ResearchArk
ArkID

Credentials

Verifiable credentials in ArkID -- OID4VCI credential wallet for receiving and displaying credentials, and admin tools for issuing, revoking, and managing credential schemas.

ArkID includes a verifiable credentials system built on the OID4VCI (OpenID for Verifiable Credential Issuance) standard. This system allows researchers to receive, store, and present cryptographically verifiable credentials that attest to qualifications, affiliations, achievements, or other claims. Administrators can issue credentials, define schemas, and manage revocation.

Credential Wallet

The credential wallet at /wallet is your personal OID4VCI client for receiving and managing verifiable credentials. The wallet handles the full credential issuance flow:

Receiving a Credential

  1. Parse the offer -- When an issuer provides a credential offer, it arrives as a URI in the openid-credential-offer:// scheme. The wallet parses this URI to extract the issuer metadata and credential details.
  2. Exchange the authorization code -- The wallet exchanges the pre-authorized code included in the offer for an access token from the issuer's token endpoint.
  3. Request the credential -- Using the access token, the wallet requests the actual credential from the issuer's credential endpoint.
  4. Store and display -- The received credential is stored in your wallet and displayed with its claims, issuer information, and validity status.

Wallet Interface

The wallet displays all received credentials with their key attributes:

  • Credential type -- The schema or type of the credential (e.g., research affiliation, qualification)
  • Issuer -- The entity that issued the credential
  • Claims -- The specific assertions contained in the credential
  • Validity -- Current status including issuance date, expiration, and revocation status

Credential Administration

Administrators with the appropriate permissions can access the credential administration panel at /admin/vc. This interface provides tools for managing the full credential lifecycle:

Issuing Credentials

Administrators can issue new verifiable credentials to ArkID users. The issuance flow generates an openid-credential-offer:// URI that the recipient can open in their wallet to complete the exchange. Issued credentials are cryptographically signed and bound to the recipient's identity.

Schema Management

The admin panel provides access to credential schemas that define the structure and claims of each credential type. Schemas specify which fields a credential contains, their data types, and whether they are required or optional.

Revocation

Administrators can revoke previously issued credentials. Revocation is immediate -- once a credential is revoked, any verification check against it returns a revoked status. The admin panel shows the current revocation status of all issued credentials.

Status Checking

The admin panel includes a status verification tool for checking whether any credential is currently valid, expired, or revoked. This is useful for verifying credentials presented by researchers during review processes or institutional checks.

OID4VCI Protocol

ArkID's credential system implements the OID4VCI specification, which defines a standard protocol for issuing verifiable credentials using OAuth 2.0 authorization flows. Key aspects of the implementation:

  • Pre-authorized code flow -- Credentials are issued using pre-authorized codes, which simplifies the exchange by not requiring an interactive authorization step from the holder.
  • Credential offer URIs -- Issuers generate openid-credential-offer:// URIs that encode all the information the wallet needs to complete the issuance flow.
  • Token exchange -- The wallet exchanges the pre-authorized code for an access token at the issuer's token endpoint, then uses that token to request the credential.
  • Cryptographic binding -- Issued credentials are cryptographically signed, ensuring they cannot be tampered with and can be verified by any party that trusts the issuer.

Use Cases

Verifiable credentials in ArkID support several research identity scenarios:

  • Institutional affiliation -- Universities and research institutions can issue credentials attesting that a researcher is currently affiliated with them.
  • Qualification verification -- Degree-granting institutions can issue credentials for academic qualifications (PhD, postdoctoral appointments).
  • Project participation -- Project coordinators can issue credentials confirming a researcher's role in a funded project.
  • Reviewer status -- Funding agencies or journals can issue credentials confirming peer review activity.

These credentials travel with the researcher's ArkID profile and can be independently verified by any relying party without contacting the original issuer, as long as the issuer's public key is available.

Organizations

Register and manage organizations in ArkID -- ARKO identifiers, external identifier linking (ROR, Funder ID, PIC), member roles, and organizational public profiles.

Account Settings

Manage your account information, notifications, privacy controls, data retention, and appearance from the ResearchArk settings page.

On this page

Credential WalletReceiving a CredentialWallet InterfaceCredential AdministrationIssuing CredentialsSchema ManagementRevocationStatus CheckingOID4VCI ProtocolUse Cases