§ credential-schemas 0.1 Editor’s Draft

Specification Status: Pre-Draft

Latest Draft: identity.foundation/credential-schemas

Ratified Versions:

Editors: ~

Participate:
GitHub repo
File a bug
Commit history

Except where otherwise noted, this work by the Decentralized Identity Foundation is licensed under CC BY 4.0.

§ Abstract

§ Status of This Document

This is a draft specification being developed within the Decentralized Identity Foundation (DIF). Design work is ongoing, and participants are encouraged to open issues or otherwise contribute at the DIF-hosted github repository, whether as input to stable versions or as recommendations for future versions.

§ Terminology

Decentralized Identifiers
Unique ID URI string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).
Claim
An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.

§ Structure of this Document

§ Abstract Data Models

Abstract data model is a “Data template” that specifies which attributes a credential should contain. It includes the field names and types, as well as an indication of their interpretation and use. Abstract data model are fundamental in ensuring consistency and interoperability across differing verifiable credential formats in the market.

Abstract data model table representation

Credential Manifests are a resource format that defines preconditional requirements, Issuer style preferences, and other facets User Agents utilize to help articulate and select the inputs necessary for processing and issuance of a specified credential.

§ Basic Person Schema

§ Purpose:

The purpose of this credential schema is to define the fields required to identify an individual at a basic level for KYC purposes. The schema integrates fields from various standards including: Open ID Connect , Open ID for Identity Assurance , and EBSI for natural person.

Use cases: Utilized across financial services, telecommunications, and any sector requiring identity verification for customer onboarding, transaction verification, and regulatory compliance, enabling streamlined and standardized data handling for KYC procedures.

NOTE

The schema excludes assurance levels and the verification process by which the data was obtained.

§ Basic Person Abstract Data Model

Property Description Type & Format Definition / Comments - IEEE Ontology PURL
id * Stores the DID of the subject that owns the credential string Definition: https://www.w3.org/TR/vc-data-model/#identifiers
issuanceDate * Issuance date of the credential string / date-time
expirationDate Expiration date credential string / date-time
fullName * End-User’s full legal name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User’s locale and preferences. string
firstName * Current first name(s) or given names of the credential subject string On certain regions and cultures individuals can have only have one name. In that situation like that the fullName field would be equal to the firstName field.
familyName Current family name(s) of the credential subject string
middleName Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used. string
salutationOrTitle Salutation or Title of credential subject. string
dateOfBirth * Date of birth of the credential subject. string / date-time
governmentIdentifier * The unique government or national identifier of the credential subject (constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time). string
governmentIdentifierType * Type of government or national identifier, allowed values: passport, national id document, tax id, drivers license, social service number (ssn, social issurance number, or health service id), other. enumeration
otherNames (array / optional) Other names of the credential subject including name at birth (or maiden name), as well as nick names or stage names. Structured into an array of objects (see the definition of the Other Names object ).
placeOfBirth (object / optional) Defines the place where the credential subject is born. The value of this is a JSON object containing some or all of the following fields:
locality Locality: String representing city or locality component. string
region region: String representing state, province, prefecture, or region component. This field might be required in some jurisdictions. string
country Country: String representing country in ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC). string
addresses (array / optional) Various addresses associated with the credential subject. Structured into an array of objects (see the definition of the Address object )
sex Biological sex of the individual at birth. Allowed values: male, female. string
gender Gender that the credential subject identifies as. Some reference values (non-exhaustive list): male, female, transgender male, transgender female, non-binary…. string
nationalities (array / optional) Credential subject’s nationalities. Expressed as an array of strings of the following:
nationality array items Nationality of the credential subject using ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC). string
email End-User’s preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. string / idn-email
emailVerified True if the End-User’s e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. boolean
phoneNumber Primary contact number of the user, it should include the country code. The phone number must be formatted according to ITU-T recommendation [E.164], e.g., “1999550123” or “50688785073” string
phoneNumberVerified True if the End-User’s phone number has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. boolean
otherIdentifiers (array / optional) Other identifiers of the credential subject in addition to the main government identifier. Structured into an array of objects (see the definition of the Other Identifiers object ).
customFields (array) These are custom fields that can be issued by the credential issuer for any other field not accounted in the main schema. 3 string, number, and boolean fields are available. object
NOTE

* = Required field

§ Other Names object

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
nameType Type of name, allowed values: birthName (names of the credential subject at birth also known as maiden name), alsoKnownAs (Stage name, religious name or any other type of alias/pseudonym with which a person is known in a specific context besides its legal name), otherName. string optional
firstName First name(s) or given names of the credential subject. string optional
familyName Family name(s) of the credential subject. string optional

§ Other Identifiers object

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
identifierType Type of name: Some reference values (non-exhaustive list): gymMembership, sportsClubMembership. string optional
identifierValue Identifier value (free form string value). string optional

§ Address object

Property Description Type & Format Required or Optional Definition / Comments - IEEE Ontology PURL
addressType Type of address allowed values: primaryAddress, homeAddress, businessAddress, mailingAddress. string optional
addressLine1 Address Line 1, usually the street address or major indication for the address. string optional
addressLine2 Address Line 2, with apartment or suite number or additional indications. string optional
locality locality: String representing city or locality component. string optional
region region: String representing state, province, prefecture, or region component. string optional
country Country: String representing country in ISO 3166-1 alpha-3 codes (e.g. FRA, USA, CRC). string optional
postalCode Postal code (also known as postcode, post code, PIN or ZIP Code). string optional
unstructuredAddress Optional one line address field since not all addresses may be structured in the person’s KYC source information. string optional
TODO

Need to add links to sample schema implementations in JSON-LD, SD-JWT and others

§ Other Sections…

§ Appendix

§ JSON Schemas

§ Examples

§ References

JSON Schema
JSON Schema: A Media Type for Describing JSON Documents. A. Wright, H. Andrews, B. Hutton, G. Dennis. Status: 28 January 2020. Status: Internet-Draft.

§ Patent Policy

The Decentralized Identity Foundation has adopted the W3C Patent Policy (2004), as detailed below:

Table of Contents
undefined