§ credential-schemas 0.1 Working Group Draft

Specification Status: Working Group draft (October 2024)

Latest Draft: identity.foundation/credential-schemas

Ratified Versions:

Editors:
Otto Mora - @ottomorac (Privado ID)
Adrian Field (One ID)
Kim Hamilton Duffy (DIF)
Participate:
GitHub repo
File a bug
Commit history

Except where otherwise noted, this work by the Decentralized Identity Foundation is licensed under CC BY 4.0.

§ Abstract

This specification defines multiple standards for common use case verifiable credentials including KYC (basic person), AML, among others.

§ Status of This Document

This is a draft specification being developed within the Decentralized Identity Foundation (DIF). Design work is ongoing, and participants are encouraged to open issues or otherwise contribute at the DIF-hosted github repository, whether as input to stable versions or as recommendations for future versions.

§ Terminology

Decentralized Identifiers
Unique ID URI string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).
Claim
An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.

§ Structure of this Document

§ Abstract Data Models

Abstract data model is a “Data template” that specifies which attributes a credential should contain. It includes the field names and types, as well as an indication of their interpretation and use. Abstract data model are fundamental in ensuring consistency and interoperability across differing verifiable credential formats in the market.

Abstract data model table representation

§ Formatting conventions:

Field names use “camelCase” and only the minimal fields are required, however required fields will be dependent on the implementer and use case.

Country codes use the ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC), this allows to accomodate use cases in which some countries are not fully recognized by the UN (example: Kosovo or Palestine) are represented with 3 letter codes in some standards such as ICAO Doc 9303.

§ Enumerations

Given that the enumeration fields (for example in the “Basic Person” schema for fields such as nameType, identifierType, addressType, contactChannelType) may not accommodate all possible values, implementers are allowed to substitute these enumeration strings with an object that includes the value and a “enumDefinition” field which points to a custom enumeration. If the field value is just a string then the default enumeration is assumed.

Please see below for an example of both possibilities.

Enumeration field where the default enumeration is assumed:

EXAMPLE

identifierType: “passport”

Enumeration field where a custom enumeration is used:

EXAMPLE

identifierType: { value: “digitalPassport”, enumDefinition: https://example.com/myPassportTypes }

§ Basic Person Schema

October 2024 - Specification Status: Working Group draft

§ Purpose:

The purpose of this credential schema specification is to define the fields required to identify an individual at a basic level for KYC purposes. The schema integrates fields from various standards including: Open ID Connect , Open ID for Identity Assurance , and EBSI for natural person. Harmonization and mapping of the fields was done to facilitate interoperability with these standards.

Use cases: Mainly for financial services, but can also be used in telecommunications, and any sector requiring identity verification for customer onboarding, transaction verification, and regulatory compliance, enabling streamlined and standardized data handling for KYC procedures.

NOTE

The schema excludes assurance levels and the verification process by which the data was obtained.

§ Basic Person Abstract Data Model

Property Description Type & Format Definition / Comments - IEEE Ontology PURL
id * Stores the DID of the subject that owns the credential string Definition: https://www.w3.org/TR/vc-data-model/#identifiers
issuanceDate * Issuance date of the credential string / date-time
expirationDate Expiration date credential string / date-time
names (array) * Names of the credential subject including legal name, name at birth (or maiden name), as well as nick names or stage names. Array Structured into an array of objects (see the definition of the Name object ).
dateOfBirth * Date of birth of the credential subject. string / date-time
addresses (array) Various addresses associated with the credential subject. Array Structured into an array of objects (see the definition of the Address object ).
sex Biological sex of the individual at birth. Allowed values: male, female. string
gender Gender that the credential subject identifies as. Some reference values (non-exhaustive list): male, female, transgender male, transgender female, non-binary…. string
nationalities (array) Credential subject’s nationalities. Expressed as an array of strings of the following: Array
nationality array items Nationality of the credential subject using ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC). string
identifiers (array / optional) Identifiers of the credential subject including government identifiers. Structured into an array of objects (see the definition of the Identifier object ).
contactChannels (array / optional) Contact channels of the credential subject including emails and phone numbers. Structured into an array of objects (see the definition of the Contact Channel object ).
customFields (array / optional) These are custom fields that can be issued by the credential issuer for any other field not accounted in the main schema. This is a free form array which can be utilized by the credential issuer. object The suggested usage is an array of objects containing “propertyName” and “propertyValue” on each entry.
NOTE

* = Required field

§ Name Object

The Name Object records the name(s) of the credential subject. The type of name is indicated by the nameType property. There must be at least one entry corresponding to the user’s legal name type “legalName”.

