, and should not be thought of as the canonical way such a system must be implemented. First, consider this diagram:

Verifiable Claim Usage Flow Diagram
  1. Jane decides to shop on the web site WinesOfTheWorld.example.com (merchant).
  2. The merchant's site requires Jane be 21 years of age and requests Jane prove this (via a user agent-supported API call).
  3. Jane's user agent asks her credential curator for the proof.
  4. The credential curator shows her three Verifiable Claims it knows of that can assert this claim (e.g., her passport, driving license, and birth certificate).
  5. Jane selects one of these and authorizes that it be shared with the merchant.
  6. The credential curator returns the selected claim as a response to the user agent-supported API call, which in turn delivers it to the merchant.
  7. The merchant's server verifies that the claim is valid and satisfies the requirement.
  8. The merchant redirects the user agent to the web site with appropriate authorization.

Use Cases

Issuing Claims

Issuing Claims

Requirement
It MUST be possible for any entity to issue a verifiable claim.
Motivation
An entity, such as an end user (holder), wishes to make a claim and would like it to be endorsed by a different entity (issuer) which may then be trusted by a potential consumer (credential consumer).
Importance
Essential
Scenarios
Jane would like to get a digitally signed credential for her checking account at MidBank. MidBank offers to provide a credential asserting that Jane has an account at MidBank and has access to her associated checking account. MidBank has performed Know Your Customer clearing (driver’s license, background check, anti-money laundering blackslist check, etc.), on Jane which she can use at other financial institutions. This can help Jane assure destination banks that she is verified, thereby allaying concerns about misdirected transactions and money laundering
Asako just passed the final test to receive a drivers license. As she is still a new driver, and may be pulled over for a traffic violation, she would like to receive a credential asserts a claim that she has right to drive a car. She requests a credential from the certifying authority (issuer) that she can use to prove to the officer (credential consumer) that her claim is valid.

In education, issuers need to reliably identify participants to ensure that participants are properly evaulated and certificates are issued as appropriate. A participant that performs a test on the Web must provide credentials to prove their identity before taking the test, to allow the system to issue a credential certifying the test results. These credentials can then be used as proof of pre-requisites for other courses. Claims from multiple credentials can be combined into a new credential which acts as a digital score report, which allows the holder to do controlled, multipoint display and distribution (on LinkedIn, Credly, Parchment, Monster, or Facebook, for example).

Alternatively, a participant may provide evidence of certain activities (claims) necessary to comply with conformance requirements e.g., “I have maintained my profession by following xyz course,” upon which the issuer may provide a credential asserting these claims.

  • Colorado State University is creating several recognition certificates to help foster a campus culture of leadership, tolerance and acceptance. The dean’s office defines the criteria and what evidence is accepted to prove that the recipient has met the criteria.
  • Harper High School teachers define soft skill credentials to award their students, using a web app that has badge defining and issuing features.
  • A teacher professional development association awards Penny Chen a digital certificate which claims she has fulfilled her professional development units and has demonstrated mastery over common core instruction.
  • Brian is taking an online course on web development. When he completes modules, the website issues badges to him for module completion and progress through the course. At the end of the course he has an option to submit his work and quizzes that are evaluated and then he is issued a badge.
Book Co. is a the leading provider of electronic textbooks to higher-ed. A large percentage (near 75%) of integrations with their partner institutions launch (open) an eTextbook through the IMSGlobal standard: Learning Tools Interoperability (LTI). At present Book Co. processes about two million LTI launches per month. The primary use case for this organization is: Student logs on to their learning system (LMS) (credential consumer) and clicks an eTextbook icon that they would like to study (claim). The LTI inteGration broker (issuer) needs to subscribe the student if it’s their first visit. Furthermore it needs to issue a license (credential) for the eTextbook if none currently exists. Finally it presents the eTextbook contents to the student.
The Veterans Affairs office is working on an initiative to translate military experience into digitized claims of the veteran’s skills to help veterans better connect with employment when they return from duty.
The Project Management Institute which has been issuing Project Management certificates for many years is moving toward digitization of their existing certification program.
Educause conference issues digital badges to all conference speakers through a claim code system. Conference speakers are given a special code, that they input on the educause site which triggers a badge to be issued to them.

