Verifiable Credentials & SD-JWT

What it is

A Verifiable Credential (VC) is a cryptographically signed, tamper-evident digital credential following the W3C VC Data Model. The model has three roles: an issuer signs a credential, a holder keeps it in a wallet, and a verifier checks it, without having to call back to the issuer. SD-JWT (Selective Disclosure JWT) is the IETF token format increasingly used to carry these credentials.

How it works

• Issuer to holder: an authority issues a signed credential (for example a diploma or a proof of age) to the user's wallet.
• Holder to verifier: the user presents only what is needed. With selective disclosure, they can prove they are over 18 without revealing their birth date.
• Decentralized identifiers (DIDs) often anchor the keys, removing reliance on a central registry.

Status

The W3C published the VC Data Model 2.0 family as Recommendations in 2025. SD-JWT VC is an active IETF draft and is referenced by EU digital identity work. Adoption is accelerating through eIDAS 2.0 and the European Digital Identity Wallet.

Why it matters

VCs enable reusable identity: verify once, reuse many times, with the user in control of what they share. That promises to cut repeat KYC, reduce data collection, and improve privacy.

Pitfalls

• The ecosystem is still maturing; interoperability depends on shared profiles like OpenID for Verifiable Credentials.
• Revocation, wallet recovery, and trust frameworks are the hard parts, not the signing.

Related

Glossary: verifiable credential, SD-JWT, DID, eIDAS. Vendors: decentralized identity.