Hello! Introducing yet another level of intermediation for potentially sensitive credentials is going in the wrong direction, I think.
Also, some questions should be answered like: what is the information that should be revealed by these verifiers? What to do with selective disclosure? Is it really ok to record those “tokens” on the blockchain, even if encrypted? Few other steps are unclear as to what goes on chain, what stays offchain, and what information flows between what parties when.
I think instead that the solution should build on the identity system that KILT has already made available, namely DIDs. They are powerful and flexible, and the KILT chain has a way to deal with them as first class citizens within its runtime.
Nevertheless, we are always receptive to new needs from ecosystem projects, and on-chain credential verification is a big thing we want to achieve next year, regardless. Maybe it would make sense to better define exactly the requirements of such a use case, and whether they can be fulfilled by building on top of KILT, instead of devising a completely new way of doing this. The DIP (Decentralized Identity Provider), naming conflict maybe (?), could help as it allows DIDs to be used across all chains. If we devise a way to do the same with credentials, we are golden.
Looking forward to hearing from you!