Guides

Overview

A digital passport. Verified once, usable everywhere.

Every business interaction with people on the internet has to answer the same 3 questions.

Who is this?

Says who?

Did they authorize this?

Today, every business answers them on its own. A customer fills out forms, uploads ID photos, waits for review, answers knowledge questions, and ends up with their personal information sitting in yet another database. Then they sign up for the next service and the whole thing starts over.

Same proofs, repeated, copied across dozens of databases the customer will never know about. Each one a target. Each one a gift to fraudsters and hackers. AI is here to steal it all.

Proof's Digital Credentials replace that with a digital passport. Verified once by Proof, the credential lives in the person's wallet. Any business can confirm it on its own, against Proof's public Certificate Authority, without calling Proof. The CA is operated under WebTrust audit, the same trust framework as the certificate authorities behind every HTTPS website.

Verify once. Use everywhere. A credential issued once can be relied on many times. The same construction that took card fraud from rampant to rare in the 1990s, applied to identity.

What a Digital Credential proves

A Digital Credential answers all three questions cryptographically, in one short message any business can verify. It discloses only what the moment calls for, and binds to a specific action so the answer is about that action and nothing else.

Verify Identity

Who is on the other end?

A Digital Credential proves identity for any flow that needs it: a returning customer presenting an existing credential, or a new customer being verified and issued one in the same interaction. The credential reveals only what the situation calls for: a name, a date of birth, an age threshold, a residency, an assurance level. See Verify Identity.

Sign Transactions

Did they authorize this?

A Digital Credential binds verified identity to any digital action a person consents to. The signature covers both the identity and the action, so any later change to the action invalidates the signature. Authorizing a payment, signing a contract, approving a high-value purchase, recovering an account, granting access to a record. See Sign Transactions.

Delegate Authority

Did they authorize someone else to act for them?

Authorization extends to delegation. A person can grant an agent (an AI assistant, a payment service, a person acting under a power of attorney) the right to act for them within a specific scope. The agent presents its own credential at the moment of action, with a verifiable chain back to the human who authorized it and the bounds of that authorization. See Delegate Authority.

How it works

A Digital Credential moves between three roles. Proof is the Issuer, which verifies a person's identity and issues the credential. The person is the Holder, who keeps the credential in their wallet and decides when to present it. The business is the Verifier, which receives the credential and confirms it is authentic.

Issuer-Holder-Verifier model

Proof issues every Digital Credential under a public Certificate Authority that operates under a published policy, on the same trust footing as the authorities behind every HTTPS website. Verifiers add the Proof Root CA to their trust store once and from then on can validate every Proof credential locally. The trust chain is short and verifiable offline. See Proof Certificate Authority.

Standards

Proof's Digital Credentials are built on open standards. A team that already verifies OpenID for Verifiable Presentations can verify Proof's, and a team that does not is one open-source library away. Proof is not a proprietary protocol.

  • OpenID for Verifiable Presentations (OID4VP) for presentation.
  • OpenID for Verifiable Credential Issuance (OID4VCI) for issuance.
  • SD-JWT VC for the credential format, on top of RFC 9901.
  • X.509 / RFC 5280 for the certificate chain.

See it in action

Try the live demo at demo.next.proof.com to see a Verifiable Presentation flow end to end.

The frontend powering that demo is open source. Developers can fork github.com/proof/verifier-vcp-demo to start integrating against the Proof API. See Integration for the full guide.

See also: Use Cases · Integration · Glossary

Updated 10 days ago