Identity credentials
W3C Verifiable Credentials are planned for a future release. Credential issuance is not currently available in the Company Portal. This page describes the planned functionality.
Identity credentials are cryptographically signed assertions that a party makes about itself, another company, or a specific product. Traceable implements the W3C Verifiable Credentials (VC) Data Model, which means credentials issued on Traceable are interoperable with any standards-compliant verification tooling, including those used by notified bodies, market surveillance authorities, and EU regulatory infrastructure.
What Are Verifiable Credentials?
A Verifiable Credential (VC) is a tamper-evident digital document containing:
- Issuer — the DID of the entity making the assertion (e.g., your company).
- Subject — the DID or identifier of the entity or product the assertion is about.
- Claims — the specific assertions being made (e.g., "this company holds a valid CE marking for product X").
- Proof — a cryptographic signature using the issuer's private key, allowing any recipient to verify the assertion is genuine and unaltered.
Because credentials are signed with the issuer's DID key, they cannot be forged or altered without invalidating the signature. Recipients do not need to contact Traceable to verify a credential — they can verify it independently using the issuer's published DID document.
Credential Types
Traceable supports the following credential types:
Company Registration Credential
Asserts that a company is registered, active, and holds the identity it claims in the Traceable platform. This credential is typically issued to a new supply chain partner after your team has completed due diligence on their registration documents.
Claims included: Company legal name, registration country, company registration number, DID, account activation date.
Product Compliance Credential
Asserts that a specific DPP meets the stated compliance requirements at the time of issuance. This is the credential to issue when you want to formally attest that a product has passed your internal conformity assessment process.
Claims included: DPP identifier, product name and model, chemistry type, compliance framework (e.g., EU Battery Regulation 2023/1542), conformity assessment date, issuing operator DID.
Supplier Verification Credential
Asserts that a supplier has been vetted by your organisation — for example, that you have reviewed their quality management system, audited their manufacturing data, or confirmed their compliance documentation is current.
Claims included: Supplier DID, supplier legal name, verification scope (e.g., "Cathode material supply chain audit"), verification date, validity period if specified, issuing operator DID.
Issuing a Credential
- Navigate to Identity in the left sidebar, then select the Credentials tab.
- Click Issue Credential.
- Select the credential type from the dropdown.
- Select the subject — for a Company Registration or Supplier Verification Credential, search for and select the target company. For a Product Compliance Credential, search for and select the DPP.
- Complete any additional fields specific to the credential type (e.g., verification scope, compliance framework).
- Click Review to see the full credential payload before signing.
- Click Issue and Sign to finalise. The credential is cryptographically signed with your company's DID private key and stored in Traceable.
Issued credentials appear in your Credentials list with their type, subject, issue date, and current status (Active, Revoked, or Expired).
Sharing a Credential
You can share an issued credential with any party who needs to verify it.
Export as JSON-LD
- Open the credential from the Credentials list.
- Click Export.
- Download the credential as a
.jsonldfile.
The exported file is a standards-compliant W3C Verifiable Credential. The recipient can verify it using any VC verification library without needing access to Traceable.
Shareable Verification Link
- Open the credential from the Credentials list.
- Click Copy verification link.
- Share the link with the recipient.
The link resolves to a public verification page showing the credential's claims and proof status. No Traceable account is required to view it.
Verifying a Credential You Received
If a partner or supplier sends you a credential — either as a JSON-LD file or a verification link — you can verify it within Traceable:
- Navigate to Identity → Credentials.
- Click Verify a credential.
- Either paste the verification link or upload the JSON-LD file.
- Traceable resolves the issuer's DID document, checks the cryptographic proof, and reports:
- Whether the signature is valid.
- Whether the credential has been revoked.
- Whether the credential has expired (if an expiry was set at issuance).
- The full claims payload for your review.
Verification results are logged in your account for audit purposes.
Revoking a Credential
If you need to retract an assertion — for example, if a supplier's verification status has lapsed or a product's compliance status has changed — you can revoke the credential:
- Open the credential from the Credentials list.
- Click Revoke Credential.
- Enter a revocation reason (this is logged but not publicly visible to third parties — the credential simply shows as revoked).
- Click Confirm Revocation.
Revocation is immediate. Any party who subsequently verifies the credential — whether via the verification link or by checking the issuer's DID-based revocation registry — will see that it is no longer valid. Previously exported JSON-LD files that are verified after revocation will also fail the revocation check.
Revocation cannot be undone. If you need to reassert the same claims after revocation, issue a new credential.
Credential Shelf Life
By default, credentials issued on Traceable do not expire. They remain valid until revoked.
If you want a credential to expire automatically, set an expiry date during issuance by toggling Set expiry date and selecting the date. After the expiry date, the credential will fail verification with a status of "Expired", even if it has not been explicitly revoked.
Setting an expiry date is recommended for:
- Supplier Verification Credentials, where the underlying audit has a defined validity window (e.g., 12 months).
- Product Compliance Credentials tied to a certification that is up for renewal.
- Any assertion that reflects a point-in-time status rather than a permanent one.
Credentials approaching expiry (within 30 days) appear with a warning badge in your Credentials list and trigger a notification if you have certificate expiry alerts configured in Notification Settings.