Verifiable Credentials are machine-verifiable, tamper-evident data structures that contain authentic data that has been signed by one or more trusted parties in the network (called Issuers) and can be securely disclosed to an authenticated party (a Verifier). VCs are recognized by the W3C and other standards bodies as a recommended format for secure data sharing.

Credentials are created, signed, and moved to a holder in a process called issuance. A holder can later present 1 or more credentials, much like stamps in a passport, to meet the definition of a credential request. The scopes for issuing and verifying credentials can can be flexibly configured depending on the use case.

VCs are privacy-preserving by default because credential presentation is not an all-or-nothing activity. VC-based identity is composable at the point of presentation—this ensures that a verifier only accesses formation according to the request definition without compromising the privacy of the person who holds it by revealing additional data.

A DID is globally unique, cryptographically verifiable ID that connects to a DID document, containing information about the DID subject, such as public keys. DIDs are used to sign secure messages, credentials, and perform reciprocal authentication. Holders, verifiers, and issuers all possess DIDs. Some DIDs are blockchain based, some are not. For a deep dive on our supported DID Methods, jump to our docs.

DIDComm is a flexible messaging protocol built on top of DIDs that allows for composable messaging and mutual authentication while guaranteeing sender identity, message confidentiality, non-replayability, and non-reputability. By combining DIDs with VCs, we provide new vectors to fight fraud, phishing, and vulnerability without compromising flexibility and privacy.