Credential verification
Overview
Credential verification is the process by which a verifier, such as a service or a platform, checks the validity of a digital credential presented by a holder. Verification includes the following checks:
- Identity assurance:
- Establish trust in the entity attesting the claims in the credential. This is achieved by resolving and validating the Issuerβs identifier.
- Check that the credential was issued by a trusted Issuer. This can be achieved by checking the Issuerβs identifier against a local or external list of trusted issuers.
- Information assurance:
- Establish trust in the integrity of the information included in the credential and that it has not been tampered with. This is achieved by verifying the credential digital signature (cryptographic trust).
- Ensuring the credential conforms to a referenced specification by validating its format and content against it (when applicable).
- Ensuring the information in the credential is currently valid - the credential is currently active, has not yet expired (when applicable), and has not been revoked (when applicable).
Verifying a credential does not include evaluating the truth of the claims encoded in the credential. Rather, verification only confirms that these are the same claims signed by the issuer, meaning the credential hasnβt been tampered with.
Verification channels
Different use cases call for different verification channels:
- In-person channels: Holders use their digital wallets to physically present digital credentials for verification by a self service kiosk or a human-operated device. For example, consider a driver using their digital wallet to present a mobile drivers license to a police officer, who uses a dedicated device to verify the presented credential.
- Online channels: Holders user their digital wallets to present digital credentials for verification as part of online interactions. For example, consider an on-line shopper using their digital wallet to present a mobile drivers license to prove their age when attempting to purchase age-restricted items.
You can use different MATTR VII, MATTR Pi and/or MATTR GO capabilities to verify different Credential formats based on your unique use-case:
- MATTR VII:
- In-person verification of CWT and Semantic CWT credentials.
- Online verification of JSON credentials.
- MATTR Pi:
- In-person verification of CWT and Semantic CWT credentials.
- In-person and Online verification of mDocs.
- MATTR GO:
- In-person verification of CWT and Semantic CWT credentials.
- In-person and Online verification of mDocs.
| Credential format | MATTR VII | MATTR Pi | MATTR GO |
|---|---|---|---|
| CWT credentials | β (In-person + Online) | β (In-person) | β (In-person) |
| Semantic CWT credentials | β (In-person + Online) | β (In-person) | β (In-person) |
| JSON credentials | β (Online) | ||
| mDocs | β (Online) | β (In-person + Online) | β (In-person + Online) |
Choosing the right platform and format for you depends on your use case, requirements, resources and implementation timelines. Contact usβ to discuss your options.