Verifiable Credentials

I would like to ask if there is a solution or idea out there about Verifiable Credentials implemented on the IC.

Thanks for any info.

Cheers Roland


Hey @rbole,

It would be great if you could share more details about what you’re thinking about in particular.
Here’s what’s currently happening on the IC as far as I know:

  • NFID allows sharing of attributes (verified, that user has a mobile phone number) between dApps, though they don’t use W3C Verifiable Credential data model (yet). CC: @dostro

  • The Identity & Authentication WG is currently thinking about a generalized flow of how a user could get attributes issued by a canister and present them to a relying canister in a way that is compatible with Internet Identity. Here, they’ll also explore the applicability of the W3C Verifiable Credential data model.

  • Threshold ECDSA (tECDSA) allows canisters to issue W3C Verifiable Credentials that can be verified using standard libraries by relying parties even outside the Internet Computer, i.e. by standard web services or even mobile apps. We just released a Grant RFP that mentions this use case. Furthermore, it should be possible to define a DID method or just a verification method that supports canister signatures. This would allow issuing Verifiable Credentials even without using tECDSA.


currently we are building a new online learning platform, unfortunately not on the IC. This platform can also be used for certification. And in order to do so we are going to publish certificates in case of passing the exam. And this certificates we would like to store as a verified credential on the IC, according the W3C standard. So there is a proof of ownership on this particular exam for the participant.

I’m not sure if this will work but I try to find a solution with fits our possibilities and the use case.


If you add NFID as the sign in method, you’ll have a method exposed to simply issue the verifiable credential to that user. Other applications the user sign in to can request and verify your credentials just as easily.

When do you need it by?


can you explain the difference between the Internet Identity Auth and NFID. We have planed an option for our users to register with the II Auth. So why we should use NFID instead of II Auth?


NFID is built on top of II, which means someone’s anchor could be used to authenticate from either service and generate the same identifier to 3rd party applications (though this will take some effort on the user’s side). Any feature II has is available in NFID, but not the other way around.

There are a few reasons developers like DSCVR and OpenChat have been citing to switch to NFID:

  • Higher registration rates
    I’ve heard rates as low as 5-20% (80-95% drop-off) for new II users, especially non-technical people, and ~90-95% registration rate for NFID (most everyone chooses registration and authentication to the anchor via Google).
  • Sybil resistance
    The phone credential proof provides devs with sybil resistance in the case of airdrops, token allocations, or governance to protect against duplicate accounts and bots (though I don’t believe this applies to you).
  • Wallet support
    We just rolled out the first component of wallet support, wherein users will be able to see all their tokens across all their wallets and principals everywhere on the IC. Later next month, we’ll support users sending transactions to 3rd party apps all through their NFID.

This sounds interesting for me. I’m thinking about this a while, how I can implement something like Verified Credentials to enlarge web2 applications.

I come across this topic because of


Haven’t been able to setup NFID for some reason on a few sites. Using a browser with many extensions like adblockers and such probably brakes it somewhere.
No problems with II though.