One to Bind Them: Binding Verifiable Credentials to User Attributes

The Self-Sovereign Identity ecosystem is defined by its flexibility and heterogeneity. While this can be an advantage for users, as they can freely choose their identifiers and attribute providers, it also bears risks. When credentials are being issued, issuers often rely on other previously issued attributes to base their issuance decision on, either personal identifiable information or attestations of requirements. In this paper, we propose two approaches for binding such user attributes in a privacy-preserving way to credentials to prevent fraudulent usage by unauthorised users and enable further auditability of credential requirements and ownership. We propose a selective disclosure-based approach relying on BBS+ signatures. However, as the usage of BBS+ signatures is not yet widespread, we also propose an approach that does not rely on selective disclosure and instead utilises cryptographic accumulators to bind user attributes to the issued credentials.