1. OpenID for Verifiable Credentials
The next generation of OpenID
Kristina Yasuda, Microsoft
Paul Bastian, Bundesdruckerei
Dr. Torsten Lodderstedt, Tuconic

2. What is Decentralized Identity?
Issuer
(Website)
Verifier
(Website)
Wallet
(user’s device,
cloud or hybrid)
Credential
Issuance
Credential
Presentation
User Interactions
● The User presenting the Identity data directly to the Verifier from the Wallet
○ <> In the federated model where Identity data is sent directly from the IdP to the Verifier
● Usually expressed with the flow below:

3. Verifiable Credentials: Benefits
● End-Users gain more privacy, and portability over their identity
information.
● Cheaper, faster, and more secure identity verification, when transforming
physical credentials into digital ones.
● Universal approach to handle identification, authentication, and
authorization in digital and physical space.

4. Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Why Protocol Layer Interoperability is Crucial.
Credential
Issuance
Credential
Presentation
One entity needs to talk to the large the number of entities, to increase the value of “Decentralized
Identity”.
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
User Interactions
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Issuer
(Website)
Wallet
(user’s device,
cloud or
hybrid)
Verifier
(Website)
Issuer
(Website)

5. Problems we identified and how we solved them
Problem Solution
A lot of entirely new Protocols. (Hard to get
security right, steep learning curve)
⇒
Building upon currently widely used protocols:
OAuth 2.0 and OpenID Connect. (Secure, already
understood)
No clear winner among Credential Formats ⇒ Designing a protocol agnostic to the Credential
Formats.
No one way to do key management. ⇒ Designing a protocol agnostic to the key
management mechanism.
Participating entities cannot typically
establish trust upfront, using traditional
mechanisms.
⇒ Flexibility in Trust Management. Third Party Trust.

6. OpenID for Verifiable
Credential Issuance
...so here comes OpenID for Verifiable Credentials (OID4VC)!
Issuer
(Website)
Verifier
(Website)
Wallet
(user’s device,
cloud or hybrid)
Credential
Issuance
Credential
Presentation
User Interactions
OpenID for Verifiable
Presentations
Self-Issued OP v2

7. Adoption (selected use-cases)
The European Digital Identity
Wallet[1], ARF v.1.1: “the EUDI Wallet
Solution MUST support
OpenID4VCI as an Issuance protocol.
Member States are free to include
additional issuance protocol
alternatives in their national solutions.”
NIST National Cybersecurity
Center of Excellence[2] is
running a project implementing
and testing implementations for
OID4VP to present mdocs/mDL.
DIF JWT VC Issuance /
Presentation Profile [3] [4] uses
OID4VC protocols for the
enterprise identity use-cases:
fraud prevention in B2B, B2E
scenarios.
[1] https://cloudsignatureconsortium.org/new-eu-eidas-regulation-a-quantum-leap-for-electronic-identity/ [2] https://www.nccoe.nist.gov/projects/digital-identities-mdl
[3] https://identity.foundation/jwt-vc-issuance-profile/ [4] https://identity.foundation/jwt-vc-presentation-profile/

8. 1. Walt.id
○ https://github.com/walt-id/waltid-ssikit (Kotlin)
2. Sphereon
○ https://github.com/Sphereon-Opensource/SIOP-OpenID4VP
(Typescript)
○ https://github.com/Sphereon-Opensource/OpenID4VCI-client
(Typescript)
○ https://github.com/Sphereon-Opensource/ssi-sdk (Typescript)
3. Microsoft
○ https://github.com/microsoft/VerifiableCredential-SDK-Android
(Kotlin)
○ https://github.com/microsoft/VerifiableCredential-SDK-iOS
(Swift)
4. Spruce
○ https://github.com/spruceid/oidc4vci-rs (Rust)
○ https://github.com/spruceid/oidc4vci-issuer (Rust)
5. EBSI
○ https://api-pilot.ebsi.eu/docs/libraries (Javascript)
Open Source libraries
6. Impierce Technologies
○ https://github.com/impierce/openid4vc (Rust)
7. Animo
○ https://github.com/animo/paradym-wallet
(Typescript)
8. Trustbloc
○ https://github.com/trustbloc/vcs (Go)
○ https://github.com/trustbloc/wallet-sdk (Go)
9. Italian Government
○ https://github.com/italia/eudi-wallet-it-python
(Python)
○ https://github.com/italia/eudi-wallet-it-pid-provi
der/tree/v.1.1.1 (Python)

