Credential Models
A detailed look at the different types of verifiable credentials used in MCP-I
Credential Models
Credential Flexibility
MCP-I supports multiple credential models to accommodate different security requirements, use cases, and enterprise needs while maintaining core verification principles.
Overview of Credentials in MCP-I
MCP-I uses W3C Verifiable Credentials (VCs) as the standard format for expressing claims about identity and delegation. The specification defines several credential models to address different requirements:
- Standard Delegation Credential: The core credential type for basic delegation
- Chained Delegation Credential: For multi-level delegation scenarios
- Enhanced Credential: For Level 3 implementations with additional security features
- Legacy Compatibility Credential: For interoperability with existing systems
Each model shares core properties while adding specific features for its intended use case.
Standard Delegation Credential
The Standard Delegation Credential is the foundation of MCP-I's delegation model, representing a direct authorization from a principal to an agent.
Structure
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://mcp-i.org/credentials/v1"
],
"id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
"type": ["VerifiableCredential", "DelegationCredential"],
"issuer": "did:example:principal123",
"issuanceDate": "2025-01-01T19:23:24Z",
"expirationDate": "2025-12-31T23:59:59Z",
"credentialSubject": {
"id": "did:example:agent456",
"scope": ["read:data", "write:calendar"],
"constraints": {
"environment": "production"
}
},
"credentialStatus": {
"id": "https://example.com/status/123",
"type": "StatusList2021Entry",
"statusPurpose": "revocation",
"statusListIndex": "94"
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2025-01-01T19:23:24Z",
"verificationMethod": "did:example:principal123#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z43BsK5Fu9Sdw7tF1JwPnBtYu..."
}
}
Key Properties
- id: Unique identifier for the credential (optional but recommended)
- type: Must include both "VerifiableCredential" and "DelegationCredential"
- scope: Array of permissions following the action:resource format
- constraints: Optional conditions that further restrict the delegation
Standard Model Usage
The Standard Delegation Credential is suitable for most MCP-I implementations and is the minimum requirement for Level 1 conformance.
Chained Delegation Credential
The Chained Delegation Credential model supports scenarios where delegation flows through multiple entities. This model is essential for complex workflows where intermediary agents need to further delegate authority.
Structure
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://mcp-i.org/credentials/v1"
],
"id": "urn:uuid:9b37c28d-a7c2-4e5f-8d9a-1b2c3d4e5f6a",
"type": ["VerifiableCredential", "ChainedDelegationCredential"],
"issuer": "did:example:agentA",
"issuanceDate": "2025-02-15T10:15:30Z",
"expirationDate": "2025-06-30T23:59:59Z",
"credentialSubject": {
"id": "did:example:agentB",
"scope": ["read:data"],
"constraints": {
"environment": "testing"
}
},
"credentialStatus": {
"id": "https://example.com/status/456",
"type": "StatusList2021Entry",
"statusPurpose": "revocation",
"statusListIndex": "42"
},
"parentCredential": {
"id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
"type": ["VerifiableCredential", "DelegationCredential"],
"issuer": "did:example:principal123",
"issuanceDate": "2025-01-01T19:23:24Z",
"expirationDate": "2025-12-31T23:59:59Z",
"credentialSubject": {
"id": "did:example:agentA",
"scope": ["read:data", "write:calendar"]
},
"proof": {
"type": "Ed25519Signature2020",
"verificationMethod": "did:example:principal123#key-1",
"proofValue": "z43BsK5Fu9Sdw7tF1JwPnBtYu..."
}
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2025-02-15T10:15:30Z",
"verificationMethod": "did:example:agentA#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z82Kn2d7a9FjHnPoQ5..."
}
}
Key Properties
- type: Includes "ChainedDelegationCredential" to indicate delegation chain
- parentCredential: The credential that authorizes the issuer to delegate
- scope: Must be a subset of the parent credential's scope
Validation Requirements
When verifying a chained delegation, the entire chain must be validated recursively, ensuring each delegation's scope is a proper subset of its parent and no credential in the chain is expired or revoked.
Enhanced Credential
For Level 3 implementations, MCP-I defines the Enhanced Credential model with additional security and privacy features.
Structure
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://mcp-i.org/credentials/v1",
"https://w3id.org/security/bbs/v1"
],
"id": "urn:uuid:5f1c8a2e-3d7b-4c6a-9f2d-8e7b6c5d4e3f",
"type": ["VerifiableCredential", "EnhancedDelegationCredential"],
"issuer": "did:example:principal123",
"issuanceDate": "2025-03-10T08:30:15Z",
"expirationDate": "2025-09-10T23:59:59Z",
"credentialSubject": {
"id": "did:example:agent789",
"scope": ["read:data", "write:calendar", "admin:settings"],
"constraints": {
"environment": "production",
"networkSegment": "internal",
"geoFence": {
"type": "Polygon",
"coordinates": [[[longitude, latitude], ... ]]
},
"timeWindow": {
"daysOfWeek": [1, 2, 3, 4, 5],
"hoursOfDay": [8, 17]
}
}
},
"credentialStatus": {
"id": "https://example.com/status/789",
"type": "StatusList2021Entry",
"statusPurpose": "revocation",
"statusListIndex": "128"
},
"termsOfUse": [
{
"type": "DelegationPolicy",
"prohibition": [
{
"purpose": ["Marketing", "DataSelling"]
}
]
}
],
"auditTrail": {
"hash": "sha256-8a9d8edf2175b0f2641a94d7as87f2afd847a",
"logUrl": "https://audit.example.com/logs/credential789"
},
"proof": {
"type": "BbsBlsSignature2020",
"created": "2025-03-10T08:30:15Z",
"verificationMethod": "did:example:principal123#key-2",
"proofPurpose": "assertionMethod",
"proofValue": "kTJVP7+H8z7F..."
