A verifiable claim is a qualification, achievement, quality, or piece of
information about an entity's background such as a name, government ID,
payment provider, home address, or university degree.
The use cases outlined here are provided in order to make progress toward
possible future standardization and interoperability of both low and
high-stakes claims with the goals of storing, transmitting, and receiving
digitally verifiable proof of qualifications and achievements.
The following use cases focus on concrete scenarios that the technology created
by the group should address.
While use cases always evolve, the ones in this document are stable and relatively
comprehensive. As such, they are a representative sample that can be used as the basis
for establishing the scope for an eventual Working Group.
The Verifiable Claims Task Force at the W3C is investigating
the requirements around secure, verifiable, and richly descriptive
"claims". The goal of the Task Force is to determine if
there is a sufficient understanding and need to merit the creation
of a W3C Working Group to develop Recommendations in this space.
This document does NOT attempt to define an architecture for
the support of Verifiable Claims. Instead it expresses the sorts
of needs that real users have that could be addressed through support
for some sort of user-centric claim environment. It attempts to use
terminology that is consistent with the other deliverables of the
Verifiable Claims Task Force (you can see a summary of these terms
in Appendix A).
Importance of this Work
People need to make many kinds of claims as part of their
As more important business moves to the Internet, people need
to be able to transmit instantly verifiable claims about their
accomplishments and qualifications. From educational records
to payment account access, the next generation of web
applications will authorize users to perform actions based on
rich sets of credentials issued by trusted parties.
Human-mediated decisions about job applications, collaboration
and professional development will depend on filtering and
analyzing growing amounts of data about individuals'
experience and accomplishments.
Standardization of digital claim technologies makes it
possible for many stakeholders to issue, earn, and trust these
essential records about their counterparties, without being
locked into proprietary platforms.
How to Read This Document
First, review the basic terminology used in section 2. This will give
you a good foundation for understanding the rudimentary examples of how
claims might be
issued and later verified in section 3.
Finally, review the detailed requirements and supporting scenarios in
Section 4. There are also a significant number of "Extended Use Cases" in
Appendix A. We expect these are important, but possibly could be dealt
with in subsequent phases of work.
The use cases in this document are organized around the basic operations that
might be performed on a Verifiable Claim. For each of these
the document captures some high level use cases
grouped by the requirement they represent.
Each use case contains information about its motivation, relative
priority, and one or more examples to help define the target
beneficiaries of its support.
These examples describe basic ways in which Verifiable Claims
might be used. They are not meant to be architecturally constraing. Instead,
they are meant to help illustrate the basic way it could be done in a
typical commerce situation.
Again - please remember that it is just an
example, and should not be thought of as the canonical way such
a claims environment must be implemented.
How a Verifiable Claim Might be Created
In this first example, a user will request a Verifiable Claim - a
confirmation of their identity. Consider this illustration:
Expanding on these steps:
- Jane asks her User Agent to help her get a Verifiable Claim about
- Her user agent connects her to a Certifying Authority that is able
to verify her identity.
- The CA examimes her documentation.
- They are satisfied, so the CA generates a Verifiable Claim for
Jane that includes information about her identity linked to their
own trusted credential.
- The CA delivers the credential back to Jane's User Agent.
- Jane views the credential to ensure it reflects he
- When she is satisfied, she instructs her User Agent to save the
Verifiable Claim so she can use it in the future.
- The UA communicates with her Credential Curator,
instructing it to store the new claim.
- The Credential Curator returns a list of the claims it is
holding for Jane to the UA.
- The UA shows Jane her claim collection - confirming
everything she has available.
How a Verifiable Claim Might be Used
illustrates a simple example of how a claim might be used in a
typical commerce situation. Please remember that it is just an
example, and should not be thought of as the canonical way such
a system must be implemented. First, consider this diagram:
- Jane decides to shop on the web site
- The merchant's site requires Jane be 21 years of age and
requests Jane prove this (via a user agent-supported API call).
- Jane's user agent asks her credential curator for the
- The credential curator shows her three Verifiable Claims
it knows of that
can assert this claim (e.g., her passport, driving
license, and birth certificate).
- Jane selects one of these and authorizes that it be
shared with the merchant.
- The credential curator returns the selected claim as a response
to the user agent-supported API call, which in turn delivers
it to the merchant.
- The merchant's server verifies that the claim is valid
and satisfies the requirement.
- The merchant redirects the user agent to the web site
with appropriate authorization.
- It MUST be possible for any entity to issue a verifiable claim.
- An entity, such as an end user (holder),
wishes to make a claim and would like it to be endorsed by a
different entity (issuer) which may then be trusted by
a potential consumer (credential consumer).
- Jane would like to get a digitally signed credential for her
checking account at MidBank. MidBank offers to provide a
credential asserting that Jane has an account at MidBank and
has access to her associated checking account. MidBank has
performed Know Your Customer clearing (driver’s license,
background check, anti-money laundering blackslist check,
etc.), on Jane which she can use at other financial
institutions. This can help Jane assure destination banks that
she is verified, thereby allaying concerns about misdirected
transactions and money laundering
- Asako just passed the final test to receive a drivers
license. As she is still a new driver, and may be pulled over
for a traffic violation, she would like to receive a credential
asserts a claim that she has right to drive a car. She
requests a credential from the certifying authority
(issuer) that she can use to prove to the officer
(credential consumer) that her claim is
In education, issuers need to reliably identify participants to
ensure that participants are properly evaulated and certificates are
issued as appropriate. A participant that performs a test
on the Web must provide credentials to prove their
identity before taking the test, to allow the system to issue a
credential certifying the test results. These credentials
can then be used as proof of pre-requisites for other courses.
