Verifiable credentials

They have numerous advantages over physical credentials, most notably that they're digitally signed, which makes them tamper-resistant and instantaneously verifiable.

The W3C VC model parallels physical credentials: the user holds cards and can present them to anyone at any time without informing or requiring the permission of the card issuer.

This contrasts with the federated identity management (FIM) model, as adopted by SAML and OpenID Connect, which place the identity provider (IdP) in the central role as the dispenser of identity attributes and the determiner of which Service Providers (SPs) it will give them to.

Consequently, the @context property allows short-form, user-friendly aliases to be defined for each URI.

It is expected that most users will hold their own VCs, i.e., the holder and the subject will be the same entity.

The security of verifiable credentials in the context of COVID-19 vaccination and test certificates has been questioned.

[11] Some have likened anyone being able to issue a verifiable credential being like a shop clerk deciding if they should accept an out-of-state license as proof of age when purchasing alcohol.

The holder of a verifiable credential operates in a triangle of trust, mediating between issuer and verifier. The issuer and holder trust each other, the holder trusts the verifier, and the verifier trusts the issuer. Any role in the triangle can be played by a person, an institution, or an IoT device.