A bespoke credential is a custom-created [ACDC](/concept/acdc) issued on-the-fly for specific disclosure scenarios, functioning as a self-referencing contract between a discloser (acting as issuer) and disclosee (acting as issuee) that attaches consent terms and usage restrictions to the presentation of other ACDCs.
Related Concepts
No related concepts available
Comprehensive Explanation
bespoke-credential
Process Definition
A bespoke credential represents a specialized application of ACDC (Authentic Chained Data Container) technology that transforms credential presentation from simple proof delivery into a negotiated exchange with built-in consent management. The term "bespoke" (meaning custom or tailor-made) emphasizes that these credentials are generated on-demand to serve specific presentation contexts rather than being pre-issued standard credentials.
The process accomplishes several critical objectives:
Contractual Binding: Creates a verifiable agreement between parties about how disclosed information may be used
Context-Specific Authorization: Enables granular control over information usage through purpose-bound data sharing
Privacy Preservation: Implements graduated disclosure where structure is revealed before content
Consent Management: Requires explicit agreement to terms before information access
Bespoke credentials are used when a controller needs to disclose information from existing ACDCs while enforcing specific usage restrictions, time limitations, or single-use constraints. This is particularly valuable for high-stakes disclosures where the discloser requires contractual assurance about how their information will be handled.
Key Participants
The bespoke credential process involves a role transformation from traditional credential issuance:
Discloser: Acts as the issuer of the bespoke credential, creating the custom contract
Implementation Notes
Implementation Guidance
Compact ACDC Generation
When creating the compact form of a bespoke credential:
Generate SAIDs for Sections: Compute SAIDs for attribute and edge sections before creating compact form
Preserve Rule Section: The rule section should be fully disclosed in compact form so disclosee can review terms
Maintain Cryptographic Binding: Ensure the compact ACDC's SAID commits to the full structure
Version Compatibility: Use appropriate ACDC version string (e.g., "ACDC10JSON000197_")
Signature Collection
Implement robust signature collection:
Present Compact Form: Show disclosee the complete compact ACDC including all rules
Require Explicit Consent: Don't proceed without valid signature on compact form
Verify Signature: Cryptographically verify disclosee signature before content disclosure
Timestamp Signatures: Include timestamp in signature to prove when agreement occurred
Store Signature: Maintain non-repudiable record of signed compact form
Content Disclosure
After signature verification:
Expand Compact Form: Replace SAIDs with actual attribute and edge values
Verify Integrity: Confirm expanded values hash to the SAIDs in compact form
Maintain Binding: Ensure disclosee's signature remains valid for expanded form
Audit Trail: Log the disclosure event with timestamp and parties involved
Rule Enforcement
Implementing usage restrictions:
Single-Use Credentials: Immediately revoke after use via TEL
Purpose Limitation: Include machine-readable purpose codes in rule section
Violation Detection: Monitor for unauthorized reuse or correlation
Integration with KERI Infrastructure
KEL Anchoring: Anchor bespoke credential issuance events in issuer's KEL
Disclosee: Acts as the issuee, receiving and agreeing to the disclosure terms
Verifier: May be the same entity as the disclosee, requesting specific information
Referenced ACDCs: The underlying credentials being disclosed through the bespoke wrapper
Process Flow
The bespoke credential exchange follows a carefully orchestrated multi-step sequence that ensures both parties understand and agree to terms before information is disclosed:
Step 1: Verification Request
The process begins when a verifier communicates their information requirements. This request specifies:
What attributes or claims are needed
The purpose for which the information will be used
This initial request establishes the scope and purpose of the disclosure, which will be encoded into the bespoke credential's rule section.
Step 2: Dataset Creation and Structure Publication
The discloser creates the dataset and publishes only the structure and field definitions, not the actual content values. This leverages compact disclosure mechanisms where:
Field names and schema are revealed
SAIDs (Self-Addressing Identifiers) of field values are included
Actual data values remain hidden
The cryptographic structure is fully verifiable
This step allows the disclosee to understand what information will be shared and in what format, without yet accessing the sensitive data itself.
