To express affirmations towards a specific subject, a type of identifier is used that helps all the entities involved to express themselves about the same subject in a precise way.

We then introduce the property “id”. The latter therefore has the purpose of unequivocally referring to an object, a person, a product, or an organization. Using this property then allows the expression of statements regarding a specific topic of the verifiable credential.

If the id property is present:

• The id property MUST express an identifier that other entities will use to expose claims about a specification; characteristic identified by the identifier;
• The id property MUST NOT have more than one value;
• The value of the id property MUST be a URI.

The example below uses two types of identifiers:

• The first is for the verifiable credential and uses an HTTP URL;
• The second identifier is for the subject of the credential and uses a decentralized identifier, the DID.

To express affirmations towards a specific subject, a type of identifier is used that helps all the entities involved to express themselves about the same subject in a precise way.

We then introduce the property “id”. The latter therefore has the purpose of unequivocally referring to an object, a person, a product, or an organization. Using this property then allows the expression of statements regarding a specific topic of the verifiable credential.

If the id property is present:

• The id property MUST express an identifier that other entities will use to expose claims about a specification; characteristic identified by the identifier;
• The id property MUST NOT have more than one value;
• The value of the id property MUST be a URI.

The example below uses two types of identifiers:

• The first is for the verifiable credential and uses an HTTP URL;
• The second identifier is for the subject of the credential and uses a decentralized identifier, the DID.

A verifiable credential contains statements regarding one or more subjects. This specification defines the credentialSubject property.

A verifiable credential MUST have the credentialSubject property. The value of this property is defined by a set of objects that contain one or more characteristics referring to the subject of the credential

In a credential, it is also possible to express information regarding several subjects, for example, husband and wife.

It is possible to express information related to multiple subjects in a verifiable credential. The example below specifies two subjects who are spouses. Note the use of array notation to associate multiple subjects with the credentialSubject property.

A verifiable credential contains statements regarding one or more subjects. This specification defines the credentialSubject property.

A verifiable credential MUST have the credentialSubject property. The value of this property is defined by a set of objects that contain one or more characteristics referring to the subject of the credential

In a credential, it is also possible to express information regarding several subjects, for example, husband and wife.

It is possible to express information related to multiple subjects in a verifiable credential. The example below specifies two subjects who are spouses. Note the use of array notation to associate multiple subjects with the credentialSubject property.

The issuanceDate property expresses the date and time when a credential becomes valid.

The credential MUST have the issuanceDate property. The value of this property must be a string of values that includes date and time. The time indicated in the string defines the closest moment in which the information associated with the subject of the credential becomes valid.

The issuanceDate property expresses the date and time when a credential becomes valid.

The credential MUST have the issuanceDate property. The value of this property must be a string of values that includes date and time. The time indicated in the string defines the closest moment in which the information associated with the subject of the credential becomes valid.

At least one validation mechanism, and the details needed to evaluate such evidence, MUST be expressed for a credential or presentation to make it verifiable.

Two different mechanisms are identified: one external and one integrated. The external mechanism represents the expression of this data model, like the JSON Web token. In the integrated mechanism, however, the proof is included in the data such as a Linked Data Signature.

One or more cryptographic proofs can be used to detect tampering and verify the authority of a credential. The specific method used MUST be specified using the “type” property.

If a digital signature is used for the validation mechanism, the “proof” property must contain the name of the signatory, a reference, and the date on which he signed.

At least one validation mechanism, and the details needed to evaluate such evidence, MUST be expressed for a credential or presentation to make it verifiable.

Two different mechanisms are identified: one external and one integrated. The external mechanism represents the expression of this data model, like the JSON Web token. In the integrated mechanism, however, the proof is included in the data such as a Linked Data Signature.

One or more cryptographic proofs can be used to detect tampering and verify the authority of a credential. The specific method used MUST be specified using the “type” property.

If a digital signature is used for the validation mechanism, the “proof” property must contain the name of the signatory, a reference, and the date on which he signed.

Presentations can be used to combine and present credentials. They can also be “packaged” in such a way as to demonstrate the authority of the data. The data in the presentations are usually related to the same subject, but there is no limit to which subjects can be included. The aggregation of information deriving from different credentials is the most common use of presentations.

Presentations can be used to combine and present credentials. They can also be “packaged” in such a way as to demonstrate the authority of the data. The data in the presentations are usually related to the same subject, but there is no limit to which subjects can be included. The aggregation of information deriving from different credentials is the most common use of presentations.

One of the objectives of the SSI model is to enable innovation without authorizations. This approach is commonly called the “open world assumption”, meaning any entity can make claims about any other entity.

Let’s assume a developer wants to extend the credential with two more pieces of information: an identification number and favorite food. The first thing to do is to create a JSON-LD context containing the two new terms, as shown below.

After this step, the developer publishes the document so that verifiers can verify the credential.

Assuming the JSON-LD context is published at https://example.com/contexts/mycontext.jsonld, we can now extend this example by including the context and adding the two new properties to the verifiable credential.

