We provide more in depths introductions in the individual oid4vci and oid4vp/siopv2 pages

Background

The OpenID Foundation is extending the well-established OAuth2 and OpenID Connect ecosystem to support decentralized digital identity using Verifiable Credentials. Commonly referred to as OID4VC, this initiative encompasses three core specifications that provide standards for the issuance, presentation, and self-management of verifiable credentials. These specifications enable secure, interoperable, and privacy-preserving identity systems by building on the well-established OAuth2 concepts.

Overview of the Three Core Specifications

1. OID4VCI (OpenID for Verifiable Credential Issuance)

OID4VCI defines the protocols and flows for issuing verifiable credentials. By leveraging OAuth2 patterns—such as authorization flows and token issuance—it allows issuers to securely create, sign, and deliver credentials that a holder can later present and prove. Key aspects include:

  • Standardized Issuance Flows: Reusing familiar OAuth2 authorization and token endpoints to streamline the credential issuance process.
  • Secure Credential Creation: Ensuring that issued credentials are cryptographically signed and can be verified by relying parties.
  • Interoperability: Allowing different systems to work together seamlessly, using a common set of protocols.

2. OID4VP (OpenID for Verifiable Presentation)

OID4VP extends the OAuth2 and OpenID Connect concepts to the realm of credential presentation. It defines how a credential holder can present verifiable credentials to a verifier in a privacy-preserving manner. Important features include:

  • Selective Disclosure: Enabling the holder to reveal only the necessary attributes required for verification while keeping other details private.
  • Standardized Presentation Flows: Facilitating the exchange of credentials by defining clear request and response formats.
  • Enhanced Privacy: Supporting mechanisms that ensure the verifier only learns the information intended for disclosure.

3. SIOPv2 (Self-Issued OpenID Provider v2)

SIOPv2 empowers individuals to act as their own identity providers, supporting the self-sovereign identity paradigm. This specification extends OpenID Connect by allowing users to generate and manage their own authentication credentials without relying on a centralized authority. Key points include:

  • Decentralized Identity: Users can manage their own authentication credentials, maintaining full control over their identity data.
  • Pseudonymous authentication: SIOPv2 itself does not use Verifiable Credentials. It is geared towards pseudonymous authentication. If verifiable credentials are needed it can be used together with OID4VP.
  • Building on OAuth2: Utilizing familiar OAuth2 flows for authentication and token handling, but tailored for self-issued identity scenarios.

Relevant Links

Demo agent setupIntroduction