Confidence Method v1.0

Abstract

This specification defines a mechanism that can be used with the Verifiable Credentials Data Model v2.0 to increase a verifier's confidence about a particular subject identified in a verifiable credential.

Status of This Document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index.

This is an experimental specification and is undergoing regular revisions. It is not fit for production deployment.

This document was published by the Verifiable Credentials Working Group as a First Public Working Draft using the Recommendation track.

Publication as a First Public Working Draft does not imply endorsement by W3C and its Members.

This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress.

This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent that the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This document is governed by the 18 August 2025 W3C Process Document.

This section is non-normative.

When a verifier performs the process of validating a verifiable credential, it is useful to be able to raise the confidence level that the subjects identified in a verifiable credential are the same ones that interacted with the issuer when it performed its vetting process to issue the verifiable credential. For example, when an employer (the issuer) issues a corporate identification card to an employee (the subject), it might require that the employee bind a particular cryptographic key (verification method) to the verifiable credential during the issuing process. In that case, the issuer can use this specification to convey to the verifier which cryptographic key was bound during the initial identity assurance process.

In other words, an issuer can use this specification to convey which provable mechanisms it used to bind claims in a verifiable credential so that a verifier can increase their confidence in the truth of a variety of things, including the following:

a particular identifier in the verifiable credential refers to the same subject the issuer intended it to refer to,
a subject, such as the presenter of a verifiable credential, is the same subject that the issuer made claims about,
a subject controls, or has been designated to use, one or more mechanisms for demonstrating proof-of-possession of cryptographic key material,
a subject identified in the verifiable credential can be checked against a biometric.

Terminology used throughout this document is defined in the Terminology section of the Verifiable Credentials Data Model v2.0 and the Verifiable Credential Data Integrity 1.0 specification.

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY and MUST in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

A conforming document is any concrete expression of the data model that follows the relevant normative requirements in Section 2. Data Model.

A conforming processor is any algorithm realized as software and/or hardware that generates and/or consumes a conforming document. Conforming processors MUST produce errors when non-conforming documents are consumed.

This specification defines the confidenceMethod property for expressing confidence method information in a credentialSubject in a verifiable credential.

confidenceMethod

If present, the value of the confidenceMethod property is one or more confidence methods. Each confidence method is bound to one or more subjects in the verifiable credential, and provides enough information for a verifier to determine whether the holder can generate a verifiable presentation to increase the verifier's confidence that they are the same entity referenced by the confidence method. This is referred to as satisfying the confidence method. It is required that the issuer verifies that the holder can satisfy each confidenceMethod the issuer includes in the claims of the verifiable credentials they issue.

Each confidence method MUST specify its type and MAY specify an id. The precise properties and semantics of each confidence method are determined by the specific confidenceMethod type definition.

A verifier can decide to accept claims in a verifiable credential without requiring use of the confidence method, or use a different mechanism to increase their confidence about whether, for example, the holder is the same entity the issuer made claims about in the verifiable credential. Such a decision can impact the verifier's liability when accepting verifiable credentials during certain use cases.

A verifier can validate that the holder controls, or has been designated the ability to use, a confidence method by verifying the proof of the verifiable presentation using the information in the confidence method. The confidence method can include the verification key, or the type of the confidence method can define that the verification key is to be inferred from other properties in the verifiable credential, such as the credentialSubject.id.

The following example demonstrates the various types of confidence methods that can be used, including public cryptographic keys, verification methods, and Decentralized Identifier Documents.

Example 1: Usage of the confirmationMethod property of type VerificationKeyConfirmation

{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "http://example.edu/credentials/3732",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "https://example.edu/issuers/14",
  "validFrom": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "confidenceMethod": [{
      "type": "BiometricPortraitImage",
      "image": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD",
    }, {
      "id": "urn:uuid:818d5ca0-3978-11f0-8658-4f17a1afd652#key-abc",
      "type": "JsonWebKey",
      "controller": "urn:uuid:818d5ca0-3978-11f0-8658-4f17a1afd652",
      "publicKeyJwk": {
        "crv": "Ed25519",
        "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
        "kty": "OKP",
        "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
      }
    }, {
      "id": "did:example:123#key-567",
      "type": "Multikey",
      "controller": "did:example:123",
      "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }, {
      "id": "did:example:1234",
      "type": "DecentralizedIdentifierDocument"
    }],
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": { ... }
}

Note

A confidence method can express various metadata such as the issuer's level of confidence that the holder is the subject of the verifiable credential, specific form factors or mechanisms of authenticators, and/or references to other verifiable credentials or versioned trust frameworks. For example, an issuer can make a claim about a confidence method that is based on a cryptographic key pair, but to produce a signature using that key, the holder has to unlock a device using multi-factor authentication.

Confidence Method v1.0

Increasing confidence during presentation of verifiable credentials

Abstract

Status of This Document

1. Introduction

1.1 Terminology

1.2 Conformance

2. Data Model

3. Security Considerations

4. Privacy Considerations

A. References

A.1 Normative references

A.2 Informative references