XRPL Credentials & On-Chain Identity
The Credentials amendment (XLS-70) adds native identity verification to the XRP Ledger. Prove you are KYC-verified without exposing personal documents on-chain.
The Problem
Regulated institutions need to know who they are trading with. Traditional DeFi solves this by either ignoring compliance (limiting institutional adoption) or requiring off-chain KYC that does not travel between platforms (requiring re-verification everywhere).
The XRPL solves this at the protocol level. A single credential, issued by a trusted verifier and recorded on-chain, can be checked by any counterparty — without the underlying personal data ever touching the blockchain.
How Credentials Work
Personal documents never stored on-chain
Key Properties
- Privacy-preserving — only a signed attestation is on-chain, not the underlying identity documents
- Reusable — one credential works across multiple counterparties and platforms
- Revocable — issuers can delete credentials when they expire or are no longer valid
- User-accepted — credentials require explicit acceptance by the holder (no spam credentials)
- Protocol-native — no smart contracts, no oracles, no external dependencies
Transaction Types
| Transaction | Who | Purpose |
|---|---|---|
| CredentialCreate | Issuer | Issue a credential to a subject account |
| CredentialAccept | Subject | Accept the credential (makes it active) |
| CredentialDelete | Issuer or Subject | Revoke or remove the credential |
Credentials + Permissioned DEX
Credentials are the identity layer that powers the Permissioned DEX (XLS-81). A permissioned domain specifies which credential issuers it trusts. Only accounts holding valid credentials from those issuers can trade in that domain.
This enables regulated institutional trading on the same ledger as the open DEX — without fragmenting liquidity across separate blockchains or requiring separate infrastructure.
Decentralized Identifiers (DIDs)
The XRPL also supports Decentralized Identifiers (DIDs) — W3C-standard self-sovereign identity anchors. A DID on the XRPL is a ledger object that points to off-chain identity documents. Credentials can be attached to DIDs, creating a complete identity framework.
Together, DIDs and Credentials give the XRP Ledger an identity stack that rivals enterprise-grade identity systems — but fully decentralized and controlled by the user.
What This Means for Traders
- The open DEX remains fully permissionless — credentials are optional and only required for permissioned domains
- Institutional participation increases overall liquidity, which benefits all traders
- One-time KYC that works across multiple platforms reduces friction
- Enables compliant stablecoin and RWA trading without separate chains or walled gardens