9. ● A light-weight, low-cost, self-certification program to serve members, drive
adoption and promote high-quality implementations (since 2015~)
● 2,400+ total certifications to date!
● Benefits (there are more!)
○ Testers get direct support from the OIDF certification team
○ Internationally recognized, award winning
○ Updated as the specification evolves
● Current progress
○ Started development for OpenID for Verifiable Presentations. initial focus is on testing wallets.
○ OpenID for Verifiable Credential Issuance planned
● Things to know
○ Strictly tests protocol specification conformance and does not test what happens inside the wallet
○ Can be integrated in continuous development and deployment processes
○ Tests are open source
OpenID Foundation Certification for OID4VC specs

10. ● “Security and Trust in OpenID for Verifiable Credentials”
○ Describes the trust architecture in OpenID for Verifiable Credentials, outlines security
considerations and requirements for the components in an ecosystem.
● Results of the formal security analysis of OpenID for VC protocols were also
presented at the OAuth Security Workshop in August: “Protocols are secure
under the assumptions made”. Official publication shortly.
OID4VC Formal Security Analysis

11. Let us tell you more about the protocol

12. OpenID for Verifiable Credential Issuance (Highlights)
- It’s an OAuth-protected API (Credential Endpoint at the Resource Server)
○ Leverages existing OAuth features and implementations
○ Easy of use for developers
- Supports various Security levels (including high security with hardware bound
keys)
- Various business requirements supported (ex. remote and in-person
provisioning)
- Different user-experiences can be achieved (multiple ways to initiate the flow)
- Issuer can check Wallet’s capabilities & Wallet can discover Issuer metadata

13. Wallet
⓪ Wallet requests & User authorizes
credential issuance
③ Credential is issued
① access token(, refresh token)
② Wallet requests credential issuance
Protocol Flow
Alice
Credential
Issuer

14. Authorization Code Flow

15. Pre-Authorized Code Flow

16. Authorization Code Flow (Overview)

17. Pre-Authorized Code Flow (Overview)

18. Credential Offer
{
"credential_issuer": "https://credential-issuer.example.com",
"credentials": [
{
"format": "vc+sd-jwt",
"type": "Identity"
}],
"grants": {
"urn:ietf:params:oauth:grant-type:pre-authorized_code": {
"pre-authorized_code": "9JSsozW2G2cluWcyCqHK",
"user_pin_required": true
}
}
}

19. Example: Token Request
POST /token HTTP/1.1
Host: credential-issuer.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn:ietf:params:oauth:grant-type:pre-authorized_code
&pre-authorized_code=SplxlOBeZQQYbYS6WxSbIA
&user_pin=493536

20. Example: Credential Issuance
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"format": "vc+sd-jwt",
"credential" : "eyJhbGciOiAiRVMyNTYifQ.eyJfc2QiOiBbIl
...
gImVtYWlsIiwgInRlc3RAZXhhbXBsZS5jb20iXQ"
}
POST /credential HTTP/1.1
Host: credential-issuer.example.com
Content-Type: application/json
Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW
{
"format":"vc+sd-jwt",
"type":"Identity",
"proof":{
"proof_type":"jwt",
"jwt":"eyJhbGciOiJFUzI1NiIsInR5cCI6Im9wZW5pZDR2Y2ktcHJvb2Yrand0Iiw
...
jhe0xQmfIBCQz20xVjaM91ODdIt5JX_ztrcq4nkglH907Ofbugg"
}
}
Request Response

21. Example: Issued Credential
{
"iss": "https://credential-issuer.example.com",
"iat": 1516239022,
"exp": 1516247022,
"type": "Identity",
"_sd": [
"UiuRGkTW7e_5UQauGeQRQdF8u3WYevS4Fs0IuB_DgYM",
"tmPlXq0MID-oRXbUNHyoVZrc9Qkm8cwJTohVyOVlUgQ",
"vTz0JI103v4k4pKIloT83Yzi33L1SdZlWBPmsfJBefk"
],
"_sd_alg": "sha-256",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
}
}
}

