About Podcast Episode
OpenID4VC (OpenID for Verifiable Credentials) is a protocol for exchanging verifiable credentials in a decentralized identity environment. Its work is being conducted in the OpenID Foundation, in liaison with the Decentralized Identity Foundation (DIF) and with working groups in International Organization for Standardization (ISO).
The goal of OpenID4VC is to provide a simple and interoperable way to exchange credentials between different decentralized identity systems.
OpenID4VC supports three main use cases:
- Credential Issuance – OpenID4VC provides a way to issue verifiable credentials in a decentralized way
- Credential Presentation – OpenID4VC enables users to present their credentials in a verifiable way, without revealing unnecessary personal information.
- Pseudonymous User Authentication – OpenID4VC allows users to authenticate themselves without revealing their real identity.
The focus on these three use cases means that OpenID4VC purposefully isn’t focused on supporting a broader set of trust tasks that other protocols such as DIDComm aim to support.
Some core themes throughout this conversation were interoperability and avoiding locking into a specific implementation. The implementation of new formats for credentials can create obstacles for adoption, so providing a simple and secure credential agnostic protocol can help with interoperability, and therefore adoption.
In designing OpenID4VC, it was made a priority to support different credentials formats, identifiers, cryptography suites and trust management mechanisms. This spreadsheet should give a good idea of the complexity of the landscape of credential profiles and more.
As we’re reaching mid-March 2023, OpenID4VC seems to be gaining significant traction in the decentralized identity community. It has been incorporated into various industry standards, including the ISO/IEC 29184-8 standard for decentralized identity, and its issuance and verification protocols (OpenID4CI and OpenID4VP using SIOPv2) have been made “MUSTS” in the European Union’s Digital Identity Wallet Architecture and Reference Framework.
I was fortunate in this latest podcast to sit down and chat with Torsten Lodderstedt, one of the co-authors of the OpenID4VC specification. I hope you enjoy the discussion and find it as informative as I did.
In this podcast episode with Torsten, him and I discuss,
- OpenID4VC’s background, and its relationship to oAuth2 and OpenID Connect.
- How verifiable credential issuances and verifications are done using OpenID4CI and OIDC4VP (+ why Presentation Exchange was chosen as the verification protocol).
- Decisions behind supporting different credentials formats, identifiers, cryptography suites and trust management mechanisms.
- How OpenID4VC fits within the ToIP Hourglass Model (from the ToIP Technical Architecture Specification).
- How OpenID4VC can be used in conjunction with other protocols such as DIDComm to bootstrap workflows.
- Does OpenID4VC combined with trust frameworks help to solve the NASCAR problem we face today on the internet?
- SIOP: the protocol to exchange cryptographically verifiable identifiers and authenticate using the key material controlled by the End-User.
- Using OpenID4CI for ISO 18013-5 (mDL) to move away from wallet-specific credential issuance and towards an interoperable way of exchanging verifiable credentials between different decentralized identity systems.
Dr.-Ing. Torsten Lodderstedt is founder of Tuconic, a consulting firm specialising in digital identity and API-based software architectures, with more than 15 years experience in developing and running large scale consumer identity services. In his previous positions, he helped organisations in public, banking, railway communication, and telecommunication domains to implement highly-scalable and secure services. Torsten regularly contributes to identity standards, currently focusing on decentralized identity and global identity networks. He is co-author of OpenID for Verifiable Credentials and OAuth 2.1, and co-chairs the GAIN PoC community group.