Struct Credential 

pub struct Credential {
    pub version: CredentialVersion,
    pub issuer_schema_id: u64,
    pub sub: u64,
    pub genesis_issued_at: u64,
    pub expires_at: u64,
    pub claims: Vec<FieldElement>,
    pub associated_data_hash: FieldElement,
    pub signature: Option<EdDSASignature>,
    pub issuer: EdDSAPublicKey,
}

Base representation of a Credential in the World ID Protocol.

A credential is generally a verifiable digital statement about a subject. It is the canonical object: everything a verifier needs for proofs and authorization.

In the case of World ID these statements are about humans, with the most common credentials being Orb verification or document verification.

Design Principles:

• A credential clearly separates:
  • Assertion (the claim being made)
  • Issuer (who attests to it / vouches for it)
  • Subject (who it is about)
  • Presenter binding (who can present it)
• Credentials are usable across authenticators without leaking correlate-able identifiers to RPs.
• Revocation, expiry, and re-issuance are first-class lifecycle properties.
• Flexibility: credentials may take different formats but share common metadata (validity, issuer, trust, type).

All credentials have an issuer and schema, identified with the issuer_schema_id field. This identifier is registered in the CredentialSchemaIssuerRegistry contract. It represents a particular schema issued by a particular issuer. Some schemas are intended to be global (e.g. representing an ICAO-compliant passport) and some issuer-specific. Schemas should be registered in the CredentialSchemaIssuerRegistry contract and should be publicly accessible.

We want to encourage schemas to be widely distributed and adopted. If everyone uses the same passport schema, for example, the Protocol will have better interoperability across passport credential issuers, reducing the burden on holders (to make sense of which passport they have), and similarly, RPs.

Fields

version: CredentialVersion

Version representation of this structure

issuer_schema_id: u64

Unique credential type id that is used to lookup of verifying information

sub: u64

The subject (World ID) to which the credential is issued.

This ID comes from the AccountRegistry and it’s the leaf_index of the World ID on the Merkle tree.

genesis_issued_at: u64

Timestamp of first issuance of this credential (unix seconds), i.e. this represents when the holder first obtained the credential. Even if the credential has been issued multiple times (e.g. because of a renewal), this timestamp should stay constant.

expires_at: u64

Expiration timestamp (unix seconds)

claims: Vec<FieldElement>

These are concrete statements that the issuer attests about the receiver. Could be just commitments to data (e.g. passport image) or the value directly (e.g. date of birth)

associated_data_hash: FieldElement

If needed, can be used as commitment to the underlying data. This can be useful to tie multiple proofs about the same data together.

signature: Option<EdDSASignature>

The signature of the credential (signed by the issuer’s key)

issuer: EdDSAPublicKey

The issuer’s public key of the credential.

Implementations

impl Credential

pub const MAX_CLAIMS: usize = 16usize

The maximum number of claims that can be included in a credential.

pub fn new() -> Credential

Initializes a new credential.

Note default fields occupy a sentinel value of BaseField::zero()

pub const fn version(self, version: CredentialVersion) -> Credential

Set the version of the credential.

pub const fn issuer_schema_id(self, issuer_schema_id: u64) -> Credential

Set the issuerSchemaId of the credential.

pub const fn sub(self, sub: u64) -> Credential

Set the sub of the credential.

pub const fn genesis_issued_at(self, genesis_issued_at: u64) -> Credential

Set the genesis issued at of the credential.

pub const fn expires_at(self, expires_at: u64) -> Credential

Set the expires at of the credential.

pub fn claim( self, index: usize, claim: Uint<256, 4>, ) -> Result<Credential, PrimitiveError>

Set a claim for the credential at an index.

Errors

Will error if the index is out of bounds.

pub fn associated_data_hash( self, associated_data_hash: Uint<256, 4>, ) -> Result<Credential, PrimitiveError>

Set the associated data hash of the credential.

Errors

Will error if the provided hash cannot be lowered into the field.

pub fn get_cred_ds(&self) -> FieldElement

Get the credential domain separator for the given version.

Trait Implementations

impl Clone for Credential

fn clone(&self) -> Credential

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Credential

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for Credential

fn default() -> Credential

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Credential

fn deserialize<__D>( __deserializer: __D, ) -> Result<Credential, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl HashableCredential for Credential

fn claims_hash(&self) -> Result<FieldElement, Error>

Get the claims hash of the credential.

fn hash(&self) -> Result<FieldElement, Error>

The hash is signed by the issuer to provide authenticity for the credential.

fn verify_signature( &self, expected_issuer_pubkey: &EdDSAPublicKey, ) -> Result<bool, Error>

Verify the signature of the credential against the issuer public key and expected hash.

impl Serialize for Credential

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.