Standalone VC Issuance

The Cloud Agent Service supports the ability to sign credentials with standalone APIs.

For certain use cases, it can be desirable to issue VCs independent of DI Credential Exchange protocols.

Sign a W3C Verifiable Credential

The Cloud Agent can be used to sign a W3C Verifiable Credential using a specified cryptographic securing mechanism. The signer parameter accepts either a DID or a specific verification method.

The mutation accepts a credentialJson , which must be a valid JSON stringified W3C VCDM (V1.1 or V2.0).

The output includes both the finalised credentialJson (stringified JSON W3C VCDM object) that was ultimately signed, and the securedCredentialJson that is cryptographically signed by the agent (stringified JSON data using the specified securingMechanism.)

Linked Data Proof

Sign a credential using the Linked Data Proof securing mechanism, which produces a credential in the ldp_vc format - i.e. an embedded JSON-LD proof object.

mutation MyMutation {
  signCredential(
    input: {
      signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
      format: {
        w3c: {
          credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}"
          securingMechanism: LINKED_DATA_PROOF
        }
      }
    }
  ) {
    ... on SignW3CCredentialResult {
      credentialJson
      securedCredentialJson
    }
  }
}

SD-JWT

Sign a credential using the Selective Disclosure JWT securing mechanism, which produces a credential in the vc+sd-jwt format - i.e. an SD-JWT encoded W3C VCDM.

mutation MyMutation {
  signCredential(
    input: {
      signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
      format: {
        w3c: {
          credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}"
          securingMechanism: SD_JWT
        }
      }
    }
  ) {
    ... on SignW3CCredentialResult {
      credentialJson
      securedCredentialJson
    }
  }
}

Embed Credential Status

The cloud agent can automatically assign and embed credential status information when signing a credential. The system will generate and insert credentialStatus fields into the credential, assigning it to the specified status list definition.

The given status list definition must be created in accordance with Credential Status Lists.

The mutation will also return the createdStatusListEntry that was created, and can subsequently be managed via Credential Status Lists.

mutation MyMutation {
  signCredential(
    input: {
      signer: "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK"
      format: {
        w3c: {
          credentialJson: "{\"@context\":[\"https://www.w3.org/2018/credentials/v1\"],\"type\":[\"VerifiableCredential\"],\"issuer\":\"did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK\",\"issuanceDate\":\"2024-01-01T00:00:00Z\",\"credentialSubject\":{\"id\":\"did:example:123\",\"name\":\"Alice\"}}"
          securingMechanism: LINKED_DATA_PROOF
          embedCredentialStatus: {
            statusListDefinitionIdentifier: "my-status-list-def"
          }
        }
      }
    }
  ) {
    ... on SignW3CCredentialResult {
      credentialJson
      securedCredentialJson
      createdStatusListEntry {
        credentialId
        statusListDefinitionIdentifier
      }
    }
  }
}
PreviousCredential Status ListsNextAudit Logs

Last updated