Verifiable credentials mature with product launches, implementations
The uptake of verifiable credentials is proceeding at an impressive clip, with systems for applications adopting the W3C standard ranging from national digital identity to improving logistics efficiency.
The standard itself also continues to mature.
W3C is seeking implementation feedback on an updated data model for VCs. Verifiable Credentials Data Model 2.0 has been released as a candidate recommendation draft. Comments on the work in progress are welcome at any time.
A timeline for potential advancement to a proposed recommendation has not been provided.
MOSIP discusses the evolution of digital trust, and the shift from centralized trust models based on Public Key Infrastructure (PKI) to decentralized trust frameworks with protocols like verifiable credentials in a technical article on its website.
Trust issuer chains provide a framework for secure digital identities in a range of use cases, MOSIP Head of Engineering Sasikumar Ganesan writes, even beyond government oversight. He provides the example of a large corporation issuing its own verifiable credentials, independently, to employees to bestow privileges.
From national ID to port clearance
Australia will test verifiable credentials stored in a digital wallet as a means of identity verification in collaboration with Commonwealth Bank of Australia, the Australian Financial Review reports. The article cites a preview of a speech by Government Services Minister Bill Shorten, whose Services Australia agency will conduct the proof of concept.
The PoC is intended to cut down on the volume of personal data accessed and stored by businesses, and will also involve a doctor’s office in Queensland.
The consideration of VCs is part of Australia’s twin push to establish digital ID and improve online safety.
Barbados Port Inc., which operates the Port of Bridgetown, has integrated verifiable credentials with its Maritime Single Window to expedite vessel clearance, with the help of Dock.
VCs will be used for both the arrival and departure of ships, of which the port serves more than 1,100 every year, according to the company announcement. The process was previously paper-based, and switching to verifiable credentials not only speeds up the process through digitization but protects cryptographically against tampering.
OID4VCI from Authlete, enterprise authentication from Indicio
Authlete has launched version 3.0 of its platform, with support for OpenID for Verifiable Credential Issuance (OID4VCI).
The addition allows organizations to issue interoperable verifiable credentials compliant with OID4VCI, including mobile driver’s licenses (mDLs).
The company says in the announcement that its support for credentials in SD-JWT VC and mdoc/mDL formats based on OID4VCI has been utilized successfully in the EUDI Wallet Potential project, Japan’s Trusted Web Initiative and the GAIN PoC.
Additional Authlete 3.0 features include multi-factor authentication (MFA) and the ability to select between server locations from the dashboard.
Authlete also commissioned a white paper providing “Guidance on Implementing Verifiable Credential Issuance” by KuppingerCole, which was released last week.
Indicio has launched software enabling organizations to deploy verifiable credentials to strengthen identity and access management (IAM) with passwordless single sign-on (SSO).
The new Proven Auth enhances security with phishing and fraud resistance, avoids concerns around tracking by centralized, third-party identity providers and downtime for federated identity providers, and supports a zero-trust architecture, according to the announcement. Indicio also argues that verifiable credentials are more powerful than passkeys because they do not require enrollment, and can hold contextually useful information.
“Proven Auth is a major leap forward in simplifying SSO while delivering more powerful authentication, security, and better user-experience,” says Heather C. Dahl, CEO, Indicio. “With Proven Auth, you don’t just get all the benefits of moving to passwordless login, you get technology that removes unnecessary complexity and expense from identity and access management, while, at the same time, allowing you to do much more. It’s seamless, secure authentication plus the power to configure a Verifiable Credential to store all kinds of useful information and to manage information flows. It’s next gen digital identity and it gives you powerful leverage in a world rapidly turning towards decentralized identity and verifiable claims, whether the European Union with eIDAS and EUDI, the travel industry with Digital Travel Credentials, or mobile driver’s licenses (MDL).
Article Topics
Authlete | digital identity | Dock | Indicio | MOSIP (Modular Open Source Identity Platform) | OID4VCI | verifiable credentials | W3C
Comments