Three and a half Roses

Verifiable Claims: distributed proof of one or more capabilities

What is it?

The official definition from the W3C Credentials Community Group is: A statement made by an entity about a subject; A verifiable claim is a claim that is effectively tamper-proof and whose authorship can be cryptographically verified. Multiple claims may be bundled together into a set of claims.

The (somewhat unspoken) fact is that claims can be distributed and do not require a centralized system, because their verification is a matter of cryptographically verifying them. That is, you don’t need a central server to be up-and-running and accessible at all times for you to be able to verify the claim. This makes the system very sturdy.

Also, the creation of claims is delegated to the issuers, making it even a more distributed system.

What is it good for?

Verifiable claims use cases

Other interesting examples include: proving you’re old enough to (buy a) drink, proving you have the required driver’s license when renting a car.

There’s a complete description of the use cases on the W3C github.

Who are the actors/players?

In order for this to work, you’ll need the following actors:

Issuer An entity that creates a verifiable claim, associates it with a particular subject, and transmits it to a holder. This can be -for example-

  • a bank (certifying account ownership), or
  • a doctor (certifying that you have a certain ailment), or
  • a government certifying your identity or your birth certificate
  • a school certifying you’ve successfully achieved a certain degree
Holder An entity that is in control of one or more verifiable claims. This is typically the subject of the claims. But it can also be a third party that holds on to the claims on behalf of the subject.
Claim A statement made by an entity about a subject and that is tamper-proof and whose authorship can be cryptographically verified. This means that

  1. when someone fiddles with a claim, this can be detected; rendering the claim useless
  2. but also that when someone tries to counterfeit one this is detectable; also rendering the claim useless

Say that you create a claim that you’ve obtained a degree at the University of Ghent (UoG). Since the claim won’t have been signed with the private (& secret) key of the UoG, the claims digital signature will be incorrect and others will detect this.
Inspector-Verifier An entity that receives one or more verifiable claims for processing. Examples of inspector-verifiers include employers, security personnel, car rental services, and websites.
Identifier Registry Mediates the creation and verification of subject identifiers. Examples of identifier registries include corporate employee databases, government ID databases, and distributed ledgers.

In the next post we’ll go into how to implement this…

,

Posted by:

Patrice

Mobilista and Software Architect, with a penchant for Big Data and many many other things in life. This is a list of ramblings that may or may not be interesting to other people. Enjoy!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Me

I’m an enterprise architect and have been passionate about Mobile and Architecture for years.

Many years I’ve been designing Mobile apps and back-ends.  Now I’m looking into the next shift: Big Data and Cloud and AI.  Combined with Mobile this is bound to give interesting architectural challenges.

Recent Posts