Identifying Credential Holders

Requirement
It MUST be possible for an issuer to verify the identity of a holder. Personally identifiable information MUST use known data fields in order to enable credential curation services to protect the recipient’s privacy.
Motivation
It is important that an issuer ensure that a holder is who they say they are before issuing important credentials.
Importance
Essential
Scenarios
When MidBank opens a new account for an entity, it verifies that entity is who they say they are using a variety of “Know Your Customer” (KYC) techniques (that may include Verifiable Claims). Once they are convinced of the entity's identity, they create the account and issue a credential that claims the account exists and the entity has access to it.
One of the most compelling use cases for Big Shoe Store is issuance of Loyalty Cards. When a customer applies for Loyalty Cards either online or at Point Of Sale (POS), he would need to enclose either SSN or Driving License or State ID. Though there are secure standards implemented in handling the information it would be preferable to avoid sensitive information exchange.
Big Training Company would like to be able to strongly establish a learning identity so that when that individual moves from one institution using their software to another institution using their software (or someone else’s software) that identity and the associated accomplishments could travel with them. The company also wants to be able to validate that a user using our system is the same person who registered for courses and will receive credentials during and after assessment.
Authenticating the people using Fuel Fleet Cards (payment cards) and ACH-based payments is also important. Credentialing in both cases is critical and uncontrolled by the card brand. Both are decoupled, and require a payment system to Know Your Customer” (KYC) and other profile information – all without passing that source data around. So in ACH its “I am John Doe, and here is my account information” in a digital token. Closed loop cards as well. ACH is just a set of rails, with no authentication beyond RTA – so credentials are key here (waiting for the first ACH breach to drive that home – with the source accounts drained and Reg E the only remedy).

Credential Verifiability

Requirement
It MUST be possible for a credential consumer to verify credentials as genuine.
Motivation
An issuer MUST be able to sign a credential which can be validated by an arbitrary third party (credential consumer).
Importance
Essential
Scenarios
Company creates credential and signs with a private key. Part of the signed data includes the location of the corresponding public key. A third party having received the credential can retrieve the public key and verify that the digital signature is valid. Through other means, they can choose to trust Company as a valid issuer of credentials including claims that they require.

Including Personally Identifiable Information

Requirement
It MUST be possible for an issuer to include personally identifable information about a holder.
Motivation
In some cases, a claim needs to include other information which can be used to help verify the identity of the holder.
Importance
Essential
Scenarios
In certain cases, for legal or other reasons, it may be necessary to capture personally identifiable information as part of the credential provisioning process. This would not apply in all cases, but the credential standard would need to optionally allow for the transmission/exchange of this information as part of the provisioning process.

Revoking Claims

Issuer Revokes Claim

Requirement
It MUST be possible for the issuer of a claim to revoke it, after which it will no longer pass verification procedures.
Motivation
An entity (issuer) discovers that a claim they have issued and are endorsing for an end user (holder), is no longer valid and wishes to revoke the issued claim.
Importance
Essential
Scenarios
John opens a checking account at Big Bank Co and is issued a Verifiable Claim indicating that the account exists, that the bank verified John's identity, and that John has access to the account. Some time later, John is moving to a new city and decides to close that account. Big Bank Co needs to revoke that claim as part of their normal account closing process.

Consuming Claims

Credential Consumer Interactively Requests Credential

Requirement
It MUST be possible for a consumer to request a credential such that the holder interactively selects if and which appropriate credential should be sent.
Motivations
A consumer may require that a holder verify aspects of their suitability for a transaction. In this case, the holder must be able to select which, if any, Verifiable Claim stored with their Credential Curator is used to satisty the consumer.
Basic website login can be implemented using a credential.
Importance
Essential
Scenarios
Roxy visits the FineWines.com website and selects a number of wines to purchase. The website requests a proof-of-age and shipping address credential from Roxy. Roxy's IronVaultCorp credential service delivers both credentials, allowing her to finalize the transaction.
A bank would like to perform "Know Your Customer" clearing on a new customer by checking to see that they are a citizen of Finland and that they have a current national ID card issued to them by their government. Once verified, the new customer is authorized to make transfers internaionally.
Jorge reads an article on BreakingNews.com and wants to engage in a discussion in the comments section. The website requests a verified email address credential to log him into the site. Jorge’s credential service delivers the credential, authorizing him to start posting comments.
Mona sends an international/wire transfer that requests credentials for both the sender and receiver, greatly reducing the risk for the remittance by manually mis-keying the source and destination of the funds.
Josie is a healthcare worker that has created a profile on a professional social network to make herself readily available for new opportunities in the workforce. She lists her employment history and credentials including degrees, certificates and digital badges. The website requests verification of her credential claims in order for her credentials to post. The website pings various credential vaults in which Josie stores her credentials and verifies them before allowing Josie to post them.
Seraph initiates a transfer of $45,000 USD to her parents in Pakistan. She is asked to provide a credential used during the high-value transfer, further demonstrating that the correct person is authorizing the transfer.
Janet visits SamanthasClub.com, and wants to view the member-only section of the site. The website requests her membership credential, which she provides. The website confirms her membership credential is valid and grants her access to the member-only portion of the site.
In MOOC and other on-line learning systems being able to reliably identify participants is vital to ensure the individual evaluation and certification. A participant that performs a test certified on the Web must provide his credentials to prove his identity before the test, and then to allow the system to issue a secure certificate of his results to the test.
Like many telcos (mobile and fixed line alike) are required by law to assess the legal identity of a person before allowing them into the network. Originally only presence of the person in a shop and presentation of an identity document (ID Card, passport, etc.) was required. As it is a prerequsite e.g. even for MVNOs to sell mobile contracts (hence, SIM Cards) in supermarkets and via TV, copies of said documents, or the use of the national (proprietary) eID has seen some Adoption.
Password reset, change of contract modules, tariffs, etc. might also require credentials beyond the ones give during registration.
For business partners would like to be able to have them verify their employees to their retirement/401K, payroll, stock plans and other financial accounts with the instiution. Also have the business authenticate employees with authorization to commit payments for their company for goods and services
Once enrolled the user is able to authenticate to the mobile wallet system with at least two factor authentication.
As we move to more self-service modes (institutions that self-register) we can’t always rely on a trusted partnership so our business options are limited. (Consider a bogus ‘MyGarage University’ self-registering and expecting free review copies of eTextbooks for its ‘instructors’). We need stronger assurances that partners are who they say they are and are entitled to institutional or user status.