Claims from multiple credentials can be combined into a new credential
which acts as a digital score report, which allows the holder
to do controlled,
multipoint display and distribution (on LinkedIn, Credly,
Parchment, Monster, or Facebook, for example).
Alternatively, a participant may provide evidence of certain
activities (claims) necessary to comply with conformance
requirements e.g., “I have maintained my profession by
following xyz course,” upon which the issuer may provide
a credential asserting these claims.
- Colorado State University is creating several
recognition certificates to help foster a campus culture of
leadership, tolerance and acceptance. The dean’s office
defines the criteria and what evidence is accepted to prove
that the recipient has met the criteria.
- Harper High School teachers define soft skill
credentials to award their students, using a web app that
has badge defining and issuing features.
- A teacher professional development association awards
Penny Chen a digital certificate which claims she has
fulfilled her professional development units and has
demonstrated mastery over common core instruction.
- Brian is taking an online course on web development.
When he completes modules, the website issues badges to him
for module completion and progress through the course. At
the end of the course he has an option to submit his work
and quizzes that are evaluated and then he is issued a
- Book Co. is a the leading provider of electronic textbooks to
higher-ed. A large percentage (near 75%) of integrations with
their partner institutions launch (open) an eTextbook through
the IMSGlobal standard: Learning Tools Interoperability
(LTI). At present Book Co. processes about two million LTI
launches per month. The primary use case for this
organization is: Student logs on to their learning system
(LMS) (credential consumer) and clicks an eTextbook
icon that they would like to study (claim). The LTI
inteGration broker (issuer) needs to subscribe the
student if it’s their first visit. Furthermore it needs to
issue a license (credential) for the eTextbook if none
currently exists. Finally it presents the eTextbook contents
to the student.
- The Veterans Affairs office is working on an initiative to
translate military experience into digitized claims of the
veteran’s skills to help veterans better connect with
employment when they return from duty.
- The Project Management Institute which has been issuing
Project Management certificates for many years is moving toward
digitization of their existing certification program.
- Educause conference issues digital badges to all conference
speakers through a claim code system. Conference speakers are
given a special code, that they input on the educause site
which triggers a badge to be issued to them.
Identifying Credential Holders
- It MUST be possible for an issuer to verify
the identity of a holder. Personally identifiable
information MUST use known data fields in order to enable
credential curation services to protect the recipient’s
- It is important that an issuer ensure that a
holder is who they say they are before issuing important
- When MidBank opens a new account for an entity, it verifies
that entity is who they say they are using a variety of “Know
Your Customer” (KYC) techniques (that may include Verifiable
Claims). Once they are convinced of the entity's
identity, they create the account and issue a
credential that claims the account exists and
the entity has access to it.
- One of the most compelling use cases for Big Shoe Store is issuance
of Loyalty Cards. When a customer applies for Loyalty Cards
either online or at Point Of Sale (POS), he would need to
enclose either SSN or Driving License or State ID. Though
there are secure standards implemented in handling the
information it would be preferable to avoid sensitive
- Big Training Company would like to be able to strongly establish a
learning identity so that when that individual moves
from one institution using their software to another
institution using their software (or someone else’s software)
that identity and the associated accomplishments could travel
with them. The company also wants to be able to validate that
a user using our system is the same person who registered for
courses and will receive credentials during and after
- Authenticating the people using Fuel Fleet Cards
(payment cards) and ACH-based payments is also important.
Credentialing in both cases is critical and uncontrolled by
the card brand. Both are decoupled, and require a payment
system to Know Your Customer” (KYC) and other profile
information – all without passing that source data around. So
in ACH its “I am John Doe, and here is my account
information” in a digital token. Closed loop cards as well.
ACH is just a set of rails, with no authentication beyond RTA
– so credentials are key here (waiting for the first ACH
breach to drive that home – with the source accounts drained
and Reg E the only remedy).
- It MUST be possible for a credential consumer to
- An issuer MUST be able to sign a credential
which can be validated by an arbitrary third party (credential
- Company creates credential and signs with a private key.
Part of the signed data includes the location of the
corresponding public key. A third party having received the
credential can retrieve the public key and verify that the
digital signature is valid. Through other means, they can
choose to trust Company as a valid issuer of
credentials including claims that they require.
Including Personally Identifiable Information
- It MUST be possible for an issuer to include
personally identifable information about a holder.
- In some cases, a claim needs to include other information
which can be used to help verify the identity
of the holder.
- In certain cases, for legal or other reasons,
it may be necessary to capture personally identifiable
information as part of the credential provisioning process. This
would not apply in all cases, but the credential standard would
need to optionally allow for the transmission/exchange of this
information as part of the provisioning process.
Issuer Revokes Claim
- It MUST be possible for the issuer of a claim to
revoke it, after which it will no longer pass verification
- An entity (issuer) discovers that a claim they have issued and are endorsing for an end user (holder), is no longer valid and wishes to revoke the issued claim.
