Credentials
Perhaps the most well known self sovereign identity explanation of credentials is the issuer-holder-verifier model. A simple example is a university student receiving a credential representing their acquired degree after graduating.
A third-party verifier, such as an employer, may trust the university and recognise any credentials issued by that university. As such, credentials allow us to create attestations about other identifiers and in some cases even delegate authority.
The credential type used in the KERI ecosystem is called an Authentic Chained Data Container , or ACDC for short. It is incredibly powerful and can be used to delegate authority and provide secure provenance over data in ways that other credential standards cannot. Developers can find more information here and here.
Issuance
Once you have connected with an issuer, they may issue you a credential. Credentials follow a well-defined schema with certain attributes — which we call a credential template. The issuance will appear as a notification in the wallet and can be accepted or declined.
A credential is issued to a specific identifier, and not the wallet in general. If you delete the related identifier, you will not be able to use the credential!
Request to present
Other connections may also send you a request to present your credentials. The request will indicate a specific credential template and may also include some specific attributes that the verifier is looking for.
If you hold any credentials that satisfy the request, you can present this credential in response. You may select the specific credential you would like to present from the UI. Only credentials held by the exact identifier you have shared with the verifier can be shared.
ACDCs follow the principle of least disclosure and can also support selective disclosure. However, this is also a work in progress in the community. Coming soon!
Revocation
Credentials may also be revoked by the issuer. If one of your credentials gets revoked, you will be notified in the app and your credential will be moved to the archived section.
Archiving
Credentials can be archived within the wallet if they are no longer needed, or restored if necessary. Archived credentials cannot be presented from individual identifiers or proposed to a group for presentation.
If you are sure you no longer require this credential, it can be fully deleted.
If you recover your wallet that had archived credentials, they will appear as restored once synced from the cloud. We’re working on improving this down the line!