Consumer Verifies Claim

Requirement
It MUST be possible for consumer to verify that the credential is an authentic statement of an issuer’s claims about the recipient. The verifying entity must have the capability to connect the issuer’s identity to its credential identifier and the recipient’s identity to their identifier as indicated in the credential. The issuer’s verification information, such as its public key, must be discoverable from the credential record and verifiably linked to the issuer. It MUST be possible to do this in an automated fashion.
Motivations
In many environments (such as order processing) information such as a payer's address, citizenship, or age need to be automatically verified in order to complete the transaction.
Importance
Essential
Scenarios
When processing orders, Giant Shoe Company wants to be certain that the shipping address for a customer is accurate (inaccurate addresses are very expensive in terms of customer service). They offer a discount for customers who make veriable addresses available as part of the checkout process.
For banks and other financial institutions it would be the ability to verify on-line customer or potential customer information such a name, address, social security number, age, employment and salary information, credit history and various biometrics such as facial and fingerprint.
A customer presents a driver’s license to buy alcohol. In the same transaction, the customer buys other items and presents a SNAP card for payment. The previously presented driver’s license should be used as an authentication for both methods of payment without relying on the competence of the clerk.
Use similar to the above, but with the ability to recognize a customer’s loyalty account without additional information or clerk decision making. This would require the customer’s permission, preferably at provisioning time.
A lot of manual intervention is required to validate scanned documents. Local knowledge is often required to verify documents from different jurisdictions.

Pseudo-Anonymity

Requirement
It MUST be possible for claims to be associated with IDs that reveal recipient-controllable amounts of personally identifiable information.
Motivations
Credentials may be issued to an identifier such that it is possible for the recipient to prove that the identifier corresponds to them without revealing personally identifiable information. In the case of a subpoena, an identity service may be compelled to reveal additional information beyond what the holder of the identity wished to transmit.
Importance
Essential
Scenarios
June goes to her local beer and wine store to buy a bottle of wine. She submits her identity credential that lets the liquor store owner know that she is over 21 without having to reveal her actual DOB, her address, or the status of her driving privileges.
A credential contains an identifier that is a hash of a known identifier (email address) of an individual so that those who know the recipient identifier can verify the credential, but those who don’t know the identifier cannot derive personally identifiable information about the recipient.
Transient private communication is difficult, since the ActivityPump spec requires verifying the that a message came from its origin, so signatures may help here.

Managing and Sharing Claims

Context Control

Requirement
An entity sharing a credential MUST be able to control various aspects of the context in which it is consumed.
Motivation
In an attempt to avoid creating permanent credentials that can be used by any consumer for any purpose, entities sharing credentials will want to specify a context for their use. This could include setting expiration dates, allowed consumers and intended purposes.
Importance
Essential
Scenarios
Philip is applying for a position as a driver for a package delivery service. As part of the process, he gives them access to a clean driving claim from the Department of Motor Vehicles as well as proof of address and proof of age claims. He sets an expiration date on each of these and an recipient consumer context to avoid the credentials being used by other consumers in the future.

Endorsing Claims

Recipient Collects Counter-signatures for Credential

Requirement
It MUST be possible for independent parties to "sign" a credential
Motivation
Some credentials may require that they be endorsed by specific entities in order to be valid.
A credential is only as valuable as the entity that makes the claim and the trust a credential consumer has in that entity. That trust can be bolstered if the claim is endorsed by additional entities.
Importance
Essential
Scenarios
MidBank is attempting to establish a solid credit rating and hires three credit ratings agencies to audit its books. Each firm determines that the bank should have a AA credit rating and digitally countersigns the same credential 3 times to demonstrate the credit worthiness of the bank.
Two people get married and get a marriage credential which needs to be digitally signed by the person that married them and the witness, in that order. The credential is first issued by the person that married them, and is then counter-signed by the witness.
Olivia is choosing among summer internships, some of which offer opportunities to earn badges that are endorsed by her school. These are badges that could be used to fulfill an interest-driven learning graduation requirement her district has recently implemented. With the additional information provided to her by the school’s endorsement of certain badges, her choice among internships is made much simpler. This example came from the Open Badges Endorsement Framework Working Paper, which was created by the Badge Alliance Endorsement Working Group.

