trust registry illustration

Trinsic Basics: What Is a Trust Registry?

The rules, or governance, of a verifiable credential ecosystem dictate which participants are allowed in a given ecosystem and therefore, who can be trusted. With Trinsic’s Trust Registry Service, ecosystem governance is implemented and configured directly through the Trinsic SDK. This means our customers do not have to build a unique technical solution to solve governance in their ecosystem. It comes baked into our platform with interoperability guarantees, saving you time and resources. Below, we explain what a trust registry is and show what it looks like in action.

Fighting bad actors

One of the recurring questions we get at Trinsic is: As a verifier, how do I know that the issuer of a credential is trustworthy? Similar to how anyone could create a fake ID in the physical world, anyone could create a fake or unauthorized verifiable credential.

 

This risk can be managed when verifiers only need to keep track of a few issuers. Those few issuers sign their public DIDs onto the credentials they issue, and those DIDs signify to the verifier that the credentials indeed came from the appropriate issuer. However, when a credential can be issued by hundreds or even thousands of issuers, it is not realistic to expect all verifiers in an ecosystem to maintain their own list of approved issuers.

 

For example, imagine you are hiring from your local university—simple. But what if you got 100 job applicants from 100 different universities? How would you know which universities were reputable, let alone which were legitimate? Talk about a logistical nightmare.

Introducing trust registries

This is where a trust registry comes in. A trust registry is an approved list of issuers and verifiers that are authorized to issue/verify certain credentials in a verifiable credential ecosystem. Trust registries are created and maintained by an ecosystem’s governing authority, who is most often the ecosystem provider.

diagram of a verifiable credential ecosystem with a trust registry
In addition to creating the credential templates and the verification policies for a verifiable credential ecosystem, an ecosystem’s provider creates and maintains a trust registry—an approved list of authorized issuers for the ecosystem.

When a trust registry is in place for an ecosystem, verifiers no longer need to manage a list of valid issuers. They just need to trust one provider who manages the trust registry. If a credential does not come from one of the authorized issuers listed in the trust registry, the verification will be unsuccessful.


Simply put, a trust registry has the following characteristics:

  • Adds issuers and verifiers and assigns the credential templates they’re allowed to issue/verify
  • Allows verifiers to query the registry and check if issuers are allowed to issue certain types of credentials


Overall, trust registries are one of the important ways we are helping our customers solve governance concerns in their verifiable credential ecosystems. The video below is a short demo of Trinsic’s Trust Registry Service.

The importance of interoperability

Trust registries also need to be interoperable. The Trust Over IP Foundation has a specification for an interoperable trust registry, and ours is the first implementation of this spec. Because of this, Trinsic’s Trust Registry Service is architected so that one ecosystem could reference or incorporate a trust registry from a separate ecosystem if needed.

 

For example, imagine you are a software vendor whose verifiable credential product is used by all the major universities in the U.S.. Since your product is powered by Trinsic, you have your own trust registry for your ecosystem. However, let’s say the U.S. university accreditation body all of a sudden decided they wanted to adopt the Trust Over IP Framework and create their own trust registry. Since Trinsic’s Trust Registry Service is based on the interoperable trust registry specification, you could seamlessly incorporate their trust registry into yours. Additionally, other software vendors that work with universities and related organizations may want to incorporate your trust registry. They could easily do so as well.

The future of trust registries

We are still in the early days of verifiable credential adoption, so we know that the role of trust registries will only expand as the number of verifiable credential ecosystems grow and the need for cross-ecosystem interoperability is necessary. Despite the ever-involving best practices around governance in verifiable credential ecosystems, you can rest assured that Trinsic’s SDK will include the necessary tools like trust registries, so you can spend less time thinking about how to implement governance and more time building your identity solution. For more information on Trinsic’s Trust Registry Service, visit our documentation.

Our Trust Registry Service is currently only available for beta customers using Trinsic Ecosystems. Interested in becoming a beta customer? Fill out the form below, and someone from our team will reach out shortly.