Credential Models
A detailed look at the different types of verifiable credentials used in MCP-I
Credential Flexibility
MCP-I supports multiple credential models to accommodate different security requirements, use cases, and enterprise needs while maintaining core verification principles.
Credentials
MCP-I uses W3C Verifiable Credentials (VCs) as the standard format for expressing claims about identity and delegation. The specification defines several credential models to address different requirements:
- Standard Delegation Credential: The core credential type for basic delegation
- Chained Delegation Credential: For multi-level delegation scenarios
- Enhanced Credential: For Level 3 implementations with additional security features
- Legacy Compatibility Credential: For interoperability with existing systems
Each model shares core properties while adding specific features for its intended use case.
Credential Selection Guidelines
When choosing a credential model for your implementation, consider:
| Credential Type | Use Case | Conformance Level | Security Level |
|---|---|---|---|
| Standard Delegation | Direct agent authorization | Level 1+ | Moderate to High |
| Chained Delegation | Multi-level delegation | Level 2+ | Moderate to High |
| Enhanced | Complex enterprise scenarios | Level 3 | Very High |
| Legacy Compatibility | Integration with existing systems | Level 1 only | Basic |
Implementation Flexibility
MCP-I allows for custom credential models as long as they include all required fields and can be verified according to the MCP-I verification protocol. Custom models should be registered with the credential registry for broader interoperability.
Implementation Examples
Creating a Standard Delegation Credential
import { createCredential } from "@mcp-i/credentials";
// Example function to create a standard delegation credential
async function createStandardDelegation(issuerDid, agentDid, scopes) {
return await createCredential({
type: "DelegationCredential",
issuer: issuerDid,
subject: agentDid,
scope: scopes,
expiresIn: "90d", // 90 days
constraints: {
environment: "production",
},
});
}
// Usage
const credential = await createStandardDelegation(
"did:web:issuer.example.com",
"did:key:z6MkhaSG3...",
["read:email", "write:calendar"]
);
Creating a Chained Delegation
import { createChainedDelegation } from "@mcp-i/credentials";
// Example function to create a chained delegation
async function delegateToSubAgent(parentCredential, subAgentDid, subsetScopes) {
return await createChainedDelegation({
parentCredential,
subject: subAgentDid,
scope: subsetScopes,
expiresIn: "30d", // Must be <= parent expiration
});
}
// Usage
const chainedCredential = await delegateToSubAgent(
originalCredential,
"did:key:z6MkhZgT8...",
["read:email"] // Subset of parent scopes
);
Credential Structures
- Standard Credential - Credential for direct agent authorization
- Chained Credential - Credential for multi-level delegation
- Enhanced Credential - Level 3 credential for complex enterprise scenarios
- Legacy Credential - Level 1 credential for integration with existing systems