}
}
Key Features
- Advanced Constraint Models: Supports complex constraints like geofencing and time windows
- Terms of Use: Explicit delegation policies
- Selective Disclosure Proofs: Using BBS+ signatures for zero-knowledge proofs
- Audit Trail: Explicit links to immutable audit logs
- Enhanced Crypto: Support for advanced cryptographic suites
Enterprise Integration
The Enhanced Credential model is particularly well-suited for enterprise environments with complex security policies, regulatory requirements, and integration with existing IAM systems.
Legacy Compatibility Credential
To facilitate integration with existing identity systems, MCP-I provides a Legacy Compatibility Credential model for Level 1 implementations.
Structure
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://mcp-i.org/credentials/v1"
],
"id": "urn:uuid:1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p",
"type": ["VerifiableCredential", "LegacyDelegationCredential"],
"issuer": "did:example:idp456",
"issuanceDate": "2025-04-20T14:25:10Z",
"expirationDate": "2025-05-20T23:59:59Z",
"credentialSubject": {
"id": "did:example:agent101112",
"scope": ["read:profile", "read:email"],
"legacyIdentifier": {
"type": "OAuth2Subject",
"value": "user123@example.com",
"issuer": "https://auth.example.com"
}
},
"mappings": {
"oauth": {
"clientId": "client123",
"scopes": ["profile", "email.read"]
}
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2025-04-20T14:25:10Z",
"verificationMethod": "did:example:idp456#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "zWaF5d8w93jWm..."
}
}
Key Features
- Legacy Identifier: Maps to existing identity systems like OAuth, OIDC, or LDAP
- Mappings: Explicit mappings between MCP-I scopes and legacy authorization models
- Limited Lifetime: Typically shorter expiration to manage security risk
Security Considerations
Legacy Compatibility Credentials offer reduced security guarantees compared to standard MCP-I credentials and should only be used during transition periods or for Level 1 implementations. Plan to migrate to full DID-based credentials for Level 2 and 3 conformance.
Credential Format Registry
MCP-I maintains a registry of recognized credential formats at https://knowthat.ai/registry/credential-types. When creating credentials, reference this registry for the latest context definitions and type identifiers.
The registry includes:
- Canonical context URLs
- Registered credential types
- Required and optional fields for each type
- Approved cryptographic suites
Credential Selection Guidelines
When choosing a credential model for your implementation, consider:
Credential Type | Use Case | Conformance Level | Security Level |
---|---|---|---|
Standard Delegation | Direct agent authorization | Level 1+ | Moderate to High |
Chained Delegation | Multi-level delegation | Level 2+ | Moderate to High |
Enhanced | Complex enterprise scenarios | Level 3 | Very High |
Legacy Compatibility | Integration with existing systems | Level 1 only | Basic |
Implementation Flexibility
MCP-I allows for custom credential models as long as they include all required fields and can be verified according to the MCP-I verification protocol. Custom models should be registered with the credential registry for broader interoperability.
Implementation Examples
Creating a Standard Delegation Credential
import { createCredential } from "@mcp-i/credentials";
// Example function to create a standard delegation credential
async function createStandardDelegation(issuerDid, agentDid, scopes) {
return await createCredential({
type: "DelegationCredential",
issuer: issuerDid,
subject: agentDid,
scope: scopes,
expiresIn: "90d", // 90 days
constraints: {
environment: "production",
},
});
}
// Usage
const credential = await createStandardDelegation(
"did:web:issuer.example.com",
"did:key:z6MkhaSG3...",
["read:email", "write:calendar"]
);
Creating a Chained Delegation
import { createChainedDelegation } from "@mcp-i/credentials";
// Example function to create a chained delegation
async function delegateToSubAgent(parentCredential, subAgentDid, subsetScopes) {
return await createChainedDelegation({
parentCredential,
subject: subAgentDid,
scope: subsetScopes,
expiresIn: "30d", // Must be <= parent expiration
});
}
// Usage
const chainedCredential = await delegateToSubAgent(
originalCredential,
"did:key:z6MkhZgT8...",
["read:email"] // Subset of parent scopes
);
Next Steps
- Explore the Delegation Flow to understand how these credentials are created and exchanged
- Learn about Verification Protocol to see how different credential types are verified