Extended Use Cases

In addition to the fundamental use cases detailed in Section 4, the task force has captured a number of additional use cases that are relevant to the task and should be kept in mind as further work is done in this space. Those use cases are captured in this appendix, along with an indication as to their relative importance. This appendix is organized with a structure similar to that of Section 4.

Issuing Claims

Making Claims in a Credential

Requirement
It MUST be possible for an issuer make multiple claims in a credential.
Motivation
An issuer can make a claim that asserts something specific about the holder, such as a qualification, attribute, or the attainment of a particular defined achievement. Credentials may aggregate multiple claims, and may include additional information to identify the holder.
Importance
Useful
Scenarios
  • A teacher professional development association awards Penny Chen a digital certificate which claims she has fulfilled her professional development units and has demonstrated mastery over common core instruction.
  • Brian is taking an online course on web development. When he completes modules, the website issues badges to him for module completion and progress through the course. At the end of the course he has an option to submit his work and quizzes that are evaluated and then he is issued a badge.
  • The state government of California issues Amari a driver’s license after he passes both the written and practice driving tests.
  • Educause conference issues digital badges to all conference speakers through a claim code system. Conference speakers are given a special code, that they input on the educause site which triggers a badge to be issued to them.

Unambiguous Naming

Requirement
Credentials MUST be able to use unambigous names for described entities.
Motivation
Many claims systems to not include a mechanism to unambigously identify entities. The interoperability of credentials depends largely on market verticals defining and standardizing common terminology in publicly available machine-readable vocabulary documents.
Importance
Useful
Scenarios

Most (bar WebID-TLS) fail to incorporate unambiguous naming using HTTP URIs. In addition, entity names don’t resolve to entity description documents.

  1. OAuth1 provides assurance of partner identity (Publisher can trust UCLA is sending the message). But Publisher must trust the university to accurately identify the user and the user’s role with respect to the course.
  2. OAuth2 loses message verification of OAuth1, but needs to be partnered with other identification protocols.
  3. SAML / Shib gives more highly trusted identity information than either OAuth but contains no course context (unlike LTI). It is considered too complicated for most higher-ed institutions and near-impossible for the burgeoning K-12 market.
  • Education credentials use a common set of vocabularies to establish a credential type, alignment, and criteria.
  • Healthcare credentials use a common set of terminology to express licensing status, prescription writing authorization, and which medical facilities the recipient has access to enter.
  • Anti-money laundering credentials can be used to report suspicious activity on a global basis by using a common set of terminology to express people and organizations that are engaged in transactions.

Self-asserted Claims

Requirement
It MUST be possible for anyone to issue a verifiable claim about themselves.
Motivation
An entity, such as an end user (holder), wishes to make a claim and which they endorse themselves, such as a qualification, attribute, or the attainment of a particular defined achievement, acting as an issuer.
Importance
Nice to have
Scenarios
Mandy has years of experience as a web developer but as an autodidact, doesn’t have the credentials to prove it when applying for jobs. Mandy issues herself a credential and includes information/evidence to support her claim.

Purpose The Country Government does not want to build a centralised repository for citizen’s self-asserted credentials such as contact details and perhaps other claimed attributes such as partner’s name, etc. Alternatively, the objective is to support the marketplace to develop an ecosystem of local or global providers that offer the citizen a range of options to choose from. A standard could enable an approach that would remove dependence on any particular technology or platform as the choice of repository for an individual’s self-asserted profile – for example, personal mobile device, open cloud service, commercial provider website.

Agency and citizen requirements:

  • The government agency requires an applicant’s contact details – that is self-asserted credentials; for example, email address, mobile phone, postal address, to complete their registration process for the agency’s online service.
  • If the customer changes one of these attributes, the agency would like the option of being notified.
  • The citizen wants the means to select specific contact details from their existing self-managed profile to share with this particular government agency.
  • If the citizen changes one of these attributes they want to be able to simply update their profile without explicitly notifying each government agency or organisation.

Use case – register with service provider

  1. Jane applies to the government agency for a social welfare entitlement.
  2. The agency requires Jane to authenticate and she uses her federated login credentials.
  3. The agency requests Jane’s full name, date of birth, citizenship and validated bank account.
  4. Jane opts to assert her online core identity, citizenship and validated bank account credentials from the authoritative providers.
  5. The agency requests Jane’s contact details.
  6. Jane opts to provide these from her online profile.
  7. The agency initiates a request to a credential/attribute brokering service.
  8. The brokering service checks Jane’s authentication token.
  9. The brokering service retrieves Jane’s identity, citizenship and validated bank account from the respective authoritative credential/attribute providers.
  10. The brokering service retrieves Jane’s profile from her preferred contact details repository mechanism (personal mobile device, open cloud service, commercial provider website, etc.).
  11. Jane selects some specific contact details.
  12. Jane provides information sharing consent (if not previously provided) to share identity, citizenship, bank account and contact details with the requesting government agency.
  13. The brokering service returns the respective credentials to the requesting agency.
  14. The requesting agency provides Jane with the requested welfare entitlement.
Related use cases Other use cases for contact details would include initial create and manage contact details profile, service provider checks for contact details credential change, citizen notifies multiple service providers about a credential change.

