• mahesh8499

"Terms of Use" in Verifiable Credentials

Verifiable Credentials provide a new mechanism for an Individual to share data when and where they choose to do so. I have talked about Verifiable Credentials in some detail in my earlier Blog as to how it can help the use case of Covid-19 vaccines and test results.

One area of the Verifiable Credential W3C standard caught my attention early on, and that was the "Terms of Use" specification. Since the dawn of the Internet Era, consumers have been constantly bombarded with "Terms of Use" that they have to agree to. Look at the example below from Facebook, this is just the first 2 paragraphs of what looks like a mini treatise!.

Every time you sign up for a service, you are not only asked to give your personal data, but you are also asked to agree to a complicated list of terms of use. For the first time in the digital world, verifiable credentials that you hold gives the consumer the ability to specify the terms of use as to how their data can be used! Would it not be wonderful that if you join a social network, a loyalty program or a chat channel that you can specify the terms of how your data can be used ?. Verifiable Credentials give you the mechanism to do just that.

The above is the classic "Trust Triangle" that explains Verifiable Credentials. We have an "Issuer" that issued the credential to a "Holder", who can then present it to a "Verifier". The "Terms of Use" clause of the Verifiable Credential standard allows both the Issuer to specify "Terms of Use" as well as the Holder to specify "Terms of Use" when the holder presents a "proof" to the verifier.

For example, look at one such presentation proof snippet below:

 "termsOfUse": [{
    "type": "IssuerPolicy",
    "id": "http://example.com/policies/credential/4",
    "profile": "http://example.com/profiles/credential",
    "prohibition": [{
      "assigner": "https://example.edu/issuers/14",
      "assignee": "AllVerifiers",
      "target": "http://example.edu/credentials/3732",
      "action": ["Archival"]

Here, the "Terms of Use" explicitly prohibit the "Verifier" from saving the data that they present.

To me, Verifiable Credentials finally gives the consumer control over their data. In addition to features such as "Terms of Use", they also come with the ability to do selective disclosure and zero-knowledge-proofs. That is a topic for another blog soon!

Pravici has been hard at work putting this technology to use. Not only does our PocketCred product use Verifiable Credentials technology for digital certificates for the Covid-19 use case, we have also incorporated the technology into Pravici Tokenized Loyalty Points (TLP). Pravici TLP can use Verifiable Credentials to store customer PII data, protecting the customer data and respecting their privacy. Check out this blog post from Evernym on this topic as well as stay tuned for my upcoming session at Hyperledger Global Forum.