Glossary
Key terms and definitions for verifiable credentials, digital identity, and related standards.
A
B
BBS+ Signatures
A pairing-based signature scheme that enables selective disclosure without revealing which claims are disclosed, providing enhanced privacy.
Bearer Credential
A credential without key binding that can be presented by anyone who possesses it, similar to cash.
C
CBOR
Concise Binary Object Representation. A binary data format designed for small message sizes, used in mDOC credentials.
CCPA
California Consumer Privacy Act. A US state privacy law giving California residents rights over their personal data.
Claim
A statement about a subject expressed as a name-value pair within a credential.
Cloud Wallet
A digital wallet where credentials and keys are stored on remote servers, accessible via web browser or thin client.
COSE
CBOR Object Signing and Encryption. The CBOR equivalent of JOSE, used for signing mDOC credentials.
Credential
A set of one or more claims made by an issuer about a subject.
Credential Offer
A JSON object in OID4VCI that tells the wallet what credentials are available and how to obtain them.
Custodial Wallet
A wallet where a third party holds and manages cryptographic keys on behalf of the user.
c_nonce
A server-provided nonce in OID4VCI used to prove freshness of key binding proofs.
D
Data Integrity Proof
A W3C proof mechanism that embeds the signature directly in the credential as a proof object.
Device Authentication
The process in mDOC where the holder proves control of the device key bound to the credential.
deviceKey
The public key in mDOC MSO that binds the credential to a specific device.
DID
Decentralized Identifier. A URI that enables verifiable, decentralized digital identity.
DID Document
A document containing verification methods and service endpoints associated with a DID.
DID Method
A specification defining how DIDs are created, resolved, updated, and deactivated for a particular type of DID.
did:key
A DID method where the identifier is derived directly from a public key, requiring no external infrastructure.
did:web
A DID method that uses web domains for DID resolution, storing DID documents at well-known URLs.
E
Edge Wallet
A digital wallet that runs directly on the user's device with credentials and keys stored locally.
eIDAS
Electronic Identification, Authentication and Trust Services. EU regulation establishing a framework for electronic identification and trust services.
G
GDPR
General Data Protection Regulation. EU regulation on data protection and privacy that establishes strong data subject rights.
H
Holder
An entity that possesses and presents verifiable credentials. Often the subject of the credential.
Holder Binding
Cryptographic proof that the presenter is the legitimate holder of the credential.
I
IACA
Issuing Authority Certificate Authority. The root of trust for mDOC credentials in ISO 18013-5.
ISO 18013-5
The ISO standard for mobile driving licenses (mDL), defining the mDOC format.
ISO 23220
Extension of ISO 18013 for general-purpose mobile documents beyond driving licenses.
Issuer
An entity that creates and signs verifiable credentials, asserting claims about a subject.
IssuerSignedItem
A CBOR structure in mDOC containing a claim with random salt for selective disclosure.
J
JSON-LD
JSON for Linked Data. A method of encoding Linked Data using JSON, providing semantic context.
JWT
JSON Web Token. A compact, URL-safe means of representing claims as a JSON object signed with JWS.
K
Key Binding
The association of a credential with a specific cryptographic key controlled by the holder.
KB-JWT
Key Binding JWT. A JWT in SD-JWT that proves the presenter controls the bound key.
M
mDL
Mobile Driver License. A digital version of a driving license following ISO 18013-5.
mDOC
Mobile Document. The credential format defined in ISO 18013-5 using CBOR encoding.
MSO
Mobile Security Object. The signed structure in mDOC containing claim hashes and validity info.
N
Namespace
In mDOC, a string identifier that groups related data elements (e.g., org.iso.18013.5.1).
Nonce
A one-time value used to prevent replay attacks and ensure freshness of proofs.
O
OID4VCI
OpenID for Verifiable Credential Issuance. A protocol for issuing credentials using OAuth 2.0.
OID4VP
OpenID for Verifiable Presentations. A protocol for requesting and presenting credentials.
P
Presentation
A packaging of credentials for transmission from holder to verifier.
Proof of Possession
Cryptographic evidence that the holder controls a private key.
R
Revocation
The process of invalidating a previously issued credential before its expiration.
S
SD-JWT
Selective Disclosure JWT. A JWT format enabling selective disclosure of claims using salted hashes.
Selective Disclosure
The ability to present only specific claims from a credential while hiding others.
Status List
A revocation mechanism using a compressed bitstring where each index represents a credential.
Subject
The entity about which claims are made in a credential.
T
Trust Framework
A set of rules and policies governing participants in a credential ecosystem.
Trusted Issuer List
A machine-readable registry of entities authorized to issue specific types of credentials within a trust framework.
V
valueDigests
The map in MSO containing hashes of IssuerSignedItems for selective disclosure verification.
VDR
Verifiable Data Registry. A system that mediates the creation and verification of identifiers, keys, and other relevant data such as credential schemas and revocation lists.
Verifiable Credential
A tamper-evident credential with authorship that can be cryptographically verified.
Verifiable Presentation
A tamper-evident presentation that proves credential possession.
Verifier
An entity that receives and validates verifiable credentials or presentations.
W
Wallet
Software or hardware that stores credentials and manages their presentation.
Z
Zero-Knowledge Proof
A cryptographic method allowing one party to prove a statement is true without revealing any information beyond the validity of the statement.
ZK-SNARK
Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. A type of ZKP that is small and fast to verify.