Confidence Method v0.9

Increasing confidence during presentation of verifiable credentials

Final Community Group Report

This version:
https://www.w3.org/community/reports/credentials/CG-FINAL-vc-confidence-method-20250831/
Latest published version:
https://www.w3.org/community/reports/credentials/CG-FINAL-vc-confidence-method-20250831/
Latest editor's draft:
https://w3c-ccg.github.io/vc-confidence-method/
Editor:
TBD
Feedback:
GitHub w3c-ccg/vc-confidence-method (pull requests, new issue, open issues)
public-credentials@w3.org with subject line [vc-confidence-method] … message topic … (archives)
Related Documents
Verifiable Credentials Data Model v2.0

Copyright © 2025 the Contributors to the Confidence Method v0.9 Specification, published by the Credentials Community Group under the W3C Community Final Specification Agreement (FSA). A human-readable summary is available.

Abstract

This specification defines a mechanism that can be used with the Verifiable Credentials Data Model v2.0 to increase a verifier's confidence about a particular subject identified in a verifiable credential.

Status of This Document

This specification was published by the Credentials Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Final Specification Agreement (FSA) other conditions apply. Learn more about W3C Community and Business Groups.

This is an experimental specification and is undergoing regular revisions. It is not fit for production deployment.

GitHub Issues are preferred for discussion of this specification. Alternatively, you can send comments to our mailing list. Please send them to public-credentials@w3.org (subscribe, archives).

1. Introduction

This section is non-normative.

When a verifier performs the process of validating a verifiable credential, it is useful to be able to raise the confidence level that the subjects identified in a verifiable credential are the same ones that interacted with the issuer when it performed its vetting process to issue the verifiable credential. For example, when an employer (the issuer) issues a corporate identification card to an employee (the subject), it might require that the employee bind a particular cryptographic key (verification method) to the verifiable credential during the issuing process. In that case, the issuer can use this specification to convey to the verifier which cryptographic key was bound during the initial identity assurance process.

In other words, an issuer can use this specification to convey which provable mechanisms it used to bind claims in a verifiable credential so that a verifier can increase their confidence in the truth of a variety of things, including the following:

1.1 Terminology

Terminology used throughout this document is defined in the Terminology section of the Verifiable Credentials Data Model v2.0 and the Verifiable Credential Data Integrity 1.0 specification.

1.2 Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY and MUST in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

A conforming document is any concrete expression of the data model that follows the relevant normative requirements in Section 2. Data Model.

A conforming processor is any algorithm realized as software and/or hardware that generates and/or consumes a conforming document. Conforming processors MUST produce errors when non-conforming documents are consumed.

2. Data Model

This specification defines the confidenceMethod property for expressing confidence method information in a credentialSubject in a verifiable credential.

confidenceMethod

If present, the value of the confidenceMethod property is one or more confidence methods. Each confidence method is bound to one or more subjects in the verifiable credential, and provides enough information for a verifier to determine whether the holder can generate a verifiable presentation to increase the verifier's confidence that they are the same entity referenced by the confidence method. This is referred to as satisfying the confidence method. It is required that the issuer verifies that the holder can satisfy each confidenceMethod the issuer includes in the claims of the verifiable credentials they issue.

Each confidence method MUST specify its type and MAY specify an id. The precise properties and semantics of each confidence method are determined by the specific confidenceMethod type definition.

A verifier can decide to accept claims in a verifiable credential without requiring use of the confidence method, or use a different mechanism to increase their confidence about whether, for example, the holder is the same entity the issuer made claims about in the verifiable credential. Such a decision can impact the verifier's liability when accepting verifiable credentials during certain use cases.

A verifier can validate that the holder controls, or has been designated the ability to use, a confidence method by verifying the proof of the verifiable presentation using the information in the confidence method. The confidence method can include the verification key, or the type of the confidence method can define that the verification key is to be inferred from other properties in the verifiable credential, such as the credentialSubject.id.

The following example demonstrates the various types of confidence methods that can be used, including public cryptographic keys, verification methods, and Decentralized Identifier Documents.

Example 1: Usage of the confirmationMethod property of type VerificationKeyConfirmation 
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "http://example.edu/credentials/3732",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "https://example.edu/issuers/14",
  "validFrom": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "confidenceMethod": [{
      "type": "BiometricPortraitImage",
      "image": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD",
    }, {
      "id": "urn:uuid:818d5ca0-3978-11f0-8658-4f17a1afd652#key-abc",
      "type": "JsonWebKey",
      "controller": "urn:uuid:818d5ca0-3978-11f0-8658-4f17a1afd652",
      "publicKeyJwk": {
        "crv": "Ed25519",
        "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
        "kty": "OKP",
        "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
      }
    }, {
      "id": "did:example:123#key-567",
      "type": "Multikey",
      "controller": "did:example:123",
      "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
    }, {
      "id": "did:example:1234",
      "type": "DecentralizedIdentifierDocument"
    }],
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": { ... }
}
Note

A confidence method can express various metadata such as the issuer's level of confidence that the holder is the subject of the verifiable credential, specific form factors or mechanisms of authenticators, and/or references to other verifiable credentials or versioned trust frameworks. For example, an issuer can make a claim about a confidence method that is based on a cryptographic key pair, but to produce a signature using that key, the holder has to unlock a device using multi-factor authentication.

3. Security Considerations

Issue 1: Add Security Considerations section
Add security considerations section that includes at least the following topics:
  • Since confidence methods can be selectively disclosed, verifiers need to explicitly ask for confidence methods in high-assurance use cases when dealing with proof mechanisms that allow for selective or unlinkable disclosure.

4. Privacy Considerations

Issue 2: Add Privacy Considerations section
Add privacy considerations section that includes at least the following topics:
  • Confidence methods are expected to be selectively disclosed, as they might not be necessary in many low-assurance use cases, or where high-assurance is achieved through a different means such as in-person verification against a photo.
  • If a confidence method is unlinkably disclosed, it can reveal correlatable identifiers, such as public cryptographic key identifiers.
  • Strongly advise against using biometrics for confidence methods unless absolutely required. Warn that verifiers should only require biometric photos as a last resort and should destroy the information after the transaction is complete.

A. References

A.1 Normative references

[RFC2119]
Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
[RFC8174]
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174
[VC-DATA-INTEGRITY]
Verifiable Credential Data Integrity 1.0. Ivan Herman; Manu Sporny; Ted Thibodeau Jr; Dave Longley; Greg Bernstein. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-integrity/
[VC-DATA-MODEL-2.0]
Verifiable Credentials Data Model v2.0. Ivan Herman; Michael Jones; Manu Sporny; Ted Thibodeau Jr; Gabe Cohen. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model-2.0/

A.2 Informative references

[cid]
Controlled Identifiers v1.0. Michael Jones; Manu Sporny. W3C. 15 May 2025. W3C Recommendation. URL: https://www.w3.org/TR/cid-1.0/