Bearer Credentials

Requirement
It MUST be possible to prove that a holder has a particular claim without leaking personally identifiable information.
Motivation
Two colluding websites should not be able to collude and build a more accurate profile of a person. There are many problems with this privacy requirement. Namely, the Open Web Platform provides multiple mechanisms like session tracking, supercookies, and email-based identifiers, that enable colluding websites to track their users across the Web. Given these existing tracking mechanisms, a bearer credential solution shouldn’t make the problem worse.
Importance
Nice to have
Scenarios
Niambo would like to prove that she is over the age of 13 to get access to a protected website. She has a proof of age credential that can be used in a pseudo-anonymous fashion. She proves her age pseudo-anonymously, as the credential consumer website does not want to track its users, but does want to ensure that it is compliant from a regulatory perspective.

Identifier Aliasing

Requirement
A holder MUST be able to claim credentials issued to different identifiers owned by the holder.
Motivation
A holder may collect credentials asserting that multiple identifiers correspond to their identity so that they may present credentials issued to several of these identifiers at once, as long as the consumer of that statement trusts each of the equivalence credential issuers.
Importance
Nice to have
Security
When sharing email accounts, forging credentials becomes easier/more commonplace. There are also accidental information leakage issues w/ shared credentials.
Scenarios
Owen received a number of credentials issued to an employment-based identifier and uses an identifier equivalence credential issued by his employer to bundle these together with credentials issued to a personal identifier so that consumers will trust the different credentials were issued to the same recipient.
Sally was issued a credential from her former high school to her then school email, sally@losalamitoshigh.edu. Sally has since transferred to a new high school and wants to be able to claim that credential still as hers even if her former high school email is no longer valid.
When Jabar was 12, he took several online courses on Khan Academy using his parent’s or teacher’s emails, due to COPPA regulations that didn’t allow him to create his own account. During that period he earned various badges and certificates which, now that he’s 13, he’d like to claim under his own email address.

Delegating Credential Creation

Requirement
It MUST be possible for an issuer to delegate issuing credentials to end users (holder).
Motivation
An issuer would like to provide credentials for end users while delegating the technical aspects of this to a third party. A credential authority would be able to authorize 1 or more credential issuers which would in turn be able to issue secure credentials that are accepted as valid and acceptable by consumers of the authority's credentials.
Importance
Nice to have
Scenarios
MidBank offers to provide credentials to account holders, such as Jane. CredentialsRUs provides a service for busniesses such as MidBank to use for providing such credentials.

Credential Accessibility

Requirement
It MUST be possible for a credential consumer operating in one language to understand credentials issued in a different language. A credential MUST be able to be issued to people that have disabilities (10% of the human population).
Motivation
Issuers and Credential Consumers often operate in different languages, and the basis of the credential MUST be described in a way which supports interpreting it in multiple language.
Importance
Useful
Scenarios
Company creates a credential with claims. Such claims need to either be described in multiple languages, or the claim definition allows an indirection to describe the claim in different languages.

Revoking Claims

Consuming Claims

Holder Initiates Credential Transmission

Requirement
It MUST be possible for a holder to initiate transmission of credentials to a consumer.
Motivations
A credential holder may upload one or more credentials to a consumer service or transmit credentials by email in order to apply to access an opportunity or service. The request may be evaluated by an automated system or by a human adjudicator.
Importance
Useful
Scenarios
Umal wants to buy a PG-13 movie from an online retailer that requires proof of age. He provides a credential stating that he is over the age of 13 from an issuer that the store trusts. This enables the online retailer to avoid collecting information on a minor while ensuring that the proper age check is performed before granting him access to the movie.
Marcus uploads a collection of badges he’s earned from several summer programs as part of an application for a summer camp counselor job. He chooses credentials that showcase his experience with relevant subject matter and competencies. The decision about who to hire for the job is too complex for a computer, so a camp administrator reviews Marcus’s application and considers the credentials’ applicability.
Our Trade product allows users to trade on the network but users are required to provide KYC information before they can use their accounts. Currently we use a third-party service which allows user to upload scanned copies of their relevant documents (passport, driver’s license etc) which, if not automatically verified, require manual verification. Ideally users should be able to share digital credentials with us that cover all of our KYC requirements.

Shareable Over any Medium

Requirement
It MUST be possible for claims to be shareable over any medium.
Motivations
A recipient of a digital credential may choose to share their credential through a variety of mediums, whether email, embed or social media.
Importance
 
Scenarios
Chiara, who is seeking new career opportunities, wants to share a list of her credentials with a recruiter. She takes her credentials from her desktop and includes them as an attachment to an email she sends the recruiter. The badges retain their integrity and content.
Beaver is thrilled to have earned the Associated Student Board Leader of the Year commendation. He wants to shout it from the rooftops and accordingly shares it on his various social media accounts including Facebook, Twitter and LinkedIn.