- John opens a checking account at Big Bank Co and is issued a Verifiable Claim
indicating that the account exists, that the bank verified John's identity, and that
John has access to the account. Some time later, John is moving to a new city and
decides to close that account. Big Bank Co needs to revoke that claim as part of their
normal account closing process.
Consumer Interactively Requests Credential
- It MUST be possible for a consumer to request a
credential such that the holder interactively selects if and which appropriate
credential should be sent.
A consumer may require that a holder verify aspects
of their suitability for a transaction. In this case, the
holder must be able to select which, if any,
Verifiable Claim stored with their Credential Curator
is used to satisty the
- Basic website login can be implemented using a
- Roxy visits the FineWines.com website and selects a
number of wines to purchase. The website requests a
proof-of-age and shipping address credential from
Roxy. Roxy's IronVaultCorp credential service delivers
both credentials, allowing her to finalize the
- A bank would like to perform "Know Your
Customer" clearing on a new customer by checking to
see that they are a citizen of Finland and that they have
a current national ID card issued to them by their
government. Once verified, the new customer is authorized to make
- Jorge reads an article on BreakingNews.com and wants
to engage in a discussion in the comments section. The
website requests a verified email address credential to
log him into the site. Jorge’s credential service delivers
the credential, authorizing him to start posting
- Mona sends an international/wire transfer that
requests credentials for both the sender and receiver,
greatly reducing the risk for the remittance by manually
mis-keying the source and destination of the funds.
- Josie is a healthcare worker that has created a
profile on a professional social network to make herself
readily available for new opportunities in the
workforce. She lists her employment history and
credentials including degrees, certificates and digital
badges. The website requests verification of her
credential claims in order for her credentials to
post. The website pings various credential vaults in which
Josie stores her credentials and verifies them before
allowing Josie to post them.
- Seraph initiates a transfer of $45,000 USD to her
parents in Pakistan. She is asked to provide a credential
used during the high-value transfer, further demonstrating
that the correct person is authorizing the transfer.
- Janet visits SamanthasClub.com, and wants to view the
member-only section of the site. The website requests her
membership credential, which she provides. The website
confirms her membership credential is valid and grants her
access to the member-only portion of the site.
- In MOOC and other on-line learning systems being able
to reliably identify participants is vital to ensure the
individual evaluation and certification. A participant
that performs a test certified on the Web must provide his
credentials to prove his identity before the test, and
then to allow the system to issue a secure certificate of
his results to the test.
- Like many telcos (mobile and fixed line alike) are
required by law to assess the legal identity of a person
before allowing them into the network. Originally only
presence of the person in a shop and presentation of an
identity document (ID Card, passport, etc.) was
required. As it is a prerequsite e.g. even for MVNOs to
sell mobile contracts (hence, SIM Cards) in supermarkets
and via TV, copies of said documents, or the use of the
national (proprietary) eID has seen some Adoption.
- Password reset, change of contract modules, tariffs,
etc. might also require credentials beyond the ones give
- For business partners would like to be able to have
them verify their employees to their retirement/401K,
payroll, stock plans and other financial accounts with the
instiution. Also have the business authenticate employees
with authorization to commit payments for their company
for goods and services
- Once enrolled the user is able to authenticate to the
mobile wallet system with at least two factor
- As we move to more self-service modes (institutions
that self-register) we can’t always rely on a trusted
partnership so our business options are limited.
(Consider a bogus ‘MyGarage University’ self-registering
and expecting free review copies of eTextbooks for its
‘instructors’). We need stronger assurances that partners
are who they say they are and are entitled to
institutional or user status.
Consumer Verifies Claim
- It MUST be possible for consumer to verify that the
credential is an authentic statement of an issuer’s claims
about the recipient. The verifying entity must have the
capability to connect the issuer’s identity to its
credential identifier and the recipient’s identity to
their identifier as indicated in the credential. The
issuer’s verification information, such as its public key,
must be discoverable from the credential record and
verifiably linked to the issuer. It MUST be possible to
do this in an automated fashion.
- In many environments (such as order processing) information such as a payer's
address, citizenship, or age need to be automatically verified in order to complete
- When processing orders, Giant Shoe Company wants to be certain
that the shipping address for a customer is accurate (inaccurate
addresses are very expensive in terms of customer service). They
offer a discount for customers who make veriable addresses
available as part of the checkout process.
- For banks and other financial institutions it would be
the ability to verify on-line customer or potential
customer information such a name, address, social security
number, age, employment and salary information, credit
history and various biometrics such as facial and
- A customer presents a driver’s license to buy
alcohol. In the same transaction, the customer buys other
items and presents a SNAP card for payment. The previously
presented driver’s license should be used as an
authentication for both methods of payment without relying
on the competence of the clerk.
- Use similar to the above, but with the ability to
recognize a customer’s loyalty account without additional
information or clerk decision making. This would require
the customer’s permission, preferably at provisioning
- A lot of manual intervention is required to validate
scanned documents. Local knowledge is often required to
verify documents from different jurisdictions.
- It MUST be possible for claims to be associated with
IDs that reveal recipient-controllable amounts of
personally identifiable information.