22. OpenID for Verifiable Presentations (Highlights)
- Designed for highest degree of privacy
- Easy of use for developers
- Supports various Security levels (e.g. mutual authentication among the parties)
- Different user-experiences can be achieved (same-device and cross-device)
- Presentation of multiple Credentials supported
- Various Wallet deployment models supported
- All local to a native app
- Native app with cloud backend
- Web wallet

23. Same Device Presentation

24. Cross Device Presentation

25. Same Device (Overview)

26. Cross-Device Flow (VP Token sent via HTTP POST)

27. Same Device (VP Token sent via HTTP POST + redirect)

28. Presentation Request
{
"id":"mDL-sample-req",
"input_descriptors":[
{
"id":"org.iso.18013.5.1.mDL",
"format":{
"mso_mdoc":{
"alg":[
"EdDSA",
"ES256"
]
},
},
"constraints":{
"limit_disclosure":"required",
"fields":[
{
"path":[
"$['org.iso.18013.5.1']['family_name']"
],
"intent_to_retain":false
}
{
"path":[
"$['org.iso.18013.5.1']['driving_privileges']"
],
"intent_to_retain":false
}
]
}
}
]
GET /authorize?
response_type=vp_token
&client_id=https%3A%2F%2Fclient.example.org%2Fcb
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
&presentation_definition=...
&nonce=n-0S6_WzA2Mj HTTP/1.1
Host: wallet.example.com
presentation_definition

29. Presentation Response
{
"definition_id": "mDL-sample-req",
"id": "org.iso.18013.5.1.mDL",
"descriptor_map": [
{
"id": "mDL",
"format": "mso_mdoc",
"path": "$"
}
]
}
presentation_submission
vp_token
HTTP/1.1 302 Found
Location: https://client.example.org/cb#
presentation_submission=...
&vp_token=...
{
"status": 0,
"version": "1.0",
"documents": [
{
"docType": "org.iso.18013.5.1.mDL",
"deviceSigned": {
"deviceAuth": {
"deviceMac": [
<< {1: 5} >>,
{},
null, h'A574C64F18902BFE18B742F17C581218F88EA279AA
]
},
"nameSpaces": 24(h'A0')
},
"issuerSigned": {
"issuerAuth": [
<< {1: -7} >>,
{
33:
h'30820215308201BCA003020102021404AD06A30C1A6DC6E93BE0E2E8F78DCAFA7907C230
040613025A453059301306072A8648CE3D020106082A8648CE3D030107034200047C5545E9
000E9C46618C02202C1F778AD252285ED05D9B55469F1CB78D773671F30FE7AB8153719423
},
<<
24(<<
{
"docType": "org.iso.18013.5.1.mDL",
"version": "1.0",

30. OpenID for Verifiable Credential Issuance
New additions to the family coming!
Self-Issued OP v2
OpenID for Verifiable Presentations
OpenID for Verifiable Presentations over BLE
Security and Trust in OpenID for Verifiable Credentials
Core specs
additions
Certification Suite
OID4VC High Assurance Interoperability Profile with SD-JWT VC
Issuer
(Website)
Verifier
(Website)
Wallet
(user’s device,
cloud or hybrid)
Issue Credentials Present Credentials
User Interactions

31. Latest Updates
- Formal Security Analysis of Issuance and Presentation is about to be published.
- Automated Conformance Tests for Wallets (Presentation) are available (1st revision).
- Growing number of Open Source Implementations.
- OpenID4VC driving convergence at the protocol layer. Getting traction in the
- Aries community (.NET and JS Framework are being extended to support OID4VC)
- mdoc community (18013-7, 23220-4, 23220-3)
- etc.

