Skip to main content
European CommissionEBSI European Blockchain

EBSI W3C VCs and VPs

Last updated on

Context

Within the EBSI ecosystem, Verifiable Credentials (VCs) and Verifiable Presentations (VPs) are fundamental components. They set the standard for all digital documents, enhancing efficiency, interoperability and readability. The EBSI VC and VP data models are built upon the World Wide Web Consortium (W3C) Verifiable Credentials, which define a standardised method for digitally presenting credentials on the internet. This page is the starting point for all VC and VP related information in the EBSI Verifiable Credentials Framework.

Data Models and Schemas

EBSI VCs build upon the W3C Verifiable Credential Data Model (VCDM). EBSI provides JSON Schema-based definitions and type extensions compatible with the VCDM. Additionally, Issuers are able to define their own VC Schemas and register them in the EBSI Trusted Schemas Registry (TSR). Once accredited by a Trusted Accreditation Organisation (TAO), Issuers are authorised to issue only VCs according to specific registered schemas. Different parties can fetch these schemas in order to validate VCs. Learn more about EBSI data models and schemas here.

DID Methods

Decentralised identifiers (DIDs) are unique alphanumeric strings generated by their owners using digital wallets or back-office systems. They play a crucial role in verifying the authenticity of Issuers and Holders within the VC ecosystem. EBSI employs two distinct methods for generating and storing DIDs. The selection of the DID method is determined by the user's type (Legal Entity or Natural Person) and their respective privacy requirements.

Legal Entities use the DID method specification V1 did:ebsi, registering their DIDs in the EBSI DID Registry (DIDR). This method makes the associated DID documents publicly accessible to Verifiers of VCs via EBSI's ledger.

In contrast, Natural Persons use the DID method specification V2 did:key, which encodes the user's public key within the DID and complies with General Data Protection Regulation (GDPR) requirements. DIDs using the did:key method are not registered in the EBSI DID Registry; however, they attain verifiability through the inclusion of the user's encoded public key. Read more about EBSI DID Methods here.

E-signing and e-sealing

E-signing and e-sealing define how Natural Persons and Legal Entities can digitally sign VCs and VPs. Electronic signatures and seals are important components of EBSI's Trust Model as they guarantee the origin, authenticity and integrity of the signed information. Read more about how e-signing and e-sealing is applied in EBSI here.

Trust Model

The core value proposition of EBSI is to instil trust among the various entities within the VC ecosystem. For this purpose, EBSI's Trust Model (pictured below) enables the verification of VCs using both the DID registry (DIDR) and Trusted Issuers Registry (TIR). Together, these registries provide information about public issuers of VCs, including their relationships and accreditations. For further insights into EBSI's Trust Model, you can find additional information here.

  sd-generic-flow

Credential Status Framework

Depending on the specific VC use case, it is sometimes crucial to obtain up-to-date information about the revocation status of a credential. EBSI supports various methods for presenting and publishing VC status information. These methods can be employed based on use-case specific requirements, such as the desired level of privacy between different actors. Learn more about EBSI Credential Status Framework here.

VC and VP lifecycle

EBSI's VC and VP lifecycle is summarised in the table below. The table also presents distinctions from W3C's corresponding lifecycle.

StepEBSI's VC and VP lifecycleW3C's VC and VP lifecycleGuidelines for EBSI
1Registration and onboarding of different actors (Legal Entity as Trusted Issuer or Verifier, Natural Person as Holder).Out of scope.How to onboard in a Trust Chain
2Credential Issuance for Issuers and Holders. Storage of Verifiable Credentials for HoldersIssuance of one or more Verifiable Credentials. Storage of Verifiable Credentials in a credential repository, e.g., digital wallet.How to issue Verifiable Credentials and EBSI Wallet Conformance Testing
3Presentation Exchange for Holders and VerifiersComposition of Verifiable Credentials into Verifiable Presentation. Exchange of Verifiable Presentation and its verification by the Verifier.How to share Verifiable Presentations
4Managing schemas of data models in TSROut of scope.Data Models and Trusted Schemas Registry API

APIs Relevant to the VC Lifecycle

EBSI developed several APIs for interaction with the EBSI blockchain, data registries and smart contracts. Each API serves its specific role and is used by different actors. The following APIs are used in the EBSI VC and VP lifecycle today:

  • Trusted Issuers Registry (TIR)
  • Trusted Schemas Registry (TSR)
  • DID Registry (DIDR)

The table below summarises the APIs used in VC and VP lifecycle.

ActionAPIActorDocumentation
Legal Entity registrationDIDRIssuerDIDR API
Issuer registrationTIRIssuerTIR API
Issuer verificationTIRHolder, VerifierTIR API
Schema registrationTSRIssuerTSR API
Schema verificationTSRIssuer, Holder, VerifierTSR API
Issuer accreditationTIRIssuerTIR API