- Credentials may be issued to an identifier such that
it is possible for the recipient to prove that the
identifier corresponds to them without revealing
personally identifiable information. In the case of a
subpoena, an identity service may be compelled to reveal
additional information beyond what the holder of the
identity wished to transmit.
- June goes to her local beer and wine store to buy a
bottle of wine. She submits her identity credential that
lets the liquor store owner know that she is over 21
without having to reveal her actual DOB, her address, or the status
of her driving privileges.
- A credential contains an identifier that is a hash of
a known identifier (email address) of an individual so
that those who know the recipient identifier can verify
the credential, but those who don’t know the identifier
cannot derive personally identifiable information about
- Transient private communication is difficult, since
the ActivityPump spec requires verifying the that a
message came from its origin, so signatures may help
Managing and Sharing Claims
- An entity sharing a credential MUST be able to control various aspects of
the context in which it is consumed.
- In an attempt to avoid creating permanent credentials that
can be used by any consumer for any purpose, entities sharing
credentials will want to specify a context for their use. This
could include setting expiration dates, allowed consumers and
- Philip is applying for a position as a driver for a package
delivery service. As part of the process, he gives them access to
a clean driving claim from the Department of Motor Vehicles as
well as proof of address and proof of age claims. He sets an
expiration date on each of these and an recipient consumer
context to avoid the credentials being used by other consumers
in the future.
Recipient Collects Counter-signatures for Credential
- It MUST be possible for independent parties to
"sign" a credential
- Some credentials may require that they be
endorsed by specific entities in order to be
- A credential is only as valuable as
the entity that makes the claim and the trust
a credential consumer has in that
entity. That trust can be bolstered if the
claim is endorsed by additional entities.
- MidBank is attempting to establish a solid credit rating and hires
three credit ratings agencies to audit its books. Each firm determines
that the bank should have a AA credit rating and digitally
countersigns the same credential 3 times to demonstrate the credit
worthiness of the bank.
- Two people get married and get a marriage credential which needs
to be digitally signed by the person that married them and the
witness, in that order. The credential is first issued by the person
that married them, and is then counter-signed by the witness.
- Olivia is choosing among summer internships, some of which offer
opportunities to earn badges that are endorsed by her school. These
are badges that could be used to fulfill an interest-driven learning
graduation requirement her district has recently implemented. With the
additional information provided to her by the school’s endorsement of
certain badges, her choice among internships is made much simpler.
This example came from the Open Badges Endorsement Framework Working
Paper, which was created by the Badge Alliance Endorsement Working
Extended Use Cases
In addition to the fundamental use cases detailed in Section 4, the
task force has captured a number of additional use cases that are relevant to the task and should
be kept in mind as further work is done in this space. Those use cases are captured in this
appendix, along with an indication as to their relative importance. This appendix is organized with
a structure similar to that of Section 4.
Making Claims in a Credential
- It MUST be possible for an issuer make multiple
claims in a credential.
- An issuer can make a claim that asserts
something specific about the holder, such as a
qualification, attribute, or the attainment of a particular
defined achievement. Credentials may aggregate multiple claims,
and may include additional information to identify the
- A teacher professional development association awards Penny Chen a digital certificate which claims she has fulfilled her professional development units and has demonstrated mastery over common core instruction.
- Brian is taking an online course on web development. When he completes modules, the website issues badges to him for module completion and progress through the course. At the end of the course he has an option to submit his work and quizzes that are evaluated and then he is issued a badge.
- The state government of California issues Amari a driver’s license after he passes both the written and practice driving tests.
- Educause conference issues digital badges to all conference speakers through a claim code system. Conference speakers are given a special code, that they input on the educause site which triggers a badge to be issued to them.
- Credentials MUST be able to use unambigous names for
- Many claims systems to not include a mechanism to unambigously identify entities. The interoperability of credentials depends largely on market verticals defining and standardizing common terminology in publicly available machine-readable vocabulary documents.
Most (bar WebID-TLS) fail to incorporate unambiguous naming
using HTTP URIs. In addition, entity names don’t resolve to
entity description documents.
- OAuth1 provides assurance of partner identity (Publisher
can trust UCLA is sending the message). But Publisher must
trust the university to accurately identify the user and the
user’s role with respect to the course.
- OAuth2 loses message verification of OAuth1, but needs
to be partnered with other identification protocols.
- SAML / Shib gives more highly trusted identity information
than either OAuth but contains no course context (unlike LTI).
It is considered too complicated for most higher-ed
institutions and near-impossible for the burgeoning K-12
- Education credentials use a common set of vocabularies to establish a credential type, alignment, and criteria.
- Healthcare credentials use a common set of terminology to express licensing status, prescription writing authorization, and which medical facilities the recipient has access to enter.
- Anti-money laundering credentials can be used to report suspicious activity on a global basis by using a common set of terminology to express people and organizations that are engaged in transactions.
- It MUST be possible for anyone to issue a verifiable claim
- An entity, such as an end user (holder),
wishes to make a claim and which they endorse themselves,
such as a qualification, attribute, or the attainment of a
particular defined achievement, acting as an issuer.
- Nice to have
- Mandy has years of experience as a web developer but as an
autodidact, doesn’t have the credentials to prove it when
applying for jobs. Mandy issues herself a credential and includes
information/evidence to support her claim.