Data Rights

Requirement
It MUST be possible for the recipient to restrict the uses to which their claims can be put
Motivations
A recipient of a digital credential may choose to include information that asserts what their information may be used for.
Importance
 
Scenarios
Rosa is transmitting her email address to a group buying website and wants to ensure that her email address will not be used for unsolicited emails. She attaches a "no advertising" assertion to her email credential to ensure that it isn't re-transmitted to 3rd parties for advertising purposes.

Collectible and Searchable

Requirement
It MUST be possible for claims from different recipients to be collected and searched.
Motivations
A credential consumer who has been presented credentials from a large number of candidates can sort and filter those candidates by credentials they have received and claims made by those credentials.
Importance
Nice to have
Scenarios
Steve, an HR recruiter searches his database of job-seekers for a position that requires a particular defined credential.Steve narrows a list of candidates to those who have a valid passport credential.

Verify Claims for Multiple Recipients

Requirement
It MUST be possible to simultaneously verify claims for multiple recipients.
Motivations
Transactions done by third parties often need to confirm the claims of the two other parties to the transaction.
Importance
Essential
Scenarios
  1. Physician writes a prescription, electronically on iPad application.
  2. Physician transmits to a PBM or Pharmacy.
  3. Transmission contains physician’s key credentials that would allow the transaction to complete (all of which can “expire” or be revoked at any moment in time), like NPI Number, Professional License, DEA Registration, Network Enrollment, PECOS Enrollment, Exclusion/Debarment status).
  4. Transmission contains patient’s key credentials that would allow the transaction to complete (all of which can “expire” or be revoked at any moment in time), like drug allergies, other prescribed drugs (inter-actives), Network/Payer enrollment, Medicare/Medicaid enrollment, Drug Program enrollment etc.
  5. Credential consumer (PBM/pharmacy) pass or fails transaction based on received credentials from both transaction participants.
Company is involved in the issuance and consumption of credentials as “social currency” to prove reputation and ascertain privilege on the Web. A credential is defined as a digitally signed data document that represents authoritative claims issued by primary source data providers to an entity (i.e., person, place or thing.). First major use case: An example would be a nursing license issued by a government agency. The holder of a nursing license credential can offer it via their browser to a web site as proof of required attributes. For instance, if a web site requires a visitor to hold nursing license to gain access, the site would request the nursing identity credential from the visitor’s IdP to authenticate the visitor by inspecting and verifying the provided credential status and authenticity. The nurse should be able to keep private the use of the web site from the IdP. Second major use case: Prior to filling and handing over a prescription to a patient, a pharmacy needs to: ensure the doctor’s credentials are valid and none of them violate a business rule; that the prescription data has not been tampered with; and authenticate the person picking up the prescription is or is appropriately associated with or an official proxy of the patient. Using digital credentials, these processes can be largely automated and streamlined. For example, when a doctor who writes a prescription, a digitally-signed credential can be generated that contains the prescription and an identifier for the intended patient. Linked to the credential can be another credential that contains the doctor’s License, DEA Registration, National Provider Identifier (NPI), Medicare/Medicaid Enrollment Status and Exclusion/Debarment status. The patient can be issued a credential that can be used to prove they are associated with the identifier. The pharmacy prescription system can now independently verify all of the above via these digital credentials at the point of sale terminal or even over the Web.
Entry Point Processing: verifying credentials of a healthcare transaction participant (broadly) - - hundreds of applications for this.

Verify Transaction Occurrence

Requirement
(**NB**: This requirement might be better as the consequence of some other requirements) It MUST be possible for claims to be used in a way that verifies that a transaction has occurred.
Motivations
Transactions such as purchases often need to be verified later, such as when the purchased item is picked up. Being able to track this without a separate database could be useful.
Importance
 
Scenarios
From the processor perspective, issues surrounding the merchant integration of retail with web shopping - there is great interest in cases where a customer will pay online and then pick up in in-store; or if a customer were to place the order online and then pay at the pick-up. Additional areas of concern from instances of Card not present or online shipping where items may be delivered in split shipments requiring multiple authorizations or an item is on back order and the customer wants to complete the transaction - or even instances of advanced orders contingent on future availability.
Many other use cases - examples include reversing payments (refunds/chargebacks), status enquiries
There are other use cases of identity verification for selling different items, pick up of orders, employee credential verifications etc.

