Technical specifications, implementation patterns, and real-world use cases for W3C Verifiable Credentials. From issuance to revocation, learn how VCs work in production.
A Verifiable Credential (VC) is a tamper-evident, cryptographically verifiable digital credential. Unlike physical credentials or simple digital documents (PDFs), VCs include cryptographic proofs — signatures from the issuer that can be verified independently without contacting the issuer.
The W3C Verifiable Credentials Data Model (VCDM) is the canonical standard. A VC contains claims about a subject (e.g., "over 18", "license to drive", "employee ID"), alongside metadata about the issuer, validity period, and cryptographic proof.
| Format | Encoding | Selective Disclosure | Zero-Knowledge | Best For |
|---|---|---|---|---|
| JWT-VC | Base64-encoded JSON | No (full credential) | No | Simple issuance, enterprise |
| SD-JWT | Selective Disclosure JWT | Yes (per-claim hashes) | No | Selective disclosure without ZK |
| ISO mDoc | CBOR | Yes (per-element) | Partial | Mobile driving licenses |
| AnonCreds | JSON | Yes | Yes | Privacy-critical government |
{
"@context": [
"https://www.w3.org/ns/credentials/v2",
"https://www.w3.org/ns/credentials/examples/v2"
],
"id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
"type": ["VerifiableCredential", "IdentityCredential"],
"issuer": "did:polygon:0x1234...5678",
"validFrom": "2025-01-01T00:00:00Z",
"validUntil": "2028-01-01T00:00:00Z",
"credentialSubject": {
"id": "did:polygon:0xabcd...ef01",
"givenName": "Jane",
"familyName": "Citizen",
"dateOfBirth": "1990-06-15",
"nationality": "BT"
},
"credentialStatus": {
"id": "https://registry.example.com/status/123",
"type": "StatusList2021Entry"
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2025-01-01T00:00:00Z",
"verificationMethod": "did:polygon:0x1234...5678#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z3cxb5..."
}
} W3C VCDM v2 example — a foundational identity credential with selective disclosure support and revocation status.
The W3C standard for credential revocation uses a bitstring list. Each credential is assigned an index in a status list. The issuer updates the bit at that index to revoke. Verifiers check the list without learning which other credentials are revoked.
Zero-knowledge friendly revocation using cryptographic accumulators. Used with AnonCreds. Supports privacy-preserving revocation checks without revealing the credential's position in a list.
The issuer's DID document can advertise revocation endpoints or deactivate the DID key used for issuance. Simple but lacks granularity — affects all credentials from that issuer key.
We use analytics tools to understand how our website is used and improve your experience. This may involve the processing of your personal data, including your IP address and browsing behavior. You can choose to accept or reject this processing. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. For more details, please read our Privacy Policy.
By accepting, you consent to the processing of your personal data for analytics purposes as described above. You may withdraw consent at any time by clicking the preference icon in the footer.