Purpose The Country Government does not want to build a
centralised repository for citizen’s self-asserted credentials
such as contact details and perhaps other claimed attributes
such as partner’s name, etc. Alternatively, the objective is to
support the marketplace to develop an ecosystem of local or
global providers that offer the citizen a range of options to
choose from. A standard could enable an approach that would
remove dependence on any particular technology or platform as
the choice of repository for an individual’s self-asserted
profile – for example, personal mobile device, open cloud
service, commercial provider website.
Agency and citizen requirements:
- The government agency requires an applicant’s
contact details – that is self-asserted credentials; for
example, email address, mobile phone, postal address, to
complete their registration process for the agency’s online
- If the customer changes one of these attributes,
the agency would like the option of being notified.
- The citizen wants the means to select specific contact
details from their existing self-managed profile to share with
this particular government agency.
- If the citizen changes one of these attributes they
want to be able to simply update their profile without
explicitly notifying each government agency or
Use case – register with service provider
- Jane applies to the government agency for a
social welfare entitlement.
- The agency requires Jane to authenticate and she
uses her federated login credentials.
- The agency requests Jane’s full name, date of birth,
citizenship and validated bank account.
- Jane opts to assert her online core identity,
citizenship and validated bank account credentials from the
- The agency requests Jane’s contact details.
- Jane opts to provide these from her online profile.
- The agency initiates a request to a
credential/attribute brokering service.
- The brokering service checks Jane’s authentication
- The brokering service retrieves Jane’s identity,
citizenship and validated bank account from the respective
authoritative credential/attribute providers.
- The brokering service retrieves Jane’s profile from
her preferred contact details repository mechanism (personal
mobile device, open cloud service, commercial provider
- Jane selects some specific contact details.
- Jane provides information sharing consent
(if not previously provided) to share identity, citizenship,
bank account and contact details with the requesting
- The brokering service returns the respective
credentials to the requesting agency.
- The requesting agency provides Jane with the
requested welfare entitlement.
- Related use cases Other use cases for contact details
would include initial create and manage contact details profile,
service provider checks for contact details credential change,
citizen notifies multiple service providers about a credential
- It MUST be possible to prove that a holder has a
particular claim without leaking personally identifiable
- Two colluding websites should not be able to collude and build
a more accurate profile of a person. There are many problems with
this privacy requirement. Namely, the Open Web Platform provides
multiple mechanisms like session tracking, supercookies, and
email-based identifiers, that enable colluding websites to track
their users across the Web. Given these existing tracking
mechanisms, a bearer credential solution shouldn’t make the
- Nice to have
- Niambo would like to prove that she is over the age of 13
to get access to a protected website. She has a proof of age
credential that can be used in a pseudo-anonymous fashion. She
proves her age pseudo-anonymously, as the credential consumer
website does not want to track its users, but does want to ensure
that it is compliant from a regulatory perspective.
- A holder MUST be able to claim credentials
issued to different identifiers owned by the holder.
- A holder may collect credentials asserting that
multiple identifiers correspond to their identity so that
they may present credentials issued to several of these
identifiers at once, as long as the consumer of that statement trusts each of the
equivalence credential issuers.
- Nice to have
- When sharing email accounts, forging credentials becomes
easier/more commonplace. There are also accidental information
leakage issues w/ shared credentials.
- Owen received a number of credentials issued to an
employment-based identifier and uses an identifier equivalence
credential issued by his employer to bundle these together with
credentials issued to a personal identifier so that consumers
will trust the different credentials were issued to the same
- Sally was issued a credential from her former high school to
her then school email, email@example.com. Sally has since
transferred to a new high school and wants to be able to claim
that credential still as hers even if her former high school
email is no longer valid.
- When Jabar was 12, he took several online courses on
Khan Academy using his parent’s or teacher’s emails, due to COPPA
regulations that didn’t allow him to create his own account.
During that period he earned various badges and certificates
which, now that he’s 13, he’d like to claim under his own email
Delegating Credential Creation
- It MUST be possible for an issuer to
delegate issuing credentials to end users (holder).
- An issuer would like to provide credentials for
end users while delegating the technical aspects of this to a
third party. A credential authority would be able to authorize 1
or more credential issuers which would in turn be able to issue
secure credentials that are accepted as valid and acceptable by
consumers of the authority's credentials.
- Nice to have
- MidBank offers to provide credentials to account holders,
such as Jane. CredentialsRUs provides a service for busniesses
such as MidBank to use for providing such credentials.
- It MUST be possible for a credential consumer
operating in one language to understand credentials issued in a
different language. A credential MUST be able to be issued to
people that have disabilities (10% of the human population).
- Issuers and Credential Consumers often operate in
different languages, and the basis of the credential MUST be
described in a way which supports interpreting it in multiple
- Company creates a credential with claims.
Such claims need to either be described in multiple languages, or
the claim definition allows an indirection to describe the claim
in different languages.
- It MUST be possible for a holder to initiate transmission of credentials to
- A credential holder may upload one or more
credentials to a consumer service or transmit credentials
by email in order to apply to access an opportunity or
service. The request may be evaluated by an automated
system or by a human adjudicator.
- Umal wants to buy a PG-13 movie from an online
retailer that requires proof of age. He provides a
credential stating that he is over the age of 13 from an
issuer that the store trusts. This enables the online
retailer to avoid collecting information on a minor while
ensuring that the proper age check is performed before
granting him access to the movie.
