In order to “trust” the various credentials that end up in a wallet we need to be able to know that the Issuer of the credential is trusted in the first place. Every credential is created by an Issuer – so knowing how that Issuer’s authority is established is crucial. Otherwise a crafty teenager will create a DMV that issues driver licences that “look real” (i.e. the credentials validate cryptographically and have data that make sense). They may even create a fake website that fools folks. But with the concept of a Trust Registry their efforts would fail.

We’ll get to a more detailed description of a Trust Registry but in this case all that a law enforcement officer’s Wallet needs to know is the list of official DIDs from each province/state/federal authority that it recognizes – a very short list that doesn’t change.

In order to get lists of the Issuers (e.g. the real DMV) a Wallet will need to be aware of the the concept of Trust Registries (aka Trust Hubs).

  • The concept behind a Trust Registry is that a Wallet needs to know which decentralized identifiers (DIDs) to “trust” as a source of truth. At many levels this “trust” translates to “authority” – knowing that there is some body, centralized or decentralized, that is responsible for maintaining a list of trusted DIDs.

A Wallet will need to know which Registries are to be trusted. Over time the community will need to have Trust Registries that are anchored by various means:

  • Legislative Authority – Many Vital Statistics and other government Issuers. They are authoritative due to their legislative authority. Examples of these include issuers of: driver licenses , hunting permits, building permits, passports, etc.
  • Community Authority – Some Trust Hubs will be created by communities, associations, etc. that exist through either a formal (similar to legislative) or de facto authority. Examples include: registry of license doctors; registry of banks and credit unions; industry associations, local business improvement areas/chambers of commerce; etc.
  • Informal Authority – A Trust Hub should be able to exist with no formal authority. As an example, we can imagine consolidated reputations (E.g. Uber & Lyft combined; Yelp and TripAdvisor) that allow someone to aggregate reputation across platforms. It likely derives its authority from the large community that “lends” reputation to them.

Trust Web – the Owner(s) of a Wallet need to know that their Wallet is using the correct list of Trusted Issuers. Therefore a Wallet needs to be able to “explain” how it created the levels of Trust – and what anchored these trust levels. We can imagine the following chain of actions when we, as a home owner, receive a bid folder  from a renovation contractor:

  • We check our contractor’s business license which is anchored back to the province/state corporate registry.
  • We check their insurance certificate against a list of Issuers on a nationally maintained list of insurance companies – a trust registry. That list is anchored back to various different province/state/federal registries that are the “source of truth” for insurance company establishment – another trust registry.
  • We check the training status of all of the companies workers as they arrive to know that they have all the required certificates and training for the jobs that they are doing.
  • We check the city to make sure that our contractor is licensed to operate. The city maintains a trust registry of businesses. We back-check the city license bureau against their master list of Issuer DIDs. The city itself has a master DID that signed that registry and it points back to its legislative source of authority and the master list of municipalities for that province/state.

That sounds like a lot of work doesn’t it? Here’s the thing – we don’t have to do any of this ourselves – our Agent (see this article that has some ideas of types of Agents) does it all for us.  If everything is good we just see a nice green checkbox. If there are problems our Agent lets us know.


Also published on Medium.

%d bloggers like this: