Skip to content

Verifiable Credentials — VC 2.0 / Open Badges 3.0

Standards: W3C VC 2.0 (May 2025 Recommendation), 1EdTech Open Badges 3.0

This page documents the credential formats Bukti accepts as evidence and the credential format Bukti will issue once the issuance pipeline ships.

Incoming credentials

Bukti accepts Open Badges 3.0 credentials as credential_badge VOIs. OB 3.0 is defined by 1EdTech as a profile of W3C Verifiable Credentials 2.0, so all incoming OB 3.0 badges are structured as VC 2.0 JSON-LD documents.

What Bukti verifies today:

  • Presence of a valid proof block using eddsa-rdfc-2022 or ecdsa-sd-2023 cryptosuites.
  • Credential subject DID binding: the credentialSubject.id field is matched against the entity's registered identity bindings.
  • Issuer presence in the known-issuer registry.
  • Bitstring Status List check (when credentialStatus is present and points to a status list the system has fetched).
  • alignment property resolution: the credential's alignment URIs (O*NET, ESCO, national framework) are resolved to Bukti capability nodes via the crosswalk resolver.

Caveat: Full cryptographic signature verification against the issuer's DID document is in progress. Today the system accepts OB 3.0 credentials on database integrity and logs a warning for unverified signatures. Full DID-document resolution and signature verification, plus Sigstore-based behavioral-artifact signing verification, are on the near-term roadmap. See limitations.md.

Bukti-issued EndorsementCredentials (planned)

Once the issuance pipeline ships, Bukti will become a VC 2.0 issuer. When a Bukti-internal attestation flow completes for an entity-capability pair (after scoring clears the Attested or Verified threshold), Bukti will issue a signed EndorsementCredential using the W3C VC 2.0 EndorsementCredential type.

JSON-LD shape

json { "@context": [ "https://www.w3.org/ns/credentials/v2", "https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json", "https://bukti.ai/credentials/v1" ], "type": ["VerifiableCredential", "EndorsementCredential"], "id": "https://bukti.ai/credentials/{credential_id}", "issuer": { "id": "did:web:bukti.ai", "name": "Bukti", "url": "https://bukti.ai" }, "issuanceDate": "2026-04-28T12:00:00Z", "credentialSubject": { "id": "{entity_did}", "endorsementComment": "Bukti attests to demonstrated capability in {capability_label} based on {n_effective} effective evidence observations (substantive median {median}, CI [{ci_low_80}, {ci_high_80}]).", "claim": { "id": "https://bukti.ai/capabilities/{capability_id}", "type": "Capability", "name": "{capability_label}", "substantive_median": 0.82, "identity_grade": "I3", "tier": "Verified", "tier_rationale": "...", "seeAlso": ["http://www.onetcenter.org/taxonomy#...", "https://esco.ec.europa.eu/en/classification/skill_uuid/..."] } }, "credentialStatus": { "id": "https://bukti.ai/status/{list_id}#{credential_index}", "type": "BitstringStatusListEntry", "statusPurpose": "revocation", "statusListIndex": 42, "statusListCredential": "https://bukti.ai/status/{list_id}" }, "proof": { "type": "DataIntegrityProof", "cryptosuite": "eddsa-rdfc-2022", "verificationMethod": "did:web:bukti.ai#key-1", "proofPurpose": "assertionMethod", "proofValue": "..." } }

Status List integration

Bukti will maintain a Bitstring Status List (W3C Bitstring Status List v1.0, ~16KB per 131,072 credentials) with statusPurpose: "revocation". When a VOI that was load-bearing for an issued credential is subsequently contradicted and confirmed false, Bukti will set the bit at the credential's statusListIndex. The status list is served at a stable URL and is fetchable by any verifier.

The minimum-length mandate (131,072 entries per list) is respected for herd privacy: small lists let issuers correlate verifier requests to individual credentials. New lists are issued when the current list is more than 80% utilized.