- Marcus uploads a collection of badges he’s earned from
several summer programs as part of an application for a
summer camp counselor job. He chooses credentials that
showcase his experience with relevant subject matter and
competencies. The decision about who to hire for the job
is too complex for a computer, so a camp administrator
reviews Marcus’s application and considers the
- Our Trade product allows users to trade on the network
but users are required to provide KYC information before
they can use their accounts. Currently we use a
third-party service which allows user to upload scanned
copies of their relevant documents (passport, driver’s
license etc) which, if not automatically verified, require
manual verification. Ideally users should be able to
share digital credentials with us that cover all of our
Shareable Over any Medium
- It MUST be possible for claims to be shareable over
- A recipient of a digital credential may choose to
share their credential through a variety of mediums,
whether email, embed or social media.
- Chiara, who is seeking new career opportunities, wants
to share a list of her credentials with a recruiter. She
takes her credentials from her desktop and includes them
as an attachment to an email she sends the recruiter. The
badges retain their integrity and content.
- Beaver is thrilled to have earned the Associated
Student Board Leader of the Year commendation. He wants to
shout it from the rooftops and accordingly shares it on
his various social media accounts including Facebook,
Twitter and LinkedIn.
- It MUST be possible for the recipient to restrict the
uses to which their claims can be put
- A recipient of a digital credential may choose to
include information that asserts what their information
may be used for.
- Rosa is transmitting her email address to a group
buying website and wants to ensure that her email address
will not be used for unsolicited emails. She attaches a
"no advertising" assertion to her email
credential to ensure that it isn't re-transmitted to 3rd
parties for advertising purposes.
Collectible and Searchable
- It MUST be possible for claims from different
recipients to be collected and searched.
- A credential consumer who has been presented
credentials from a large number of candidates can sort and
filter those candidates by credentials they have received
and claims made by those credentials.
- Nice to have
- Steve, an HR recruiter searches his database of
job-seekers for a position that requires a particular
defined credential.Steve narrows a list of candidates to
those who have a valid passport credential.
Verify Claims for Multiple Recipients
- It MUST be possible to simultaneously verify claims
for multiple recipients.
- Transactions done by third parties often need to
confirm the claims of the two other parties to the
- Physician writes a prescription, electronically on iPad application.
- Physician transmits to a PBM or Pharmacy.
- Transmission contains physician’s key credentials
that would allow the transaction to complete (all of
which can “expire” or be revoked at any moment in
time), like NPI Number, Professional License, DEA
Registration, Network Enrollment, PECOS Enrollment,
- Transmission contains patient’s key credentials
that would allow the transaction to complete (all of
which can “expire” or be revoked at any moment in
time), like drug allergies, other prescribed drugs
(inter-actives), Network/Payer enrollment,
Medicare/Medicaid enrollment, Drug Program enrollment
- Credential consumer (PBM/pharmacy) pass or fails
transaction based on received credentials from both
- Company is involved in the issuance and consumption of
credentials as “social currency” to prove reputation and
ascertain privilege on the Web. A credential is defined as
a digitally signed data document that represents
authoritative claims issued by primary source data
providers to an entity (i.e., person, place or
thing.). First major use case: An example would be a
nursing license issued by a government agency. The holder
of a nursing license credential can offer it via their
browser to a web site as proof of required attributes. For
instance, if a web site requires a visitor to hold nursing
license to gain access, the site would request the nursing
identity credential from the visitor’s IdP to authenticate
the visitor by inspecting and verifying the provided
credential status and authenticity. The nurse should be
able to keep private the use of the web site from the
IdP. Second major use case: Prior to filling and handing
over a prescription to a patient, a pharmacy needs to:
ensure the doctor’s credentials are valid and none of them
violate a business rule; that the prescription data has
not been tampered with; and authenticate the person
picking up the prescription is or is appropriately
associated with or an official proxy of the patient. Using
digital credentials, these processes can be largely
automated and streamlined. For example, when a doctor who
writes a prescription, a digitally-signed credential can
be generated that contains the prescription and an
identifier for the intended patient. Linked to the
credential can be another credential that contains the
doctor’s License, DEA Registration, National Provider
Identifier (NPI), Medicare/Medicaid Enrollment Status and
Exclusion/Debarment status. The patient can be issued a
credential that can be used to prove they are associated
with the identifier. The pharmacy prescription system can
now independently verify all of the above via these
digital credentials at the point of sale terminal or even
over the Web.
- Entry Point Processing: verifying credentials of a
healthcare transaction participant (broadly) - - hundreds
of applications for this.
Verify Transaction Occurrence
- (**NB**: This requirement might be better as the
consequence of some other requirements) It MUST be
possible for claims to be used in a way that verifies that
a transaction has occurred.
- Transactions such as purchases often need to be
verified later, such as when the purchased item is picked
up. Being able to track this without a separate database
could be useful.
- From the processor perspective, issues surrounding the
merchant integration of retail with web shopping - there
is great interest in cases where a customer will pay
online and then pick up in in-store; or if a customer were
to place the order online and then pay at the pick-up.
