NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

Securing Verifiable Credentials using JOSE and COSE

type
Standard
Documentation

Description

Description
Source

The standard defines methods for securing Verifiable Credentials and Verifiable Presentations using three major cryptographic protocols: JSON Object Signing and Encryption (JOSE), Selective Disclosure for JWTs (SD-JWT), and CBOR Object Signing and Encryption (COSE). This enables implementation of the W3C Verifiable Credentials Data Model using widely adopted security standards.

Key features include:

  • Support for multiple security formats (JWT, SD-JWT, COSE)
  • Selective disclosure capabilities through SD-JWT
  • Flexible key discovery mechanisms
  • Standard media types for different credential formats
  • Support for both JSON and CBOR encodings

The standard is particularly notable for its ability to handle different credential presentation scenarios while maintaining security and privacy through selective disclosure.

Technical Details:

  1. Purpose and Scope:
  • Defines methods to secure credentials conforming to the W3C VC Data Model
  • Specifies how to implement security using JOSE, SD-JWT, and COSE protocols
  • Establishes standard media types for secured credentials
  1. Key Technical Specifications:
  • Uses JWS, SD-JWT, and COSE_Sign1 for digital signatures
  • Supports header parameters for metadata and key discovery
  • Defines application/vc+jwt, application/vc+sd-jwt, and application/vc+cose media types
  • Implements proof-of-possession mechanisms through cnf claims
  1. Implementation Requirements:
  • Must support specified media types and formats
  • Must implement proper key discovery mechanisms
  • Must validate all claims according to verifier policies
  • Must handle both secured credentials and presentations
  1. Security Considerations:
  • Requires strict JSON validation
  • Mandates protection of private keys
  • Implements countermeasures against various attacks
  • Supports encryption for secure transmission
  1. Interoperability Features:
  • Standard media types for different formats
  • Common key discovery mechanisms
  • Consistent handling of credentials across formats
  • Support for multiple credential presentation methods
  1. Current Adoption Status:

    The specification is currently a W3C Candidate Recommendation Draft with active implementation feedback being sought. Requirements include demonstration of at least two independent implementations for mandatory features.

Statistics

Projects Following
Source
0

Under Management at

Project
Website
Source

Projects Following or working on this Standard

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page