32. OID4VC High Assurance Interoperability
Profile with SD-JWT VC

33. OpenID4VC as Framework vs Profiles
- Interoperability requires instantiation of OpenID 4 VC with concrete
- Definition of “Mandatory to Implement” elements of the protocols, e.g. grant
types & response types
- Custom scheme for wallet invocation
- Definition of authentication mechanisms for Verifiers and Wallets
- Credential Format(s) with
■ issuer identification and key resolution
■ holder key binding
- Crypto algorithms
- Instantiation designated as “Profile”

34. OID4VC High Assurance Interoperability Profile with SD-JWT VC
- Interoperability across parties while being
- Privacy preserving and
- able to fulfill security and regulatory requirements
- Intended audience
- Proposal for eIDAS ARF (through OIDF/EC liaison)
- CA DMV wallet
- Basis for OWF project(s)
- IDunion Tech Stack
- GAIN PoC
- Japanese government (Trusted Web project)
- Basis for Userinfo
- other jurisdictions
- private companies / infrastructure companies

35. OID4VC High Assurance Interoperability Profile with SD-JWT VC
SIOPv2 OID4VP OID4VCI
custom scheme
crypto suites
custom scheme
credential profile
client id scheme
custom scheme
credential profile
wallet attestation
scheme
Protocols
Attestation based Client
Authentication
crypto suites
issuer key resolution
Wallet Attestation Scheme
Credential profile: SD-JWT VC
SD-JWT VC
JWT/CWT
Statuslist
crypto suites
issuer key resolution
crypto suites
issuer key resolution
- Custom Scheme: haip://
- issuer key resolution:
web-based, x509
- Crypto Suites:
P-256(secp256r1), SHA256
Basic Choices
● Authenticated issuer identifiers as
basis for trust management
● Trust Management Mechanism
can be defined on top
Note: Similar profile for ISO mdoc is being worked on for 18013-7, 23220-4 and -3
IETF OAuth WG adopted draft IETF OAuth WG adopted draft

36. Credential Format
- SD-JWT VC with JSON payload (“typ”: “vc+sd-jwt”)
- both compact and JSON serialization
- Issuer identification and key resolution
1. Web PKI based:
■ issuer URL (“iss” claim) used to obtain jwks_uri
■ key id in the “kid” JWS header
2. x.509:
■ x.509 cert chain in the “x5c” JWS header
■ issuer URL (“iss” claim) MUST be Subject Alternative Name (dnsName)
in x.509 cert
- Key binding:
- raw public key (jwk) in “cnf” JWT claim
- Credential Revocation: Bitmap type style Status list using JWTs

37. SD-JWT VC
with web PKI based Issuer key resolution
{
"alg": "ES256",
"typ": "vc+sd-jwt",
"kid":"4"
}
{
"iss": "https://credential-issuer.example.com",
"iat": 1516239022,
"exp": 1516247022,
"type": "Identity",
"_sd": [
"UiuRGkTW7e_5UQauGeQRQdF8u3WYevS4Fs0IuB_DgYM",
"tmPlXq0MID-oRXbUNHyoVZrc9Qkm8cwJTohVyOVlUgQ",
"vTz0JI103v4k4pKIloT83Yzi33L1SdZlWBPmsfJBefk"
],
"_sd_alg": "sha-256",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
}
},
"status": {
"idx": "0,",
"uri": "https://example.com/statuslists/1"
}
}

38. SD-JWT VC
with x.509 Issuer key resolution
{
"alg": "ES256",
"typ": "vc+sd-jwt",
"x5c": [
"MIICOjCCAeG...djzH7lA==",
"MIICLTCCAdS...koAmhWVKe"
]
}
{
"iss": "https://credential-issuer.example.com",
"iat": 1516239022,
"exp": 1516247022,
"type": "Identity",
"_sd": [
"UiuRGkTW7e_5UQauGeQRQdF8u3WYevS4Fs0IuB_DgYM",
"tmPlXq0MID-oRXbUNHyoVZrc9Qkm8cwJTohVyOVlUgQ",
"vTz0JI103v4k4pKIloT83Yzi33L1SdZlWBPmsfJBefk"
],
"_sd_alg": "sha-256",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
}
},
"status": {
"idx": "0,",
"uri": "https://example.com/statuslists/1"
}
}