Additional areas of concern from instances of Card not
present or online shipping where items may be delivered in
split shipments requiring multiple authorizations or an
item is on back order and the customer wants to complete
the transaction - or even instances of advanced orders
contingent on future availability.
- Many other use cases - examples include reversing
payments (refunds/chargebacks), status enquiries
- There are other use cases of identity verification for
selling different items, pick up of orders, employee
credential verifications etc.
Adding Third-party Info
- It MUST be possible to attach third-party information
- Verifiable claims can be made for reputation or
history credentials such that the data associated with the
claim is an essential part of the claim.
- We are primarily interested in credentials in relation
to content and annotation ownership. Our use cases center
around moderation of annotations, cumulative reputation
for credentialed individuals, notification (where
possible) to content owners that their content is being
annotated or their annotations are being replied to, as
well as content and annotation distribution and publishing
vetted by a distributed reputation system (permission to
publish based on merit, explicit permission).
- Tools are increasingly providing analytic results and
possibly results to formative assessments (quizzes) or
summative assessments (tests). These values need to be
secure and guaranteed to be associated with the student
that generates them.
Verifiable Claims as Qualifiers
- It MUST be possible for verifiable claims to be used
as qualifiers for an action of transaction.
- Verifiable claims may be used to determine eligibility
rather than identity.
- Age-restricted consumer products companies (CPGs) have
largely been excluded from price-reduced promotions – a
$500B market in the US - to targeted consumers largely due
to the requirement to ensure the promotion does not
encourage under-age sales. Digital identity can provide
value to the consumer, CPG and merchant by opening up this
currently closed market to age-restricted sales. A beer
brewer wants to provide a digital promotion to an ‘of age’
consumer. To obtain the promotion on their mobile, the
consumer must prove their age to the beer company (so as
not to run afoul of age laws) to obtain the promotion
token. Proof of age must be digital and tokenized,
incorporated within the mobile device, and validated by a
trusted service provider. Upon validation of age, the
brewer issues the promotion to the mobile, ideally with
the age verification token embedded in the promotion token
(for validation at POS). The consumer then selects the
promoted product at the convenience store, which is
scanned at the POS. The consumer elects to apply the
promotion and passes BOTH the promotion token and age
verification token to the POS which matches tokens. With
a successful match, the promotion is applied to the sale
and price is discounted. The store then ‘settles’ the
promotion with the brewer; seeking payment from the
brewer, retiring the promotion token and posting proof
that age verification was assured for proof with
regulatory agencies. This same process – minus the token
– can be applied in all age-validated sales within a
convenience store; reducing or eliminating the store’s
liability to under-age sales and keeping age-restricted
products out of the hands of youth
- I think there are two use cases that would be
important to Company. The first is when verifying that
new users are who they say they are. We require that all
users have a company.com
account in order to shop with us, so that either results
in a returning user signing in or a new user creating an
account. It would be good to have the ability to verify
with a credentials solution that the customer signing up
with us was who they say they were. The second case is
relative to selling restricted items. If we had a good
way to validate a customer was qualified to purchase that
restricted item with us then I think that could eliminate
a good deal of friction from the process.
- We see a need for analyzing a bundle of credentials to
help match or qualify a person for educational, workforce,
and personal opportunities. Doing so requires that the
credentials meet the needs for our use case mentioned
above in Question 4 and that the credential ecosystem can
live on the web and within the web’s linked data standards
and methods of data and privacy protection, security,
sharing, and consumption. We need credentials to be part
of the web ecosystem to keep us from having to develop
independent systems and applications for managing
- Establish a framework for fully embedded assessment
model built on personal, academic, social, and
- Claims processing: patient credentials (insurance
coverage/enrollment, admitted to a facility or study
Use Existing IDs as Claim(s)
- It MUST be possible for existing IDs to be used as
claims, assuming there is an entity that will verify
- We do promote the use of LEI, the Legal Entity
Identifier. This is focussed on banks, which will provide
certainty in financial trades. E.g.,:
- Identification and storing in repository of trades
between financial Institutions and customers;
- Due diligence in correspondent banking;
- Identifying banks with LEI is for some cases a
more precise way than presently done through BICs,
though we have no plans to change the usage of BIC in
our RTGS payment system.
- indeed KYC, and also FATF.
- We are building various decentralized applications
(dApps) and platforms that all make use of our
ID/Persona/Reputation system. “Sign in” to these dApps is
accomplished via the wallet that we have built which
serves as a container for ID/Persona. A small number of
examples of the systems that use this
ID/Persona/Reputation construct include Product, our
prediction markets platform, our Poker platform, and Music
Platform, our open music industry platform
- We integrate with many products and each product has
it’s own credentialing system. Some use LDAP, but that is
not consistent. This causes headaches because we don’t
know which account to assign which user, especially if
they use the account to store data. Will be nice to have a
centralized Identity server (like OpenID connect)
- Will be nice to know userid, and organization ID (for
- We are using Identity Credentials, and they are
designed to address deficiencies in OpenID, OAuth, and
- It MUST be possible for claims to be combined together
in order to meet complex requirements.
- Credentials may be displayed together in order to meet
complex requirements or prove qualification more
substantively than would be possible with one credential
- Marisol wants to open a bank account at a new
bank. The bank requires two valid forms of
identification. She uses a US Passport credential and a
Colorado driver’s license credential to prove that she is
who she says she is to the bank.