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
nameType Type of name, allowed values: legalName, birthName (names of the credential subject at birth also known as maiden name), alsoKnownAs (Stage name, religious name or any other type of alias/pseudonym with which a person is known in a specific context besides its legal name), otherName. At least one entry for legalName is required at a minimum. string / enumeration optional
firstName First name(s) or given names of the credential subject. string optional
familyName Family name(s) of the credential subject. string optional
middleName Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. string Also note that in some cultures, middle names are not used.
fullName End-User’s full legal name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User’s locale and preferences. string
title Title of the credential subject e.g., “Dr.” or “Sir” string
salutation Salutation of the credential subject e.g., “Mr.” or “Miss”. string
nameFromDate Start date at which this name was first used. This could be used to keep a history of various names used by the credential subject. string / date-time
nameToDate End date at which this name was used. This could be used to keep a history of various names used by the credential subject. string / date-time

§ Identifier Object

The Identifier Object records the identifier(s) of the credential subject. The type of identifier is indicated by the identifierType property. The object can record both government and non-government identifiers, however there must be at least one entry corresponding to the credential subject’s government identifier, this could be any form of government issued identifier such as passport, national id document, tax id, drivers license, or social service number (ssn, social issurance number, or health service id). The entry for the government identifier must be the unique government id or national identifier of the credential subject issued by that jurisdiction.

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
identifierType Type of identifier. For government identifiers the following is a list of allowed values: passport, nationalIdDocument, taxId, driversLicense, socialServiceNumber (ssn, social issurance number, or health service id). For non-government identifiers some reference values are the following (non-exhaustive list): employeeId, gymMembership, sportsClubMembership. string / enumeration required
identifierValue Identifier value (free form string value). string required
identifierIssuingEntity Name of the entity that issues the document with the identifer. This could be a government entity such as the drivers license department of a jurisdiction, or the immigration department of a given country. It could also be a non-government entity such as a sports club or gym. string required
issuingEntityCountry This is the country of the entity that issues the identifying document. It is a string representing the country in ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC). string optional

§ Address Object

The Address Object records the address(es) of the credential subject.The type of identifier is indicated by the addressType property. The object can record a variety of address types, however there must be at least one object entry corresponding to the credential subject’s place of birth (identified by the type “placeOfBirth”), the address defines the place where the credential subject is born. For the place of birth, not all fields in the object are required however the country code is mandatory.

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
addressType Type of address, allowed values: placeOfBirth, primaryAddress, homeAddress, businessAddress, mailingAddress, previousAddress. string / enumeration required
addressLine1 Address Line 1, usually the street address or major indication for the address. string optional
addressLine2 Address Line 2, with apartment or suite number or additional indications. string optional
locality locality: String representing city or locality component. string optional
region region: String representing state, province, prefecture, or region component. string optional
country Country: String representing country in ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC). string optional
postalCode Postal code (also known as postcode, post code, PIN or ZIP Code). string optional
unstructuredAddress Optional one line address field since not all addresses may be structured in the person’s KYC source information. string optional
addressFromDate Start date at which this address was first used. This could be used to keep a history of various addresses used by the credential subject string / date-time
addressToDate End date at which this address was last used. This could be used to keep a history of various addresses used by the credential subject string / date-time

§ Contact Channel Object

The Contact Channel Object records the various contact methods of the credential subject (email, phone, others). The type of contact channel is indicated by the contactChannelType property.

Depending on the type of contact channel some formatting rules apply:

NOTE

It is assumed that the credential issuer will have verified that the credential subject is in possession of the contact channel(s), the details of how this verification is done are outside the scope of this specification.

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
contactChannelType Type of contact channel allowed values (non-exhaustive list): personalEmail, workEmail, personalPhone, homePhone, workPhone, otherPhone. It could also include social media or other handles: facebook, linkedIn, x, github, farcaster, etc. string / enumeration required
contactIdentifier Idenfier used for the contact method. See requirements above about formatting rules for emails and phone numbers string required

§ Sample implementations of this schema standard

§ Proof of Age Schema

October 2024 - Specification Status: editors draft WORK IN PROGRESS

§ Purpose:

The objective is to generate a general purpose age schema which should allow for both “age estimation” (several assurance methods to be used) as well as “age verification”.

§ Usage Guidance

§ Batch Issuance

Some proof mechanisms rely on batch issuance to prevent re-use of subject identifiers, with the goal of reducing linkability. If using these schemas within such contexts, bear in mind that the subject id property may store different identifier values.

§ Appendix

§ JSON Schemas

§ Examples

§ References

JSON Schema
JSON Schema: A Media Type for Describing JSON Documents. A. Wright, H. Andrews, B. Hutton, G. Dennis. Status: 28 January 2020. Status: Internet-Draft.

§ Patent Policy

The Decentralized Identity Foundation has adopted the W3C Patent Policy (2004), as detailed below:

Table of Contents
undefined