Guides

Verifiable Credential Types

Proof issues the ProofCredentialV1 Verifiable Credential. The authoritative description can be found in the OpenID4VCI issuer metadata at https://api.proof.com/.well-known/openid-credential-issuer.

Issuer metadata

The metadata contains endpoints to interact with Verifiable Credential API and the definitions of the Verifiable Credentials Proof issues.

{
  "credential_issuer": "https://api.proof.com",
  "credential_endpoint": "https://api.proof.com/verifiable-credentials/v1/issuance/credential",
  "nonce_endpoint": "https://api.proof.com/verifiable-credentials/v1/issuance/nonce",
  "token_endpoint": "https://api.proof.com/verifiable-credentials/v1/issuance/token",
  "jwks_uri": "https://api.proof.com/openid-connect/jwks",
  "credential_configurations_supported": {
    "ProofCredentialV1": {
      "format": "dc+sd-jwt",
      "vct": "https://credentials.notarize.com/ProofCredentialV1",
      "credential_signing_alg_values_supported": ["ES256"],
      "cryptographic_binding_methods_supported": ["jwk"]
    }
  }
}

ProofCredentialV1

The standard Proof identity credential, issued to every verified Holder.

  • Format: SD-JWT VC.
  • Type identifier (vct): https://credentials.notarize.com/ProofCredentialV1. A stable string, not intended to be dereferenced. Verifiers compare it as an opaque value.
  • Signing algorithm: ES256. The credential is signed by an ECDSA P-256 key whose public form is published in Proof's JWKS. The signing key's certificate chain (x5c) terminates at the Proof Root CA R1. See Proof Certificate Authority.
  • Holder key binding: jwk. The Holder's public key is bound into the credential at issuance and used to sign the Key Binding JWT on every presentation.

Claims

ProofCredentialV1 carries the following selectively-disclosable claims. A Verifier requests claims via OID4VP scopes; see Verify a Credential for the scope catalog.

  • First Name (given_name): the Holder's given name as it appears on the verified identity document. String.
  • Last Name (family_name): the Holder's family name as it appears on the verified identity document. String.
  • Date of Birth (birthdate): the Holder's date of birth in ISO 8601 format (YYYY-MM-DD). String.
  • Age over 18 (age_is_over.18): a boolean confirming the Holder is 18 or older. Lets a Verifier confirm an age threshold without learning the date of birth.
  • Age over 21 (age_is_over.21): a boolean confirming the Holder is 21 or older.
  • Age over 65 (age_is_over.65): a boolean confirming the Holder is 65 or older.

🚧 In development

The following claims are coming to ProofCredentialV1.

  • Email (email): the Holder's email address. String.
  • Address (address): the Holder's postal address. JSON object.
  • Phone Number (phone_number): the Holder's phone number in E.164 format. String.
  • Nationality (nationality): the Holder's nationality as a two-letter country code (ISO 3166-1 alpha-2). String.
  • Identity Assurance Level (ial): the assurance level the credential was issued at. String.
  • Authenticator Assurance Level (aal): the authenticator assurance level used at presentation time. String.
  • Sanction Screening (sanction_screening): the result of sanction screening performed on the Holder. JSON object.

Decoded sample

For the structure of the SD-JWT VC issued for ProofCredentialV1 (issuer-signed JWT, disclosures, Key Binding JWT), see SD-JWT VC Format.

See also: SD-JWT VC Format · Verify a Credential · Proof Certificate Authority

Updated about 2 hours ago