4F/ What Credential Format is the Best?

From IIW

What Credential Format is the Best?

Session Convener: Torstan L

Notes-taker(s): Antonio Antonino

Tags / links to resources / technology discussed, related to this session:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Selective disclosure, offline usage, contains claims to identify people, crypto agility, anti-correlation capabilities



Advantages: Most mature widely used privacy-preserving credential format used today. Downsides: Tied to a specific ledger, it does not work offline unless data is cached. It is not yet recognized as a standard, but currently under IETF standardisation led by Steven Curran.


Can support selective disclosure and unlikable presentations. Generally smaller than Anoncreds, and embed the schema inside the proof, so the schema does not have to live on any blockchain.


Supports selective disclosure with salted hash mechanism. It is indeed an ISO standard (162 pages), so it went through a lot of reviews by different regulatory bodies. Actual authorities such as US DMVs are already issuing credentials using this standard. Presentations are correlatable, and there is no de-facto revocation mechanism. There are two operating modes: device retrieval (mandatory) and server retrieval (optional).


Widely implemented and supports a lot of different cryptographic primitives. Based on IETF specs widely security reviewed. Does not support selective disclosure.


Enhances JWTs by letting the credential being issued to the holder instead of to the relying party directly. Does not support selective disclosure either.


Goal is to have a simple JSON-based claim representation w/ support for selective disclosure, kinda like an improvement over JWTs. There is a BBS variant of it. In general, there are two classes of JWPs, ones that support single presentation (very simple to build) and ones that support multiple unlinkable presentations.

Hash & salt JWT/JWP

Supports selective disclosure but not unlinkable presentations. It would make more sense to talk about hash & salt JWP rather than JWT, since JWT was not designed for selective disclosure. Advantage would be that, beyond building a layer on top to deal with the selective disclosure, existing JWT libraries can be used to deal with this class of credentials.


Similar advantages as JWT, with the advantage that the size is smaller, albeit it requires more code for parsing. mDL uses CWT as its primary representation. EU covid pass is a CWT. It is a standard by IETF. It supports the same algorithms as JWT, minus the deprecated ones.