This article describes the benefits of the OpenID4VC standard and provides insight into its development and incubation within the IDunion project.
OpenID for Verifiable Credentials (OpenID4VC) is a suite of standards for issuing and using digital credentials in online scenarios. IDunion has tested the suite and contributed to its evolution since 2021. Today, the standards have already found their way into products on a global scale.
In June 2022, the OpenID Connect Working Group as part of the OpenID Foundation published a whitepaper detailing the usage of verifiable credentials in combination with the OpenID Connect communication protocol. In the document, the lead editors Kristina Yasuda, Torsten Lodderstedt, David Chadwick, Kenichi Nakamura and Jo Vercammen describe how trust will shift with increased control for end users, by putting them in the centre of the exchange between the verifier and the credential issuer.
The whitepaper further describes what use cases OpenID4VC can be used for, such as employee onboarding, entitlement management, driver licences (mDL) or SMART health cards. The variety of scenarios illustrate the flexibility regarding the used credential standards as well as the issuer-verifier relationship.
Benefits of using the OpenID4VC specification family as a credential transport protocol:
- Existing mass adoption of the OpenID Connect Standard with existing Single sign-on solutions (“Sign in with … ”)
- Developers of decentralised identity applications benefit from the proven simplicity and security of OAuth and OpenID
- Implementation flexibility of other components including identifier types, credential formats, revocation schemes, crypto suites, trust mechanism etc.
- Incubation in a well known and recognized standardisation organisation.
The first time an implementation of the standard was demonstrated to the public was in 2021 when yes.com and Lissi did a prototypical implementation to enable a passwordless authentication to Nextcloud with verifiable credentials and demonstrated it at the European Cloud Identity Conference 2021. The implementation is based on Hyperledger Indy, using Anoncreds within the Lissi Wallet.
Recently, gematik’s Futurelab built a prototype based on Hyperledger Aries Cloud Agent Python, which they extended to support Verifiable Presentation Exchange over HTTP and OpenID for Verifiable Presentations. The concept was presented to the public in April 2022 at the Internet Identity Workshop. Their proof of concept uses W3C Verifiable Credentials and allows for multi-format credential requests, ultimately making it easier for Relying Parties to ask for a credential without being aware of the format it was issued in. Further the concept demonstrated holder binding using a JWS.
Torsten Lodderstedt from yes.com and Kristina Yasuda from Microsoft presented a summary of the standard at the same Internet Identity Workshop in April 2022. Videos of a demonstration of the user flow (on device / cross device) are also available.
The implementation was done as part of the IDunion Research Project. We are especially proud that OpenID for Verifiable Credentials has found its way into the Architecture Reference Framework (ARF) as part of the revision of the eIDAS regulation to create a European digital identity ecosystem. Currently the IDunion partners are developing the Tech-Stack 2.0 including OpenID4VC as communication protocol and SD-JWT as credential format to ensure alignment with the eIDAS Regulation.
The IDunion research project builds an ecosystem for trusted identity credentials. The project is fostered by the Ministry of Economics Affairs and Climate Action of Germany and comprises more than 60 organisations. Recently a European Cooperative (IDunion SCE) has been founded as a governance entity.
yes.com operates an Open Banking Ecosystem, where bank customers can use their identity data and login credentials with their financial institution to authenticate, identify themselves with 3rd parties, digitally sign with Qualified Electronic Signatures according to eIDAS and pay.
Gematik is the German national agency for the digitalisation of the healthcare system. It develops the concept for the telematics infrastructure as an all-encompassing and secure data room, setting the standards for the use of this data room, and coordinating its reliable operation and establishment in line with market requirements.
Lissi provides convenient applications for companies and organisations to receive, organise and share trusted data from end users while respecting privacy and data sovereignty. This includes the Lissi Wallet as well as the Lissi Agent.