About Digital Credentials
A Digital Credential (DC) is a cryptographically verified digital attestation, evidence, or proof of qualification, competence, or authority issued to an entity, either individual or person, by a third party with relevant authority or assumed competence to do so.
What is a Digital Credential?
Definition & Essentials
Use Cases of Digital Credentials
Digital credentials enable a user-centric and user-controlled approach to data sharing with a wide range of applications across Web2 and Web3 space. It varies from the Metaverse and Banking, Crypto Lending and DeFi to Travel and Healthcare, and the list can go on.
They could be used for both high-trust, e.g. know your customers (KYC) or credit scores, down to low-trust data, such as personal preferences or addresses. For instance, as customers become more mobile between companies, they can re-use their KYC information to onboard quickly and seamlessly without repeating the process over and over again. The same applies to bringing credit score and file with a user to access tailored DeFi or CeFi lending products.
On the low-trust side in the e-Commerce/retail space, digital credentials allow users to share relevant details instantaneously without needing to type all of them out multiple times on each marketplace, for instance. Since this data comes from a trusted source, the seller can be confident in its accuracy and trustworthiness. This reduces friction and risk for the customer, the potential fall-out in the checkout process for the seller, and prevents fraud.
Digital credentials also provide an excellent way for organisations to share certifications or audit results with each other. This is especially relevant when the results can be passed up the chain or shared with the user to secure the entire supply chain-facing organisation. It does this fully digitally without any need for a central authority.
Finally, from a community engagement perspective, digital credentials are a game-changer. They incentivise and engage Web3 communities through learning credentials, they could also protect users from scams and fraud across the likes of Telegram and Discord.
The Lifecycle of Digital Credentials
There are three entities crucial for the lifecycle of digital credentials: the issuer of the data, the holder of the data, and the requester of these data. A common example involves a third-party requester, such as a prospective employer, asking for proof of identification. The job candidate, as a holder, presents their passport (usually in the form of a photo) and shares it with the requester (often via unsecured email). In order for the requester to actually verify the identity, they would need to send this information to the issuer (the holder’s home government) and request they review the document and verify its authenticity. As most people do not have the ability to use this process, the most the requester can do is look at the name and photo of the passport and make the judgement that they match up with the job candidate. While use cases of identity/credential verification are endless, this example highlights the overall process and flaws of the current state.
With digital credentials, there are still three entities, but their roles are different. The issuer provides the holder with data (identification, college transcripts, etc.), and the claim is signed cryptographically. This issuer’s signature is registered to a verifiable data registry, such as a blockchain for verification later. The holder has custody of their data and can choose what to share with interested parties. Where there is a need to verify a claim, the holder can send the necessary claim to a third-party verifier, which performs the verification for the benefit of the requester. This verifier is able to take the tamper-proof file and check the signature against that of the one on the blockchain. If the signatures match, it verifies that the data came from the issuer and that they have not been tampered with. As the signature is stored and immutable on-chain, the issuer is not involved with the process of verification. Importantly, personally identifiable information isn’t stored on the ledger. All information is secure and can be shared privately thanks to the on-chain trusted identifiers signatures and off-chain storage of personal data. This means that no personally identifiable information is stored on-chain.
Digital vs Physical Credentials
Conceptually digital and physical credentials are very similar aside from the obvious – the digital part. Physical credentials often have a signature or security feature which proves who and where issued them – holograms are a good example of these. Whenever physical credentials are used, the issuer doesn’t receive a record of where, how or why that credential has been used. Physical credentials can be used together in many combinations, e.g. during COVID, individuals often were requested to provide their passport, boarding pass, passenger locator form or PCR test. There is also a market of some kind – individuals can get their proof of address from their bank(s) or any of your utility providers, meaning they have multiple sources. The credentials are stored with the individuals.
However, the physical credentials can hardly support selective disclosure. Of course, depending on how they are being shared, one can redact information. However, with credentials like driving licences, individuals inevitably share more information than is necessarily needed.
Digital Credentials vs Surveillance Capitalism
Data about individuals is typically generated or captured through surveillance and monitoring by companies, aggregated, analysed and monetised, often without the participation of the individual. This means that this personal data is rarely under the control of the individual as it is stored with and owned by companies. Often when data is used outside of where it was originally generated, the behaviour of the user is tracked or used to generate even more data, e.g. google login observing a user’s behaviour.
It is the exact opposite with digital credentials. Personal data lives and is under the control of the individual. It is intended to be private by default. Digital credentials use is not linked to where they were issued or originated, which means they can not be tracked.
Digital Credentials vs NFTs and SBTs
One of the major advantages of digital credentials compared to NFTs and SBTs is that credentials are off-ledger, meaning no personally identifiable information is stored on-chain. This makes them private by default. Secondly, digital credentials are revocable (i.e. an issued certificate has expired) and suspendable (temporary revocation). They are also composable, for example, multiple combinations are possible without revealing all. Finally, similarly to the SBTs, credentials are non-transferable, although can be re-issued.
Both NFTs and SBTs are stored on-ledger. And NFTs are public by default. While NFTs are transferable, SBTs aren’t. There are, however, some nuances around private NFTs, but it doesn’t change how NFTs are designed in principle.
Digital vs Verifiable Credentials
While Verifiable Credentials are a type of Digital Credentials, the term “Verifiable Credentials” is often associated with the W3C Verifiable Credential Data Model. The term “Digital Credential” is a broader term which is able to encompass other credential standards such as the International Organization for Standardization (ISO) mdoc/mDL or Hyperledger’s AnonCreds.
Author Bio:
This article was prepared by Fraser Edwards, who is the CEO & co-founder at cheqd (cheqd.io). Prior to cheqd, he led a digital identity pilot for the World Economic Forum and the Dutch and Canadian governments. Fraser has patents in cross-ledger payments and advised the Singaporean and Canadian Central Banks on cross-blockchain payments. Blending technology and business acumen and rarer experience, he has deep consortium and decentralized identity or self-sovereign identity knowledge. His particular sweet spot is at the intersection of digital identity and blockchain and its application across sectors (DeFi, CeDeFi, Metaverse, NFT, Gaming, Healthcare, Travel, Supply Chains etc.). Fraser can often be seen speaking at leading industry events, such as Websummit, Money 20/20, the European Blockchain Convention, The European Identity and Cloud Conference, Cosmoverse and others. Fraser is also a regular contributor to the likes of Cointelegraph (also here and here), Yahoo, Bloomberg, The Paypers, Biometric Update, Crypto News, and others.
You can reach out to Fraser via his LinkedIn