- Willie is transferring between universities and wants
to ensure he gets credit for work he did at his old
school, so he bundles the credentials he received for his
course work with a 3rd party’s endorsements that he knows
the new school trusts, so that the new school is more
likely to accept the credentials.
- Idris wants to take the introduction to organic
chemistry which is an upper division course. In order to
qualify for that course, Idris needs to have proven that
he’s taken Biochemistry and Physics. He proves that he’s
taken these prerequisite courses which unlocks the
opportunity to enroll in the organic chemistry
- Multiple credential issuers issue Jane a set of
credentials for her shipping address, loyalty card,
payment instrument, proof of age, and email address. When
she goes to a new store to buy something, all of those
credentials are requested by the merchant in a single
credentials request. The credentials are delivered via the
browser from Jane’s credential storage service to the
merchant’s website and Jane initiates the payment
process. Jane does not have to fill out any form
information or register with the website to complete the
purchase since her credentials contain everything the
merchant needs to finalize the transaction.
- A user wants to open his online banking portal, but he
is on holiday and does not have his hardware token
received by the bank with him. The banking portal requires
a level of assurance level 3 to enter. According to ISO
29003/29115 (see annex B and table 5) it should be
possible to use his combination of passport (primary level
credential), driver’s licence and bank card of another
bank(two secondary level credentials) and his insurance
card (tertiary level credential) to access his bankin
portal. However, he does not want to send those
credentials over the internet, but the issuers of the
credentials are asked to confirm per credential that the
user indeed owns those credentials and that they are
- CDD Customer Due Diligence: achieving certainty on the
identity of a new customer and possible other data such as
address and age. Alice, who wants to use specific
services the bank is offering, wants to activate a
relationship with the bank. She allows the (local)
government to give the bank access to her e-ID document
and address and age data. After successfull verification
of Alice’s identity and checking against CDD-lists such as
OFAC, the bank activates the relationship and provides
Alice with a bank-related identity which she can use to
access the banks services.
Managing and Sharing Claims
Entity Composes Claims to Meet Consumer Needs
- Entities represented by one or more claims will want to be
able to compose them into a shaped representation to meet the
needs of specific consumers.
- The space for exchanging claims will involve both entities
being described and consumers interested in the claims. This
will include consumer interest in retrieving the claims about
specific entities as well as groups of entities matching an
expressed query. In order to be more easily found in this space,
entities will want to be able to structure their claims to match
these expressed queries.
- An intellectual property law firm has a specific interest in
recent law graduates with a background in computers. While
perusing a page of open positions, Allison discovers this
opening and sees the persistent query associated with it.
She is interested in this job and creates a compsite of her
credentials that highlight both her law degree from last year
and her Bachelor of Science in computer science.
- On a social networking site dedicated to
matchmaking investors, Antoine finds an individual that knows a
friend of his interested in partnering on a financial services
venture. As a means of introducing himself and standing out, he creates a composite credential that highlights
the social network connection and a series of articles he has
written in relevant trade journals.
Endorsement on self-claims
- It MUST be possible for an entity to endorse a self-made claim by a
recipient that asserts something specific about herself, such as a
qualification, attribute, or the attainment of a particular defined
- An organization or individual can endorse a self-made claim by a
recipient that asserts something specific about herself, such as a
qualification, attribute, or the attainment of a particular defined
- After Mandy issues herself a credential with the supporting
evidence and information, she reaches out to her previous clients
including various sized organizations for which she’s done development
work requesting they endorse the self-issued credential. Several
organizations oblige and endorse the credential.
Endorsement of Issuers
- It MUST be possible for an entity to endorse certificates
associated with an issuer.
- A credential is only as strong as the trust credential consumers have in
the credential's issuer. In order to enhance that trust, an issuer may choose
to have their own credentials available and endorsed by other, (supposedly) more
trusted entities. A credential consumer could examine these endorsements to
determine if entities they trust already trust this issuer - thereby
increasing theirn owk trust in the issuer.
- Nice to have
- Jim shares a Verifiable Claim with a prospective employer about the results of taking
a certification course.
The claim was issued by the course provider - Bob's School o' Programming.
The employer's system looks at the claim, but is not familiar with the issuer.
The issuer has included a URI for their own Verifiable Claim in the certification,
and the employer's system retrieves that.
The issuer's claim was issued by "Big Computer Corporation", a multi-national that
the employer's system is familiar with.
The system decides that it can trust the issuer, and therefore Jim's Verifiable
- Big Testing Service (BTS) provides online test management for a large collection of
training organizations - connecting those organizations to various online testing
providers and capturing test results. Systems such as LTI (Learning Tools Interoperability)
can be used by BTS to certify that they are who they are, and the
online testing providers are who they claim to be. Unfortunately, LTI does not
extend to the tire of BTS' clients, nor to the end users who are taking the tests.
Organizations outside of that
community need a way to know that Verifiable Claims issued by BTS and their clients
are valid. Endorsement of the BTS claims by the online testing providers, and
endorsement of BTS clients by BTS, helps establish the trusted relationship.
The editor is thankful to the following contributions from the
Web Payments Workshop, the Web Payments Community Group, and the
Credentials Community Group, specifically (in alphabetical order): TBD