What is a Test Credential?

From IIW

What Is A Test Credential?

Session: 13C

Convener: Gabe Cohen (Workday)

Notes-taker(s): Nikhil Wadwa

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


At WD we have been trying to standardise test credentials tied to our VC specs

We use only as much JSON-LDs as much as the specification requires


An issuer might want to issue credentials with different levels of Trust

Option 1: Type

Option 2: Status: downside is that it relies on another WebService, have to do another lookup

Option 3: Schema: Another idea is to register a separate schema

Option 4: Change the specification itself - anyone can implement it easily - has to proposed to W3C working group


Another point is that it is up to the verifier whether they trust it or not

What is a Test Credential?

At Workday, our customers are asking for test credentials, or provisional credentials, or any other type of status

We would like to come up with a standard mechanism for creating non-production credentials

It’s important to root the trust in the issuer’s signature, but even within that we might want to have different levels of trust.

The most straight forward mechanism might be to use LD with a TestCredential type. This would be an immediate way for someone consuming the credential to see that it is a different type.

A second option would be to modify the credential status property, which is used for revocation checking, but this could also allow for other types. We don’t want to require another call to get the status type.

The Credential Schema property. We’ve appended a status matrix variable to the schema ID to indicate the credential type. This also allows us to not create multiple schema types.

Fourth approach would be a classification field in the Verifiable Credentials specification. This would make this widely known and not a custom extension. This would need to go through the W3C for approval.

Keith - Maybe we’ll need to do some integration. The customer needs to issue test credentials in order to verify that everything is working, but we don’t want those credentials to be accepted in the broader ecosystem.

It’s up to the verifier whether they accept it or not.

Rory - JSON-LD extensions don’t need approval by a centralized governing board, but there’s a concern that external verifiers, like the Universal Verifier, would just ignore any “test” extension property. That’s why we added it into the schema URI, since that’s the semantic backing of the credential.