achievement XRPL.org
Join the Channel discord discord

Key takeaway:

Verifiable credentials (VCs) add a trusted layer of identity claims to decentralized identifiers, enabling secure, private, and scalable verification – especially powerful when anchored to fast, immutable blockchains like the XRP Ledger.

Lesson 1

Verifiable Credentials and the Trust Model

Adding proof and privacy to decentralized identity.

Decentralized Identifiers (DIDs) give individuals control over their digital identities, but on their own, DIDs only prove control of a cryptographic key. For example, a DID might confirm you’re the rightful controller of a private key, but it doesn’t say who you are, whether you’ve passed Know Your Customer (KYC) checks, or if a bank has verified you. 

This is where Verifiable Credentials (VCs) come in.

VCs are digital, cryptographically signed claims such as “KYC Verified,” “Over 18,” or “University Graduate.” These claims are created by trusted entities and shared securely by individuals. They’re the trust layer for decentralized identity.

The XRP Ledger (XRPL) provides a tamper-proof, high-speed foundation for verifying these credentials, making it ideal for high-volume, privacy-conscious financial applications.

Roles in the Verifiable Credential Ecosystem

The VC model works because it mirrors how we prove identity in the real world. A key difference is that they are now possible digitally, with stronger privacy and control, as well as more use cases.

There are three key roles in the ecosystem:

  • Issuer: A trusted entity (like a financial institution, school, or government) that creates and cryptographically signs a credential.
  • Holder: The person or organization who receives and stores the VC.
  • Verifier: A third party (like a DeFi platform or employer) that requests proof and verifies the VC’s authenticity.

On the XRPL, this might work as follows: A bank (Issuer) issues a “KYC Verified” VC to your XRPL-based DID (Holder). It’s then presented to a lending platform (Verifier) to apply for a loan, while potentially sensitive data is kept private.

Note: Even though the industry-standard terminology is “issuer / holder / verifier,” it helps to understand how these roles play out in practice, as there is some potentially confusing overlap of some key terms here:

  • Before issuance: A bank (the issuer) still performs its normal checks (such as reviewing your photo ID or documents) to confirm your identity. Only after this real-world verification does it issue the “KYC Verified” credential to your DID.
  • During verification: When you later apply for a loan, the verifier doesn’t re-run your entire identity check. Instead, they simply confirm that your credential is valid, unrevoked, and signed by a trusted issuer. In other words, they verify the credential, not your full identity again.

Because XRPL offers low-cost, near-instant transactions, this verification process can happen in real time, even at scale.

 

Let’s walk through the lifecycle of a verifiable credential:

  • Issuance: A trusted Issuer (e.g., a bank) creates a credential (e.g., “KYC Verified”) and signs it (once they’re satisfied that everything is in order via their own internal processes) using their private key.
  • Storage: The Holder stores the VC in a secure wallet (often off-chain) or using a decentralized storage solution with an anchor or reference on the XRPL. (Note that blockchains are optimized for verification, not for file storage. Decentralized storage systems like IPFS and Arweave keep credentials accessible and tamper-proof while keeping the XRPL lean and private.)
  • Verification: A Verifier requests proof of the VC. The Holder selectively discloses only the required claim. The Verifier checks the digital signature and matches the credential to the Issuer’s DID using XRPL’s immutable ledger.

Think of it like showing your government ID at a bank, except now it’s cryptographically secured, privacy-preserving, and available across decentralized applications. XRPL’s XLS-70 specification makes this real by enabling on-ledger credential references and tamper-proof storage anchors.

This is a good place to note that the W3C data model explicitly includes the concept of revocation of a granted VC. For example, if someone were to obtain a “KYC Verified” VC via some false pretense (e.g, a fake ID) that is later discovered, the bank could actually revoke said credential.

One of the biggest benefits of verifiable credentials is privacy-preserving verification. Instead of sharing your full ID or a database entry, you can share just the proof you need, like “Over 18” or “KYC Verified”, without exposing personal details.

This is done through selective disclosure, where only specific parts of a VC are shared. Some systems go even further, using techniques that allow you to prove something is true (like being over 18) without revealing the underlying data (e.g. date of birth). These are called zero-knowledge proofs and are beyond the scope of this lesson. 

These methods reduce data leaks, prevent unnecessary surveillance, and empower users to control what they share and with whom.

All of these verifications can be complex to confirm, which is why the XRPL’s speed and efficiency make various use cases practical in everyday, high-frequency settings like DeFi trading or access control.

Trust Without Central Gatekeepers

Instead of relying on a platform to vouch for your identity, you rely on a network of verifiable claims issued by trusted entities. Anyone with access to the public keys and ledger entries can instantly verify these credentials themselves.

On the XRPL, this mirrors the concept of trustlines: a mechanism for managing relationships and permissions in asset transfers. Just as trustlines reflect financial trust, verifiable credentials reflect identity trust.

Standards like XLS-80 (Permissioned Domains) and XLS-81 (Permissioned DEX) build on this by requiring credentials to enforce KYC/AML compliance, without central control.

It’s like a passport that works anywhere, but is issued and verified on your terms.

The Future of Identity is Verifiable and Decentralized

Verifiable credentials are transforming how we build trust online. They allow individuals to carry secure, portable proof of qualifications, verifications, and rights, without surrendering control.

Combined with decentralized identifiers and supported by fast, reliable blockchains like XRPL, VCs enable a future where digital identity is flexible, privacy-preserving, and interoperable.

Whether it’s proving you’ve passed KYC, joining a DAO, or accessing tokenized services, verifiable credentials are the missing trust layer in decentralized ecosystems.

A major roadblock to date has been that the digital infrastructure to enable all of this hasn’t existed. This is why the XRPL’s infrastructure (anchored by standards like XLS-70, XLS-80, and XLS-81) has caught the attention of leading institutions and consumers globally.

 

END OF LESSON

Here's a quiz to test your knowledge on verifiable credentials and the trust model!

Welcome to your Verifiable Credentials and the Trust Model

Why are Verifiable Credentials important for DIDs?
Who are the three core actors in the VC ecosystem?
What is selective disclosure in the context of VCs?
How does XRPL support VC verification?