In today's always online world, the Internet is indispensable. People, services and things are increasingly moving on line. But this brings new risks and new challenges. Our privacy is often compromised when web sites ask for too much identity information about us, or identity providers such as Google and Facebook track our every movement as we have to login to services via them. But do not worry. W3C Verifiable Credentials solve your privacy and security worries by allowing you to selectively disclose the identity attributes you wish to, whenever you wish to, and to whoever or whatever you wish to.
With W3C Verifiable Credentials
YOU ARE IN CONTROL OF YOUR IDENTITY
Communicating over the Internet is a bit like communicating in a dark room. You are not quite sure that the other people are who they say they are. With W3C Verifiable Credentials this all changes. Everybody and everything can possess their own W3C standard verifiable credentials, digitally signed by trusted authorities - the Issuers - so that recipients can verify the identity of the remote party that they are talking to.
With W3C Verifiable Credentials you can be sure you are making the right connection to the right person, web service, IoT device, or chat room occupant. Simply ask him/her/it to send you the identity attributes you require as one or more W3C Verifiable Credentials, with proof that he/she/it owns them, and your satisfaction is guaranteed. And don't worry, our use of standard W3C protocols and data structures provide you with the cryptographic proofs you need. Our software validates this on your behalf, so you don't need to.
The W3C Verifiable Credentials Data Model (https://www.w3.org/TR/verifiable-claims-data-model/ ) places the user at the centre of the identity ecosystem. Issuers issue VCs to users, who store them in their digital wallets on their devices. Users then contact web based or physical service providers (verifiers) who have protected resources, and are asked to provide the necessary verifiable identity attributes in order to gain privileged access to the resource.
By utilising the W3C Web Authentication protocol (FIDO2) (https://www.w3.org/TR/webauthn/ ) for strong authentication between the user, the user's device and the VC issuer, we eliminate the need for usernames and passwords. Users simply authenticate to their device using its inbuilt biometric authenticator, and the device authenticates to the VC issuer using the cryptographic keys of FIDO2.
By combining W3C Web Authentication with W3C Verifiable Credentials we get a really secure and privacy preserving identification and authorisation infrastructure.
FIDO2 is a decentralised key management system, where each device generates its own unique key pairs, one key pair for each VC Issuer you register with. This significantly simplies the VC ecosystem and reduces the Total Cost of Ownership. There is no need for distributed identifiers (DIDs) which are notoriously hard to use, or blockchains (DLTs) which are resource hungry, non-standardised and do not interwork.