Chapter 15. Verifiable Credentials

One of the primary duties of an identity system is to allow the transfer of trustworthy, authenticated information. When we log in, the information is minimal—often just a username and password—and the authentication itself is the point. Other times, the identity system may be transferring information like profile information or authorizations.

In Chapter 4 you learned about the identity metasystem and its properties. Recall that an identity metasystem is a system upon which identity systems can be built. The metasystem provides the infrastructure for the identity systems built on top of it so that they have an encapsulating protocol that provides a unified user experience. The metasystem should provide user choice for autonomy, privacy, and flexibility. Modularity and polycentrism (more commonly called decentralization) ensure that the metasystem isn’t controlled by a single organization. And because the information we need to recognize, remember, and respond to various entities is context-dependent and varies widely from one situation to the next, the metasystem must allow polymorphic data records (records that use different data schemas) to be defined.

Clearly, an identity system that is polycentric and polymorphic is much more flexible and capable than the traditional identity and access management (IAM) systems in use today, which provide only authentication and authorization services. But systems with the properties of the metasystem are ...