Context
Within the EBSI ecosystem, Verifiable Credentials (VCs) and Verifiable Presentations (VPs) are fundamental components. They set the standard for all digital documents, enhancing efficiency, interoperability and readability. The EBSI VC and VP data models are built upon the World Wide Web Consortium (W3C) Verifiable Credentials, which define a standardised method for digitally presenting credentials on the internet. This page is the starting point for all VC and VP related information in the EBSI Verifiable Credentials Framework.
Data Models and Schemas
EBSI VCs build upon the W3C Verifiable Credential Data Model (VCDM). EBSI provides JSON Schema-based definitions and type extensions compatible with the VCDM. Additionally, Issuers are able to define their own VC Schemas and register them in the EBSI Trusted Schemas Registry (TSR). Once accredited by a Trusted Accreditation Organisation (TAO), Issuers are authorised to issue only VCs according to specific registered schemas. Different parties can fetch these schemas in order to validate VCs. Learn more about EBSI data models and schemas here.
DID Methods
Decentralised identifiers (DIDs) are unique alphanumeric strings generated by their owners using digital wallets or back-office systems. They play a crucial role in verifying the authenticity of Issuers and Holders within the VC ecosystem. EBSI employs two distinct methods for generating and storing DIDs. The selection of the DID method is determined by the user's type (Legal Entity or Natural Person) and their respective privacy requirements.
Legal Entities use the DID method specification V1 did:ebsi
, registering their DIDs in the EBSI DID Registry (DIDR). This method makes the associated DID documents publicly accessible to Verifiers of VCs via EBSI's ledger.
In contrast, Natural Persons use the DID method specification V2 did:key
, which encodes the user's public key within the DID and complies with General Data Protection Regulation (GDPR) requirements. DIDs using the did:key
method are not registered in the EBSI DID Registry; however, they attain verifiability through the inclusion of the user's encoded public key. Read more about EBSI DID Methods here.
E-signing and e-sealing
E-signing and e-sealing define how Natural Persons and Legal Entities can digitally sign VCs and VPs. Electronic signatures and seals are important components of EBSI's Trust Model as they guarantee the origin, authenticity and integrity of the signed information. Read more about how e-signing and e-sealing is applied in EBSI here.
Trust Model
The core value proposition of EBSI is to instil trust among the various entities within the VC ecosystem. For this purpose, EBSI's Trust Model (pictured below) enables the verification of VCs using both the DID registry (DIDR) and Trusted Issuers Registry (TIR). Together, these registries provide information about public issuers of VCs, including their relationships and accreditations. For further insights into EBSI's Trust Model, you can find additional information here.
Credential Status Framework
Depending on the specific VC use case, it is sometimes crucial to obtain up-to-date information about the revocation status of a credential. EBSI supports various methods for presenting and publishing VC status information. These methods can be employed based on use-case specific requirements, such as the desired level of privacy between different actors. Learn more about EBSI Credential Status Framework here.
VC and VP lifecycle
EBSI's VC and VP lifecycle is summarised in the table below. The table also presents distinctions from W3C's corresponding lifecycle.
Step | EBSI's VC and VP lifecycle | W3C's VC and VP lifecycle | Guidelines for EBSI |
---|---|---|---|
1 | Registration and onboarding of different actors (Legal Entity as Trusted Issuer or Verifier, Natural Person as Holder). | Out of scope. | How to onboard in a Trust Chain |
2 | Credential Issuance for Issuers and Holders. Storage of Verifiable Credentials for Holders | Issuance of one or more Verifiable Credentials. Storage of Verifiable Credentials in a credential repository, e.g., digital wallet. | How to issue Verifiable Credentials and EBSI Wallet Conformance Testing |
3 | Presentation Exchange for Holders and Verifiers | Composition of Verifiable Credentials into Verifiable Presentation. Exchange of Verifiable Presentation and its verification by the Verifier. | How to share Verifiable Presentations |
4 | Managing schemas of data models in TSR | Out of scope. | Data Models and Trusted Schemas Registry API |
APIs Relevant to the VC Lifecycle
EBSI developed several APIs for interaction with the EBSI blockchain, data registries and smart contracts. Each API serves its specific role and is used by different actors. The following APIs are used in the EBSI VC and VP lifecycle today:
- Trusted Issuers Registry (TIR)
- Trusted Schemas Registry (TSR)
- DID Registry (DIDR)
The table below summarises the APIs used in VC and VP lifecycle.
Action | API | Actor | Documentation |
---|---|---|---|
Legal Entity registration | DIDR | Issuer | DIDR API |
Issuer registration | TIR | Issuer | TIR API |
Issuer verification | TIR | Holder, Verifier | TIR API |
Schema registration | TSR | Issuer | TSR API |
Schema verification | TSR | Issuer, Holder, Verifier | TSR API |
Issuer accreditation | TIR | Issuer | TIR API |