Frequently Asked Questions
Everything you need to know about verifiable credentials, eIDAS 2.0, and how Tessera works.
What is a verifiable credential?
A verifiable credential is a digital attestation — such as a certificate, license, or identity document — that is cryptographically signed by an issuer and can be verified instantly by anyone. Unlike a PDF or paper document, a verifiable credential cannot be forged, and the holder controls what information to share.
What credential formats does Tessera support?
Tessera supports three credential formats: SD-JWT (Selective Disclosure JSON Web Token) for selective disclosure use cases like attestations and certificates, JWT-VC (JSON Web Token Verifiable Credential) following the W3C Verifiable Credentials Data Model 2.0 for full documents like diplomas, and ISO 18013-5 mDoc for mobile-first credentials like driving licenses and age verification.
What is OpenID4VCI?
OpenID for Verifiable Credential Issuance (OpenID4VCI) is the standard protocol for issuing verifiable credentials to digital wallets. It defines how an issuer authenticates the holder, creates the credential, and delivers it securely to the wallet. Tessera implements OpenID4VCI with both authorization code and pre-authorized code flows.
What is OpenID4VP?
OpenID for Verifiable Presentations (OpenID4VP) is the standard protocol for requesting and verifying credentials from a digital wallet. A verifier sends a request specifying which claims are needed, the holder approves the disclosure, and the verifier receives a cryptographic proof. Tessera uses JWT Authorization Requests (JAR) with DCQL queries for precise claim selection.
Is Tessera compliant with eIDAS 2.0?
Yes. Tessera's infrastructure is designed from the ground up for eIDAS 2.0 compliance. We implement the protocols and credential formats specified in the Architecture Reference Framework (ARF): OpenID4VCI for issuance, OpenID4VP for verification, SD-JWT and mDoc credential formats, and x509_san_dns for verifier authentication. See our eIDAS 2.0 compliance page for a detailed mapping.
What is the EU Digital Identity Wallet?
The EU Digital Identity Wallet (EUDI Wallet) is a digital wallet mandated by eIDAS 2.0 that every EU citizen and resident will be able to use to store and present verifiable credentials. By late 2026, EU member states must offer EUDI Wallets, and designated organizations must accept them. Tessera provides the issuer and verifier infrastructure that integrates with these wallets.
How does the EU Age Gate work?
The EU Age Gate is a Shopify app that verifies customer age using the EU Digital Identity Wallet. When a customer visits an age-restricted product page, they tap 'Verify Age', their EUDI Wallet presents a cryptographic proof that they are 18 or older (using the eu.europa.ec.av.1 mDoc credential), and the verification completes in under 3 seconds. No personal data — not even a birthdate — is collected or stored.
What is selective disclosure?
Selective disclosure allows a credential holder to share only specific claims from a credential, rather than the entire document. For example, a holder can prove they are over 18 without revealing their exact birthdate, or confirm their professional qualification without sharing their home address. Tessera supports selective disclosure through the SD-JWT credential format.
Where is Tessera's infrastructure hosted?
Tessera's infrastructure is hosted in Europe. All credential data, cryptographic keys, and audit logs remain within EU jurisdiction. We do not transfer data outside the EEA. Our infrastructure runs on dedicated servers with encrypted storage, isolated Docker containers, and TLS 1.3 for all API connections.
Can Tessera integrate with our existing identity provider?
Yes. Tessera translates EU Digital Identity Wallet presentations into standard OIDC tokens, so you can integrate wallet-based authentication with your existing Keycloak, Azure AD, Okta, or other OIDC-compatible identity provider without changing your application's authentication flow.
What industries does Tessera serve?
Tessera serves organizations across Construction & Safety (VCA certificates, site access credentials), Banking & KYC (identity verification, AML compliance), HR & Workforce (employment credentials, professional certifications), Identity & Access (organizational identity management), Verified Reviews (cryptographically verified product reviews), and AI Agent Identity (machine-readable credentials for AI systems).
How do I get started with Tessera?
Contact us at hello@tsera.io to discuss your use case. We will help you define your credential schema, configure verification policies, and set up a pilot environment. For the EU Age Gate Shopify app, you can install directly from the Shopify App Store.
Still have questions?
We are happy to help. Reach out and we will get back to you within one business day.
hello@tsera.io