One of the objectives of the SSI model is to enable innovation without authorizations. This approach is commonly called the “open world assumption”, meaning any entity can make claims about any other entity.

Let’s assume a developer wants to extend the credential with two more pieces of information: an identification number and favorite food. The first thing to do is to create a JSON-LD context containing the two new terms, as shown below.

After this step, the developer publishes the document so that verifiers can verify the credential.

Assuming the JSON-LD context is published at https://example.com/contexts/mycontext.jsonld, we can now extend this example by including the context and adding the two new properties to the verifiable credential.

The terms of use are used by the issuer or the holder to communicate the terms under which the credential or presentation was issued. The issuer includes the terms in the verifiable credential, while the holder places them within the verifiable presentation.

The value of this property informs the verifier which actions he is obliged to do, which ones are not allowed and which ones are allowed.

In the example below, the issuer prohibits the verifier from archiving the data provided.

The terms of use are used by the issuer or the holder to communicate the terms under which the credential or presentation was issued. The issuer includes the terms in the verifiable credential, while the holder places them within the verifiable presentation.

The value of this property informs the verifier which actions he is obliged to do, which ones are not allowed and which ones are allowed.

In the example below, the issuer prohibits the verifier from archiving the data provided.

Schemas are useful for reinforcing a specific structure referring to a given collection of data.

There are at least two types of schemes:

• A data validation scheme is used to verify that the structure and content of a credential conform to the published scheme.
• A data encoding scheme is used to map the content of a credential into another format, such as the binary format used for zero-knowledge testing.

Using the credentialSchema property to allow validation of the JSON schema:

Schemas are useful for reinforcing a specific structure referring to a given collection of data.

There are at least two types of schemes:

• A data validation scheme is used to verify that the structure and content of a credential conform to the published scheme.
• A data encoding scheme is used to map the content of a credential into another format, such as the binary format used for zero-knowledge testing.

Using the credentialSchema property to allow validation of the JSON schema:

A zero-knowledge test is a cryptographic method in which an entity can try to another entity to know a certain value without revealing the actual value. For example, it can prove that a university has issued a diploma to Tom without revealing the identity of the boy or any other information related to his person contained in the diploma itself.

The key credential holder abilities introduced by this mechanism are:

1. Combine different credentials, issued by different issuers in a single presentation without revealing the credential or subject to the verifier.
2. Carefully choose the information in the credential to be provided to the verifier.
3. Produce a derived credential that has a format compatible with the scheme used by the verifier, without the need to involve the issuer.

To use zero-knowledge credentials, the issuer must issue a credential such that the holder is able to present the information to the verifier while maintaining a certain level of privacy.

A zero-knowledge test is a cryptographic method in which an entity can try to another entity to know a certain value without revealing the actual value. For example, it can prove that a university has issued a diploma to Tom without revealing the identity of the boy or any other information related to his person contained in the diploma itself.

The key credential holder abilities introduced by this mechanism are:

1. Combine different credentials, issued by different issuers in a single presentation without revealing the credential or subject to the verifier.
2. Carefully choose the information in the credential to be provided to the verifier.
3. Produce a derived credential that has a format compatible with the scheme used by the verifier, without the need to involve the issuer.

To use zero-knowledge credentials, the issuer must issue a credential such that the holder is able to present the information to the verifier while maintaining a certain level of privacy.

The data associated with the verifiable credential stored in the credential.credentialSubject field is susceptible to privacy violations when shared with verifiers. Personal data, such as the identity card number, address, and full name, can be easily used to determine, track and correlate an entity.

The data associated with the verifiable credential stored in the credential.credentialSubject field is susceptible to privacy violations when shared with verifiers. Personal data, such as the identity card number, address, and full name, can be easily used to determine, track and correlate an entity.

Even in this case it is essential to maintain a high degree of anti-correlation, it is recommended that the signatures made to the credentials are regenerated each time using technologies such as zero-knowledge proofs, group signatures, etc.

Even in this case it is essential to maintain a high degree of anti-correlation, it is recommended that the signatures made to the credentials are regenerated each time using technologies such as zero-knowledge proofs, group signatures, etc.

A bearer credential is an information that promotes privacy; an example could be a concert ticket, which entitles the holder to enjoy this resource without revealing sensitive information about the holder. They are often used in low-risk cases where sharing credentials does not imply economic or reputational losses. They must be carefully created to ensure that they cannot accidentally disclose more information than requested. The use of these credentials in several different sites creates a high risk of correlation.

Issuers of bearer credentials must ensure that the credentials bring privacy benefits, namely:

• Disposable, where possible
• They do not contain any personal information
• They are not excessively correlatable.

Owners must be warned by their software if their credential containing sensitive information is issued or requested, or if there is a risk of correlation when the subject combines two credentials of this type.

A bearer credential is an information that promotes privacy; an example could be a concert ticket, which entitles the holder to enjoy this resource without revealing sensitive information about the holder. They are often used in low-risk cases where sharing credentials does not imply economic or reputational losses. They must be carefully created to ensure that they cannot accidentally disclose more information than requested. The use of these credentials in several different sites creates a high risk of correlation.

