Interview: How Verifiable Credentials Are Redefining Digital Identity

Montevideo, May 12, 2025.

Verifiable credentials are designed to prove personal information securely, reliably, and efficiently. Their purpose is to enhance security, privacy, and agility in data verification by allowing users to control their information, share only what is necessary, and carry out digital procedures with global validity, without relying on a central authority.

In this article, we talk with Fabricio Gregorio, software architect at Sofis Solutions, who explains what verifiable credentials are, their relation to digital identity, and how their scheme and lifecycle work. He also shares real-world use cases, the most used technologies and standards for their implementation, and a look at the future of these innovative solutions.

Introduction to Verifiable Credentials

What are verifiable credentials?

Verifiable credentials are a digital way to represent information about a person or organization — such as a university degree or a license — but with a particular feature: they are digitally signed by the issuer, allowing a third party to verify their validity without contacting the issuer directly. Unlike traditional models, where you must send an email, consume an API, or call the institution to verify a credential, in this case, the user stores it in their digital wallet and can share it with whoever they want. Most importantly, the receiver can immediately verify its authenticity without intermediaries.

What improvements do verifiable credentials offer?

Primarily, they seek to provide a more secure, reliable, and interoperable way to identify ourselves digitally. Nowadays, we have to share our personal data repeatedly across different services. With these credentials, one can share only the necessary information, in a controlled manner, and without relying on the availability or response of the issuing institution every time someone needs to verify something.

Is there a relationship between verifiable credentials and digital identity?

Verifiable credentials are a key component of what is called sovereign digital identity. That is, a model where each person owns their own information and can decide how and with whom to share it. Verifiable credentials enable exactly that: managing our personal data autonomously without relying on a central platform.

Who are the participants in a verifiable credentials scheme?

There are three main actors: the issuer, who generates and signs the credential (such as a university or government entity); the holder, who receives the credential and stores it in their digital wallet; and the verifier, who needs to check that the credential is valid. Each plays a specific role to ensure the system works in a decentralized and trustworthy way.

What is the lifecycle of a verifiable credential?

The process has three stages. First, issuance: the issuer generates and signs the credential with the holder’s data. Then, presentation: the holder chooses which credential to show and to whom, even hiding certain data if desired. Finally, verification: the recipient checks the digital signature and other data to ensure it is authentic, current, and has not been altered or revoked.

Can you share some concrete examples of verifiable credentials in the real world?

Yes, there are several. For example, universities like MIT or Harvard are issuing verifiable digital diplomas. In Europe, the European Union is developing the EUDI Wallet, which will store documents such as medical prescriptions or degrees. Some U.S. states already use digital driver’s licenses in wallets like Apple Wallet. And in Uruguay, AGESIC created the Porta Documentos Digital, where official documents with legal validity can be stored.

Technologies, Standards, and Challenges of Verifiable Credentials

What technologies and standards are commonly used to implement these systems?

Several open standards are used. The best known is the W3C Verifiable Credentials data model. There are also Decentralized Identifiers (DIDs), which allow identifying actors without relying on a central authority. Other important standards are OpenID4VCI for issuing credentials, OpenID4VP for presenting them, and ISO/IEC 18013-5 for driver’s licenses. Technologies such as digital signatures, credential formats like JSON-LD or JWT, selective disclosure mechanisms, and efficient revocation lists that do not compromise privacy are used.

If implementing a verifiable credentials system, what technical challenges must be considered?

One of the biggest challenges is interoperability among different issuers, verifiers, and wallets. There are also challenges on how to publish the status of a credential without affecting the end user’s privacy. Choosing the correct format (such as JSON-LD or JWT) can be complex, and it is crucial that the system is easy to use for individuals and institutions. And of course, compliance with data protection laws is always necessary.

How is user privacy protected?

User privacy is protected in several ways. One is selective disclosure: the user can share only the data they want. Another is the use of technical mechanisms that prevent tracking the user. Also, every credential presentation must have the holder’s consent. Credentials are stored locally, reducing the risk of unauthorized access. Finally, all this is reinforced with encryption and digital signatures.

In which sectors are productive solutions already implemented?

There are already implementations working in sectors like education, government, and health. The standards are stable and well defined. Although mass adoption and large-scale interoperability are still pending, progress is solid.

What do you think is the future of verifiable credentials?

They will be a key part of our digital infrastructure. We will use them in public procedures, health, education, finance, and even voting. Digital wallets will be universal, interoperable, and able to store all kinds of credentials. Moreover, global regulation will be essential to ensure trust and respect for privacy.