Credential formats
MATTR credential formats combine and evolve with the latest standards and technology stacks to make working with verifiable credentials seamless.
Selecting the right format for a solution depends on a number of factors, including but not limited to:
- The size of the payload.
- The need for biometric or other identity assurance capabilities.
- The cryptographic scheme used.
- The need for privacy-preserving features like selective disclosure.
- The primary method of issuance, presentation and verification.
Contact us if you need help deciding what credential format is right for your use case.
MATTR platforms currently support three primary credential formats:
CWT credentials
CWT credentials are best-suited for sharing authentic information simply. They carry a smaller payload and are optimized for presenting in-person, whether affixed to a physical document or item or displayed digitally on-screen.
Digital signatures ensure the authenticity of information included within the credential, however, do not include assurance about the person presenting the information. If identity assurance is needed, this can be done through attribute matching with an outside identity document.
Key architectures and technology stacks for CWT credentials:
- CBOR Web Token (CWT) data model.
- W3C Verifiable Credential (VC) JSON data model.
- NIST-approved
P-256
key types. - COSE digital signature encoding.
Learn more about CWT credentials.
JSON credentials
JSON credentials are digital-first credentials optimized for sharing over the web that contain rich data beyond text, such as images. They have the ability to include a semantic vocabulary, making them portable across contexts.
JSON credentials can be bound to a digital wallet to provide identity assurance for the person presenting the credential. They can also enable selective disclosure, meaning a user can choose to reveal only the information needed when sharing the credential, and conceal data that is unnecessary for that specific verifier.
Key architectures and technology stacks for JSON Credentials:
- W3C Verifiable Credential (VC) JSON-LD data model.
- Linked data proofs with semantic data.
ed25519
andbls12381g2
key types.- BBS signature suite.
Learn more about JSON credentials.
mDocs
mDocs are digital credentials based on the ISO/IEC 18013-5 standard and 18013-7 technical specification, designed to be stored on a holder’s mobile device. mDocs support a variety of advanced security features, making them an ideal choice for use cases requiring higher assurance identity credentials, such as driving licenses or national IDs.
mDocs verification workflows can be carried out over non-internet communication protocols such as BLE (facilitating in-person exchange and offline verification), or via online presentation channels (facilitating online presentation flows). Both these workflows support selective disclosure and enable authenticating the issuer, the holder, and the device the mDocs are presented from.
Key architectures and technology stacks for mDocs:
- Based on the ISO/IEC 18013-5:2021 standard and the 18013-7 technical specification.
- Use CBOR for object representation and COSE for signing and encryption.
- Use X.509 certificates for implementing chain of trust authentication workflows.
- ECDSA with P-256 (ES256) algorithm support for issuer and device authentication.
Learn more about mDocs.