Issuers of bearer credentials must ensure that the credentials bring privacy benefits, namely:

• Disposable, where possible
• They do not contain any personal information
• They are not excessively correlatable.

Owners must be warned by their software if their credential containing sensitive information is issued or requested, or if there is a risk of correlation when the subject combines two credentials of this type.

When the possessor decides to share information with the verifier, it may occur that the latter acts in bad faith and requests information that can be used to harm the possessor.

Issuers should try to minimize information as much as possible so as not to make it catastrophic if they share their information with the wrong counterparty. For example, instead of sharing the bank account number to enable the view of the balance, it is possible to provide a token that authorizes the verifier to find that the balance exceeds a certain amount.

When the possessor decides to share information with the verifier, it may occur that the latter acts in bad faith and requests information that can be used to harm the possessor.

Issuers should try to minimize information as much as possible so as not to make it catastrophic if they share their information with the wrong counterparty. For example, instead of sharing the bank account number to enable the view of the balance, it is possible to provide a token that authorizes the verifier to find that the balance exceeds a certain amount.

Despite numerous efforts to ensure data protection, the use of verifiable credentials can lead to the loss of privacy. This can happen when:

• The same credential is presented to the same verifier more than once. The verifier can infer that the individual is the same.
• The same credential is presented to several verifiers, but these verifiers cooperate. They can then assume that the person who presented the credential is the same.
• The identifier of a subject refers to the same subject in multiple presentations or to multiple verifiers. Even when various credentials are presented, but the identifier is the same, the verifier can infer that the owner of the credential is the same.

Despite numerous efforts to ensure data protection, the use of verifiable credentials can lead to the loss of privacy. This can happen when:

• The same credential is presented to the same verifier more than once. The verifier can infer that the individual is the same.
• The same credential is presented to several verifiers, but these verifiers cooperate. They can then assume that the person who presented the credential is the same.
• The identifier of a subject refers to the same subject in multiple presentations or to multiple verifiers. Even when various credentials are presented, but the identifier is the same, the verifier can infer that the owner of the credential is the same.

• The information contained in a credential can be used to identify an individual. The verifier can relate the owner to an existing profile using this information.

In part, these risks can be mitigated:

• Use a universal identifier for any subject’s credential and not reusing the same credential.
• Build revocation APIs that do not depend on the credential id.
• Avoid the association of personal information with any long-standing identifier.

Some aspects of the model described can be protected through the use of cryptography. It is important for actors to understand the meaning of the rooms and cryptographic libraries used to create and process credentials and presentations. Implementing and overhauling cryptographic systems requires a high level of experience.

These libraries have a limited lifespan and can be subject to attack or technological advancements. The quality control systems must ensure mechanisms that are able to update these rooms if they have expired and invalidate the credentials contained by replacing them with new ones. Monitoring is important to ensure the validity of these credential processing systems over time.

Some aspects of the model described can be protected through the use of cryptography. It is important for actors to understand the meaning of the rooms and cryptographic libraries used to create and process credentials and presentations. Implementing and overhauling cryptographic systems requires a high level of experience.

These libraries have a limited lifespan and can be subject to attack or technological advancements. The quality control systems must ensure mechanisms that are able to update these rooms if they have expired and invalidate the credentials contained by replacing them with new ones. Monitoring is important to ensure the validity of these credential processing systems over time.

These types of credentials are not verifiable as the authenticity is unknown or cannot be verified anyway.

These types of credentials are not verifiable as the authenticity is unknown or cannot be verified anyway.

When credentials are stored on a device and the device is stolen or lost, it is possible for someone to log into the system using the victim’s verifiable credentials.

The ways to avoid this risk are:

When credentials are stored on a device and the device is stolen or lost, it is possible for someone to log into the system using the victim’s verifiable credentials.

The ways to avoid this risk are:

The new proposal for digital identity regulation is intended to identify the limitations present in eIDAS, improving the effectiveness of the framework and extending the benefits to the private sector.

The eIDAS SSI bridge assists the issuer in the process of signing a verifiable credential, and the verifier, in the verification process, helping him to identify the issuer (legal person) behind his DID. By “crossing” the eIDAS Bridge, the verifiable credential is securely tested.

The new proposal for digital identity regulation is intended to identify the limitations present in eIDAS, improving the effectiveness of the framework and extending the benefits to the private sector.

The eIDAS SSI bridge assists the issuer in the process of signing a verifiable credential, and the verifier, in the verification process, helping him to identify the issuer (legal person) behind his DID. By “crossing” the eIDAS Bridge, the verifiable credential is securely tested.

A further element that enhances Self-Sovereign Identity as a new digital identity model is its relationship with the GDPR. In the 10 principles on which this new framework is based, number 9 is the concept of “data minimization”, which allows what is called “selective disclosure”: to show only the information requested by the SP.

A further element that enhances Self-Sovereign Identity as a new digital identity model is its relationship with the GDPR. In the 10 principles on which this new framework is based, number 9 is the concept of “data minimization”, which allows what is called “selective disclosure”: to show only the information requested by the SP.