39. SD-JWT VC
with OpenID Connect Federation Trust Chain
{
"alg": "ES256",
"typ": "vc+sd-jwt",
"trust_chain" = [
$EntityConfiguration-as-SignedJWT-selfissued-byLeaf,
$EntityStatement-as-SignedJWT-issued-byTrustAnchor
]
}
{
"iss": "https://credential-issuer.example.com",
"iat": 1516239022,
"exp": 1516247022,
"type": "Identity",
"_sd": [
"UiuRGkTW7e_5UQauGeQRQdF8u3WYevS4Fs0IuB_DgYM",
"tmPlXq0MID-oRXbUNHyoVZrc9Qkm8cwJTohVyOVlUgQ",
"vTz0JI103v4k4pKIloT83Yzi33L1SdZlWBPmsfJBefk"
],
"_sd_alg": "sha-256",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
}
},
"status": {
"idx": "0,",
"uri": "https://example.com/statuslists/1"
}
}

40. SD-JWT VC (decoded)
{
"iss": "https://credential-issuer.example.com"
,
"iat": 1541493724,
"exp": 1541494724,
"type": "Identity",
"given_name": "Erika",
"family_name": "Mustermann",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc"
,
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
}
}
"status": {
"idx": "0,",
"uri": "https://example.com/statuslists/1"
}
}

41. OpenID for Verifiable Credential Issuance
- custom scheme “haip://” for wallet invocation
- Pre-authorized and authorization code flow are both required.
- Wallet Attestation & Authentication with sender-constrained JWTs
- Sender-constrained Tokens using DPoP required

42. Issuance with Authorization Code and Wallet Attestation

43. ● Extends the established framework of
RFC7521 for a new form of client
authentication
● Client instance obtains an attestation from
client backend
● Client backend may perform any number of
security checks before issuing a key-bound
attestation JWT to the client instance
● Client instance authenticates towards
Authorization server during a Token or PAR
Request
● Note - how the client communicates with the
client backend in steps 2&4 are out of scope
● Draft adopted by IETF OAuth WG
OAuth2 Attestation-Based Client Authentication

44. Wallet Attestation JWT
{
"iss": "https://attester.example.com"
,
"sub": "https://client.example.com"
,
"iat": 1516247022,
"exp": 1541493724,
"aal" : "https://trust-list.eu/aal/high
",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc"
,
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
},
"key_type": "STRONGBOX", //optional
"user_authentication"
: "SYSTEM_PIN", //optional
}
}
{
"typ": "wallet-attestation+jwt"
,
"alg": "ES256",
"kid": "1"
}

45. OpenID for Verifiable Presentations
- custom scheme “haip://” for wallet invocation.
- Universal presentation flow based on “direct_post” response mode for same and
cross device flows.
- Subset of the Presentation Exchange Syntax in order to simplify implementation
and prevent security issues
- Verifier Authentication with
- x.509 Certificates or
- Sender-constrained JWTs

46. Same Device (VP Token sent via HTTP POST + redirect)

47. Links
OpenID 4 Verifiable Credential Issuance
OpenID 4 Verifiable Presentation
SIOP v2
OpenID4VC High Assurance Interoperability Profile with SD-JWT VC
Security and Trust in OpenID for Verifiable Credentials Ecosystems
https://datatracker.ietf.org/doc/draft-ietf-oauth-cross-device-security/
Please engage with us: Digital Credentials Protocols (DCP) Working Group

48. Q & A

49. OID4VC High Assurance Interoperability Profile with mdocs
(18013-7, 23220-4 and -3)
SIOPv2 OID4VP OID4VCI
custom scheme
crypto suites
custom scheme
credential profile
client id scheme
custom scheme
credential profile
wallet attestation
scheme
Protocols
Attestation based Client
Authentication
crypto suites
issuer key resolution
Wallet Attestation Scheme
Credential profile: mdoc
mdoc
JWT/CWT
Statuslist
crypto suites
issuer key resolution
crypto suites
issuer key resolution
- Custom Scheme: haip://
- issuer key resolution:
x509
- Crypto Suites:
P-256(secp256r1),
brainpool curves, etc.
Basic Choices
IETF OAuth WG adopted draft