IRMA attributes



An attribute is the smallest unit in the IRMA system. It is a small piece of information like a telephone number or birth date that can be independently disclosed.


A credential is a bundle of attributes with a fixed structure and a cryptographic signature to verify its authenticity. During disclosure, the whole credential is disclosed but non-disclosed attributes are cryptographically blacked out without invalidating the signature. This is one of the key benefits of the IRMA system. The structure of credentials is described in a scheme.

You could compare a credential to a class instance in object oriented programming or to a struct instance in C. Its member variables would then be the credential's attributes. The structure of the credential described in the scheme would then be the class or struct definition.


An issuer is an organization that gives out credentials (containing attributes) after some form of verification. The Privacy by Design Foundation issues a few basic credentials but it is expected other organizations will issue their own credentials soon.


A scheme describes all issuers, all credentials, as well as attributes it contains. (Additionally, it contains the IRMA public keys of the issuers against which their attributes can be verified.) An example of a scheme is the Privacy by Design Foundation scheme.

Disclosure process

You can read more about the disclosure process in the technical documentation.


An identifier uniquely identifies an attribute type, credential type, issuer, or scheme. Examples are pbdf.gemeente.personalData.over18 which is the Over 18 attribute, which is the email credential, or pbdf.pbdf which is the Privacy by Design Foundation issuer.

Singleton credentials

Of some credentials, the IRMA app is allowed to possess at most one instance of it simultaneously. This is enabled for credentials for which it does not make sense for one person to have more than one instance. An example is the pbdf.gemeente.personalData credential: a person can have only one name. A non-example is the credential: a person can have many email addresses.


For some credentials, the issuer may have the ability to revoke them after issuance if it finds that the credential contents are no longer correct or appropriated. For example address attributes after you moved, or driver's license attributes corresponding to a driver's license which has been revoked. For more details, see the technical documentation on revocation.

XML source

Each page of this index is an automatically generated human-readable view on an XML file within a scheme. Each page include a link to the XML file from which it was generated.

For a more comprehensive introduction of these entities and their role in the IRMA infrastructure, see the technical documentation.