Where Sorcha sits in the field.
There are good, capable tools for issuing and verifying credentials. The honest difference with Sorcha is two things together: it is fully open and self-hostable, and it orchestrates the multi-party workflow around the credentials — not just the issue-and-verify step. Most tools do one or the other.
The two things to weigh
- Credentials and the workflow. Sorcha issues and verifies credentials and runs the signed, multi-party process around them — participants, routing, disclosure, and a tamper-evident register. Credential-only tools leave the workflow to you.
- Fully open, no enterprise paywall. Sorcha is MIT-licensed and self-hostable end to end. Several other open projects exist too — this is a field with genuine open options, not a Sorcha-only claim.
Be clear-eyed about the trade-offs: some platforms ship BBS+ / zero-knowledge selective disclosure, which is stronger than Sorcha's show/hide disclosure today. And post-quantum signatures are no longer unique — others ship them too. Sorcha's edge is core, default post-quantum signing combined with open, self-hostable workflow orchestration.
| Capability | Sorcha | walt.id | Procivis One | MATTR | Entra Verified ID |
|---|---|---|---|---|---|
| Credential issuance & verification (OpenID4VCI/VP, SD-JWT VC) | Yes | Yes | Yes | Yes | Yes |
| Multi-party workflow orchestration | Yes — core | Credential-focused | Credential-focused | Credential-focused | Credential-focused |
| Fully open source & self-hostable | Yes (MIT) | Open core | Open core | Commercial service | Managed cloud service |
| Post-quantum signatures | Yes — ML-DSA core/default | Verify with vendor | Yes (ML-DSA-65) | Verify with vendor | Verify with vendor |
| Selective disclosure approach | Schema show/hide + per-recipient encryption (BBS+/ZK on roadmap) | SD-JWT | SD-JWT | BBS+ / ZK (stronger) | SD-JWT / mdoc |
This is a positioning summary, not a feature-by-feature audit. "Verify with vendor" means we won't assert a capability we haven't confirmed for that project. If you spot something out of date, the comparison lives in the open-source repository — tell us.