DocsCredential lifecycle

Credential lifecycle

Introduction

Understanding the credential lifecycle is key to building secure and privacy-preserving digital credential solutions. This page provides an overview of the lifecycle from the perspectives of the three key roles—Issuer, Holder, and Verifier—illustrated through a detailed diagram.

Each stage, from credential issuance to verification and potential revocation, is explained in the context of MATTR’s platforms and capabilities. Whether you’re issuing credentials, using them as a holder or verifying their authenticity as a verifier, this guide will help you navigate the process with MATTR’s capabilities.

Credential lifecycle

Credential lifecycle

Issuers

The entity that owns or manages a registry of information about specific holders or objects. Issuers create, sign, and distribute digital credentials based on this data, ensuring its accuracy and trustworthiness within the ecosystem.

Issuers take part in the following lifecycle steps:

  • Create a credential template: Define the structure and data fields (schema), cryptographic signatures, validity period and rules for a credential.
  • Issue a credential: The issuer generates and signs the credential based on the predefined template. The credential is signed with the issuer’s private key to ensure its authenticity.
    • Direct issuance: The issuer directly sends a credential to a specific holder. Direct issuance is currently only supported for JSON credentials. Support for direct issuance of mDocs is on the product roadmap.
    • Credential offer: The issuer provides an offer that the holder must review and accept before receiving the credential, as per the OpenID for Verifiable Credential Issuance (OID4VCI) workflow.
  • Update a credential: Update credential data when needed, such as updating specific claims with new information or revoking it altogether.

Issuance capabilities are provided by the MATTR VII platform, and can be embedded using either the Self Service Portal or interacting with the API directly.

Holders

The individual or organization that receives, stores and uses digital credentials. Holders control when and how their credentials are shared while maintaining privacy and security.

Holders take part in the following lifecycle steps:

  • Collect a credential: Accept a credential from an issuer and store it in a secure digital wallet. The holder controls the credential and decides when to present it and to whom.
  • Delete a credential: Remove a credential from the wallet when it is no longer needed.
  • Present a credential: Share credential data with a verifier to prove a specific claim (e.g. driving privileges, age, education qualification). Some credential formats (mDocs, JSON) enable the holder to share only the requested information to maintain privacy (for example, proving you are over 18 without sharing your actual date of birth or home address).

Holding capabilities are available via both MATTR Pi and MATTR GO:

Verifiers

The party that requests and checks digital credentials to confirm their authenticity and validity. Verifiers rely on cryptographic proof to ensure the credentials come from a trusted issuer and haven’t been tampered with. Also known as Relying parties.

Verifiers take part in the following lifecycle steps:

  • Verify a credential: The verifier checks the validity of the presented credential, its status (e.g. hasn’t expired or been revoked) and the issuer’s digital signature.
    • In-person: Verify the credential face-to-face, often scanning a QR code or using a secure reader.
    • Online: Verify the credential remotely using cryptographic proofs to ensure authenticity and integrity.

Verification capabilities are available across all MATTR platforms:

  • In-person verification:
    • MATTR Pi offers React Native, iOS and Android SDKs to embed in-person verification capabilities into new or existing apps.
    • MATTR GO offers a white-label holder app to take the complexity away by relying on MATTR market-leading features and flows.
  • Online verification:
PlatformsOverview