Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 179 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A verifiable credential (VC) is a cryptographically secured digital credential that contains claims about a subject, issued by an issuer, held by a holder, and verifiable by any verifier without requiring access to the issuer at verification time.
A verifiable credential is a tamper-evident digital credential that represents information found in physical credentials (such as passports, licenses, or diplomas) as well as digital-native claims (such as bank account ownership or organizational roles). Verifiable credentials are cryptographically secured through digital signatures, enabling independent verification of their authenticity and integrity without requiring real-time communication with the issuing authority.
The W3C Verifiable Credentials Data Model defines three essential properties that distinguish verifiable credentials:
Within the KERI ecosystem, verifiable credentials are implemented through Authentic Chained Data Containers (ACDCs), which extend the W3C VC model with additional capabilities:
ACDC as Enhanced VCs: ACDCs function as verifiable credentials with KERI-specific enhancements including:
ACDC Structure: Verifiable credentials in KERI follow the ACDC format with top-level fields including version (v), SAID (d), issuer AID (i), registry identifier (ri), schema (s), attributes (a), edges (e), and rules (r). Each section can be disclosed in compact form (SAID only) or expanded form (full content).
Credential Lifecycle: Credentials are issued through IPEX grant messages, stored in holder wallets, and presented through IPEX admit/offer messages. The TEL tracks issuance and revocation events anchored to the issuer's KEL.
Verification Process: Verifiers must:
Privacy Considerations: ACDC credentials support multiple disclosure levels. Compact disclosure reveals only SAIDs, partial disclosure expands selected sections, selective disclosure unbundles individual attributes, and full disclosure reveals all content. The UUID field provides a salty nonce to prevent rainbow table attacks on compact credentials.
Issuance and Presentation: The IPEX (Issuance and Presentation Exchange) protocol provides a unified mechanism for both credential issuance and presentation, treating both as disclosure operations. This simplifies the credential lifecycle while maintaining strong security properties.
Registry Integration: Verifiable credentials in KERI are tracked through Transaction Event Logs (TELs), which anchor credential issuance and revocation states to the issuer's Key Event Log (KEL). This provides verifiable credential status without requiring centralized registries.
vLEI Implementation: The most mature production deployment of KERI-based verifiable credentials is GLEIF's vLEI (verifiable Legal Entity Identifier) system, which issues organizational identity credentials, role credentials, and authorization credentials in a hierarchical trust chain.
Three-Party Model: Verifiable credentials operate within the issuer-holder-verifier triangle, where:
Selective Disclosure: ACDC credentials support revealing only necessary attributes rather than entire credentials, using cryptographic commitments (SAIDs) to prove inclusion without exposing undisclosed data.
Credential Schemas: JSON Schema definitions specify the structure and required fields for credential types, with schemas themselves identified by SAIDs for immutability and verifiability.
Presentation Exchange: The process by which holders respond to verifier requests by generating cryptographic proofs of credential claims, potentially combining data from multiple credentials issued by different issuers.