Adding Third-party Info

Requirement
It MUST be possible to attach third-party information to claims.
Motivations
Verifiable claims can be made for reputation or history credentials such that the data associated with the claim is an essential part of the claim.
Importance
Essential
Scenarios
We are primarily interested in credentials in relation to content and annotation ownership. Our use cases center around moderation of annotations, cumulative reputation for credentialed individuals, notification (where possible) to content owners that their content is being annotated or their annotations are being replied to, as well as content and annotation distribution and publishing vetted by a distributed reputation system (permission to publish based on merit, explicit permission).
Tools are increasingly providing analytic results and possibly results to formative assessments (quizzes) or summative assessments (tests). These values need to be secure and guaranteed to be associated with the student that generates them.

Verifiable Claims as Qualifiers

Requirement
It MUST be possible for verifiable claims to be used as qualifiers for an action of transaction.
Motivations
Verifiable claims may be used to determine eligibility rather than identity.
Importance
Essential
Scenarios
Age-restricted consumer products companies (CPGs) have largely been excluded from price-reduced promotions – a $500B market in the US - to targeted consumers largely due to the requirement to ensure the promotion does not encourage under-age sales. Digital identity can provide value to the consumer, CPG and merchant by opening up this currently closed market to age-restricted sales. A beer brewer wants to provide a digital promotion to an ‘of age’ consumer. To obtain the promotion on their mobile, the consumer must prove their age to the beer company (so as not to run afoul of age laws) to obtain the promotion token. Proof of age must be digital and tokenized, incorporated within the mobile device, and validated by a trusted service provider. Upon validation of age, the brewer issues the promotion to the mobile, ideally with the age verification token embedded in the promotion token (for validation at POS). The consumer then selects the promoted product at the convenience store, which is scanned at the POS. The consumer elects to apply the promotion and passes BOTH the promotion token and age verification token to the POS which matches tokens. With a successful match, the promotion is applied to the sale and price is discounted. The store then ‘settles’ the promotion with the brewer; seeking payment from the brewer, retiring the promotion token and posting proof that age verification was assured for proof with regulatory agencies. This same process – minus the token – can be applied in all age-validated sales within a convenience store; reducing or eliminating the store’s liability to under-age sales and keeping age-restricted products out of the hands of youth
I think there are two use cases that would be important to Company. The first is when verifying that new users are who they say they are. We require that all users have a company.com account in order to shop with us, so that either results in a returning user signing in or a new user creating an account. It would be good to have the ability to verify with a credentials solution that the customer signing up with us was who they say they were. The second case is relative to selling restricted items. If we had a good way to validate a customer was qualified to purchase that restricted item with us then I think that could eliminate a good deal of friction from the process.
We see a need for analyzing a bundle of credentials to help match or qualify a person for educational, workforce, and personal opportunities. Doing so requires that the credentials meet the needs for our use case mentioned above in Question 4 and that the credential ecosystem can live on the web and within the web’s linked data standards and methods of data and privacy protection, security, sharing, and consumption. We need credentials to be part of the web ecosystem to keep us from having to develop independent systems and applications for managing credentials.
Establish a framework for fully embedded assessment model built on personal, academic, social, and professional accomplishments.
Claims processing: patient credentials (insurance coverage/enrollment, admitted to a facility or study participant).

Use Existing IDs as Claim(s)

Requirement
It MUST be possible for existing IDs to be used as claims, assuming there is an entity that will verify them.
Motivations
 
Importance
 
Scenarios
We do promote the use of LEI, the Legal Entity Identifier. This is focussed on banks, which will provide certainty in financial trades. E.g.,:
  • Identification and storing in repository of trades between financial Institutions and customers;
  • Due diligence in correspondent banking;
  • Identifying banks with LEI is for some cases a more precise way than presently done through BICs, though we have no plans to change the usage of BIC in our RTGS payment system.
  • indeed KYC, and also FATF‎.
We are building various decentralized applications (dApps) and platforms that all make use of our ID/Persona/Reputation system. “Sign in” to these dApps is accomplished via the wallet that we have built which serves as a container for ID/Persona. A small number of examples of the systems that use this ID/Persona/Reputation construct include Product, our prediction markets platform, our Poker platform, and Music Platform, our open music industry platform
We integrate with many products and each product has it’s own credentialing system. Some use LDAP, but that is not consistent. This causes headaches because we don’t know which account to assign which user, especially if they use the account to store data. Will be nice to have a centralized Identity server (like OpenID connect)
Will be nice to know userid, and organization ID (for proper governances)
We are using Identity Credentials, and they are designed to address deficiencies in OpenID, OAuth, and SAML, primarily.