Step 3: Compact ACDC Issuance
A compact ACDC is issued that reveals the credential schema but not the data values. This compact form includes:
Rule Section: Contains context-specific clauses such as:
Anti-assimilation provisions: Limit information usage to specific purposes
Single-use restrictions: Prevent reuse of disclosed information
Time-bound constraints: Define validity periods
Purpose limitations: Specify allowed uses of the data
Edge Section: References other ACDCs through edges:
Links to supporting credentials (e.g., coupons, gift cards)
The compact form uses SAIDs as placeholders for actual attribute values, maintaining cryptographic verifiability while preserving privacy.
Step 4: Signature Collection
The issuer (discloser) requests the disclosee to sign the on-the-fly contract before receiving the actual content. This signature represents:
Explicit agreement to the usage terms in the rule section
Acknowledgment of the anti-assimilation clauses
Commitment to purpose-limited use of the information
Acceptance of any time or context constraints
This step is critical because it creates a non-repudiable record of consent before sensitive information is disclosed. The signature is cryptographically bound to the compact ACDC structure, ensuring the disclosee cannot later claim ignorance of the terms.
Step 5: Content Disclosure
After the disclosee signs acceptance of the terms, they receive the actual content associated with the contract. This full disclosure transforms the compact ACDC into a complete credential by:
Enabling verification of the complete credential chain
Maintaining the cryptographic binding to the signed terms
The disclosee can now verify that the disclosed content matches the structure they agreed to, and the discloser has cryptographic proof that the disclosee accepted the usage terms before receiving the information.
Technical Requirements
Cryptographic Requirements
Bespoke credentials must satisfy several cryptographic properties:
SAID Integrity: All field values must have verifiable self-addressing identifiers
Signature Verification: Both discloser and disclosee signatures must be cryptographically valid
Chain Integrity: Edges to referenced ACDCs must maintain cryptographic links
Non-repudiation: Signatures must provide non-repudiable proof of agreement
Attributes: Date, time, party size, reservation details
Process: Restaurant signs agreement to terms, then receives proof of payment
This scenario illustrates how bespoke credentials enable single-use disclosures where the verifier must agree not to retain or reuse the information beyond the immediate transaction.
High-Stakes Credential Presentation: When presenting sensitive credentials:
Professional licenses with usage restrictions
Financial credentials with confidentiality requirements
Health records with HIPAA-compliant usage terms
Government-issued credentials with legal constraints
Consent-Based Data Sharing: For privacy-preserving exchanges:
Jurisdiction-Specific Terms: Compliance with local regulations
Data Protection Requirements: GDPR, CCPA, or other privacy law compliance
Industry Standards: Sector-specific usage restrictions
The bespoke credential pattern represents a sophisticated application of ACDC technology that transforms credential presentation into a negotiated, consent-based exchange with cryptographically enforceable terms. By leveraging existing KERI infrastructure while adding contractual layers, bespoke credentials enable privacy-preserving, purpose-bound data sharing that meets the requirements of high-stakes, regulated environments.
Witness Receipts: Collect witness receipts for non-repudiation
OOBI Discovery: Use OOBIs for disclosee identifier discovery
CESR Encoding: Encode all primitives in CESR for interoperability
Error Handling
Signature Rejection: If disclosee refuses to sign, abort disclosure and log refusal
Verification Failure: If SAIDs don't match expanded content, reject and alert
Timeout Handling: Implement timeouts for signature collection phase
Revocation Checking: Verify referenced ACDCs haven't been revoked before disclosure
Security Considerations
Key Management: Protect discloser's signing keys used for bespoke credential issuance
Replay Prevention: Include nonces or timestamps to prevent replay attacks
Side-Channel Protection: Avoid leaking information through timing or error messages
Audit Logging: Maintain comprehensive logs of all bespoke credential operations
Performance Optimization
SAID Caching: Cache computed SAIDs to avoid recomputation
Signature Batching: When possible, batch signature operations
Streaming Support: Use CESR streaming for large credential sets
Lazy Expansion: Only expand compact form after signature verification
Testing Recommendations
Signature Verification: Test with invalid signatures to ensure rejection
SAID Integrity: Test with modified content to verify SAID mismatch detection
Rule Enforcement: Test that usage restrictions are properly enforced
Revocation: Test automatic revocation for single-use credentials
Interoperability: Test with multiple ACDC implementations