Some use cases for verifiable credentials

From Research Questions Task Force

Some Use Cases for Verifiable Credentials


Verifiable Credentials enable claims to be made about a subject - an entity such as a person or organization - by a credential issuer. A set of claims is known as a credential. A verifier can later establish via digital signatures that the claims were asserted by the issuer, without interacting with the latter. A set of credentials can be possessed by a credential holder, who may, but need not, also be the subject of the claims made in the credentials.

For a more detailed discussion, see Verifiable Credentials Use Cases, and Verifiable credentials Data Model 1.0.

Verifiable credentials can also make use of Decentralized Identifiers, unique and cryptographically verifiable means of identifying an entity (e.g., the subject of a credential) without engaging a central authority in the creation, updating or use of the identifier. For a more precise and detailed introduction to decentralized identifiers, see the Primer. See also Use cases and requirements for decentralized identifiers.

The purpose of this page is to document potential use cases of these technologies, focusing on Verifiable Credentials, that are of particular relevance to people with disabilities.

NOTE: In APA we aim to identify characteristics that are unique or particularly helpful to support accessibility in interesting ways. With Verifiable Credentials, one strong quality is the ability to support longer term claims - or claims that will persist and be valid over longer periods of time.

Use Cases

Note: The order of the descriptions below reflects approximate priorities among the use cases, as discussed by the Research Questions Task Force.

Cross-Border Transfer of Service Dogs and Comfort Animals

A user with a disability needs to travel across borders (e.g., internationally) and bring their guide dog or comfort animal. Customs control and other services need to verify that the dog is inoculated, a required by the person entering the country. This process can often be very difficult and time consuming for the passenger, and lengthy unnecessary stays in dog kennels unpleasant for the animal.

The Verifiable Credentials stack could be use as a way to authenticate the provenance of the animal, the validity of any inoculation and so on and it's use as a vital support for the passenger.

Privacy-preserving Identification of Users to Web-Based Applications and Services

There is a need for individuals to be able to identify themselves verifiably as legitimate, human users of a Web-based application or service. Although authentication techniques can partly satisfy this need, they do not enable a user to assert legitimacy verifiably without disclosing the individual's identity to the application to which access is sought.

CAPTCHA challenges do not require disclosure of identity, and, in so far as they are effective, enable human users to be distinguished from scripts or other impersonating software that may be used by attackers to circumvent security or acceptable use policies through impersonation. However, the CAPTCHA phenomenon introduces substantial access barriers to people with disabilities - see the W3C Working Group Note on Inaccessibility of CAPTCHA for details.

A verifiable credential could be used to establish the humanity of an individual reliably to a requesting Web-based application. This could be achieved in a manner that limits the disclosure of information to the verifier (i.e., the requesting application), thus preserving privacy and, if appropriate, anonymity. A user who holds a credential from an issuer trusted by the requesting application (e.g., a government-issued ID, academic qualification, etc.), could use it to assert that he or she is a person, and hence entitled to access a service.

Note: The features of Verifiable Credentials, including the potential use of zero-knowledge proofs, should be investigated further to determine how much information can be kept private in such applications.

Verification of Disability Status to establish Eligibility for Opportunities or Benefits

Some benefits or opportunities are available only to persons with disabilities. Governments (and possibly other institutions) sometimes need evidence of disability status as a condition of establishing eligibility. A report from a physician attesting to the nature of a person's disability typically suffices.

A Verifiable Credential could be used to prove a person's disability status, based, for example, on a report by a physician or a disability-related service provider. The privacy-preserving features of Verifiable Credentials would limit the additional information about the individual that is disclosed.

Since various government programs or service providers are likely to have different criteria for determining eligibility, the credential would need to carry more detailed information about a person's disability-related status than a simple true/false statement. A common data format would need to be developed, taking into account the needs of governments and service providers. In addition, for those whose disability is of a temporary or changing nature, claims would need to be qualified with a date or date range. Assessments of eligibility for ongoing services may need to be made regularly according to multiple criteria. Under these circumstances, Verifiable credentials could offer substantial improvements in efficiency, as well as the consistency-related benefits of having a common data format for disability-related information.

Note: Is there a substantial risk that the ready digital availability of such a credential could lead to its being requested more often and in more contexts than would be appropriate?

Private and Secure Access to Individual Needs and Preferences

Research and standards in accessibility have progressively moved toward acknowledging that the best outcomes for users with disabilities can often be achieved by adapting the interface to each person's specific needs and preferences. The Global Public Inclusive Infrastructure (GPII) project has notably developed an approach to configuring operating systems, assistive technologies, and Web-based applications automatically based on a profile of the user's accessibility-related preferences.

Although these preference profiles do not encode details of a person's disability, they may provide information from which sensitive details of an individual's situation can be reliably inferred. There is a requirement, then, to store and process such profiles in ways that preserve individual privacy, including, where feasible, anonymity.

Verifiable credentials could be used to store a user's accessibility-related needs and preferences, which could then be conveyed to a requesting application to adjust the user interface according to the individual's access needs.

In typical cases, the user (the credential subject) is also the credential issuer.

If Verifiable Credentials are used to hold the needs/preferences, then all that the user must do in order to configure a new device or application is to present an identifier associated with an appropriate credential. The system then retrieves the credential, verifies it, and configures its settings according to the needs/preferences that are specified.

Note: Storing needs/preferences in a Verifiable Credential may only be appropriate under conditions in which these needs/preferences are persistent (e.g., across interactive user sessions with an operating system or application). What is required to satisfy a user's preferences may depend on the context, for example the time of day, lighting conditions, ambient noise in the environment, etc. It can also depend on the capabilities of the device (hardware, software, applications, etc.) to which access is needed. However, provided that there is an underlying, relatively persistent set of needs/preferences, then Verifiable Credentials may be a suitable technology with which to store and transport them. The contextual dependencies can be handled by the software that maps user preferences to the settings that are configured in operating systems, assistive technologies, or applications. This process of inferring settings from a user's preferences, taking into account any relevant environmental conditions, is referred to in GPII literature as "matchmaking". Rule-based and statistical approaches to matchmaking have been investigated.

Asserting Conformance to Accessibility Standards

There are various accessibility standards in place to which hardware, software and documents on the Web and elsewhere can conform. Conformance may be asserted by the creator of the material or by an independent organization that provides auditing services.

A Verifiable Credential could be used to establish the authenticity of accessibility conformance claims. For example, it could be part of the process of demonstrating compliance with a contractual or regulatory obligation of accessibility conformance.

In this scenario, the subject would be the entity about which conformance is claimed. For example, it could be a document, a Web page, a hardware device, or software.

Note 1: Future Web accessibility specifications may offer considerable flexibility in identifying the subject of a conformance claim. For example, it could be restricted in scope to parts of a Web page. Can Verifiable Credentials support such flexibility in designating the credential subject?

Note 2: The assertions made in conformance claims may be complex (e.g., specifying which clauses of a standard have been met, and to what extent). This is especially so if statements of partial conformance are supported, or if future accessibility standards allow for more nuanced conformance assertions. A suitably flexible definition of the data to be used in claims would need to be defined, and it can be expected to vary depending on which standard is involved.