Composability

Requirement
It MUST be possible for claims to be combined together in order to meet complex requirements.
Motivations
Credentials may be displayed together in order to meet complex requirements or prove qualification more substantively than would be possible with one credential alone.
Importance
Useful
Scenarios
Marisol wants to open a bank account at a new bank. The bank requires two valid forms of identification. She uses a US Passport credential and a Colorado driver’s license credential to prove that she is who she says she is to the bank.
Willie is transferring between universities and wants to ensure he gets credit for work he did at his old school, so he bundles the credentials he received for his course work with a 3rd party’s endorsements that he knows the new school trusts, so that the new school is more likely to accept the credentials.
Idris wants to take the introduction to organic chemistry which is an upper division course. In order to qualify for that course, Idris needs to have proven that he’s taken Biochemistry and Physics. He proves that he’s taken these prerequisite courses which unlocks the opportunity to enroll in the organic chemistry course.
Multiple credential issuers issue Jane a set of credentials for her shipping address, loyalty card, payment instrument, proof of age, and email address. When she goes to a new store to buy something, all of those credentials are requested by the merchant in a single credentials request. The credentials are delivered via the browser from Jane’s credential storage service to the merchant’s website and Jane initiates the payment process. Jane does not have to fill out any form information or register with the website to complete the purchase since her credentials contain everything the merchant needs to finalize the transaction.
A user wants to open his online banking portal, but he is on holiday and does not have his hardware token received by the bank with him. The banking portal requires a level of assurance level 3 to enter. According to ISO 29003/29115 (see annex B and table 5) it should be possible to use his combination of passport (primary level credential), driver’s licence and bank card of another bank(two secondary level credentials) and his insurance card (tertiary level credential) to access his bankin portal. However, he does not want to send those credentials over the internet, but the issuers of the credentials are asked to confirm per credential that the user indeed owns those credentials and that they are valid.
CDD Customer Due Diligence: achieving certainty on the identity of a new customer and possible other data such as address and age. Alice, who wants to use specific services the bank is offering, wants to activate a relationship with the bank. She allows the (local) government to give the bank access to her e-ID document and address and age data. After successfull verification of Alice’s identity and checking against CDD-lists such as OFAC, the bank activates the relationship and provides Alice with a bank-related identity which she can use to access the banks services.

Managing and Sharing Claims

Entity Composes Claims to Meet Consumer Needs

Requirement
Entities represented by one or more claims will want to be able to compose them into a shaped representation to meet the needs of specific consumers.
Motivation
The space for exchanging claims will involve both entities being described and consumers interested in the claims. This will include consumer interest in retrieving the claims about specific entities as well as groups of entities matching an expressed query. In order to be more easily found in this space, entities will want to be able to structure their claims to match these expressed queries.
Importance
Useful
Scenarios
An intellectual property law firm has a specific interest in recent law graduates with a background in computers. While perusing a page of open positions, Allison discovers this opening and sees the persistent query associated with it. She is interested in this job and creates a compsite of her credentials that highlight both her law degree from last year and her Bachelor of Science in computer science.
On a social networking site dedicated to matchmaking investors, Antoine finds an individual that knows a friend of his interested in partnering on a financial services venture. As a means of introducing himself and standing out, he creates a composite credential that highlights the social network connection and a series of articles he has written in relevant trade journals.

Endorsing Claims

Endorsement on self-claims

Requirement
It MUST be possible for an entity to endorse a self-made claim by a recipient that asserts something specific about herself, such as a qualification, attribute, or the attainment of a particular defined achievement.
Motivation
An organization or individual can endorse a self-made claim by a recipient that asserts something specific about herself, such as a qualification, attribute, or the attainment of a particular defined achievement.
Importance
Useful
Scenarios
After Mandy issues herself a credential with the supporting evidence and information, she reaches out to her previous clients including various sized organizations for which she’s done development work requesting they endorse the self-issued credential. Several organizations oblige and endorse the credential.

Endorsement of Issuers

Requirement
It MUST be possible for an entity to endorse certificates associated with an issuer.
Motivation
A credential is only as strong as the trust credential consumers have in the credential's issuer. In order to enhance that trust, an issuer may choose to have their own credentials available and endorsed by other, (supposedly) more trusted entities. A credential consumer could examine these endorsements to determine if entities they trust already trust this issuer - thereby increasing theirn owk trust in the issuer.
Importance
Nice to have
Scenarios
Jim shares a Verifiable Claim with a prospective employer about the results of taking a certification course. The claim was issued by the course provider - Bob's School o' Programming. The employer's system looks at the claim, but is not familiar with the issuer. The issuer has included a URI for their own Verifiable Claim in the certification, and the employer's system retrieves that. The issuer's claim was issued by "Big Computer Corporation", a multi-national that the employer's system is familiar with. The system decides that it can trust the issuer, and therefore Jim's Verifiable Claim.
Big Testing Service (BTS) provides online test management for a large collection of training organizations - connecting those organizations to various online testing providers and capturing test results. Systems such as LTI (Learning Tools Interoperability) can be used by BTS to certify that they are who they are, and the online testing providers are who they claim to be. Unfortunately, LTI does not extend to the tire of BTS' clients, nor to the end users who are taking the tests. Organizations outside of that community need a way to know that Verifiable Claims issued by BTS and their clients are valid. Endorsement of the BTS claims by the online testing providers, and endorsement of BTS clients by BTS, helps establish the trusted relationship.

Acknowledgements

The editor is thankful to the following contributions from the Web Payments Workshop, the Web Payments Community Group, and the Credentials Community Group, specifically (in alphabetical order): TBD