Trinsic Builds Open Source Trust Registry Sponsored by eSSIF-Lab

Making self-sovereign identity (SSI) more adoptable has always been our North Star at Trinsic. It was in 2019 when we made SSI accessible to the everyday developer through an API. And it was when we announced Trinsic Ecosystems, a product that enables developers to implement SSI within entire ecosystems, networks, or marketplaces at enterprise-level scale and performance.


Driven by our motivation to make SSI more adoptable, we built the world’s first turn-key, open source trust registry solution. This work was sponsored by the European Self-Sovereign Identity Framework Lab (eSSIF-Lab), which is an EU consortium that provides funding for projects that build SSI open source tools. Any ecosystem provider can use the trust registry implementation to enable governance in their verifiable data ecosystem.


Below, we dive more into the what and why of trust registries, what we delivered to eSSIF-Lab, and how it all relates to SSI adoption.

The importance of ecosystem governance

Imagine a scenario where a person is trying to open a bank account with an online bank. To open the account, the bank must verify the person’s identity. This is done by asking to see an identification credential, like a driver’s license. How can the bank trust that the driver’s license came from an authorized issuer and is not fake? The bank could keep and maintain a list of all the DMV office issuers, but that would be impractical. Additionally, how does the prospective bank member trust the bank is only asking for the information that it is authorized to ask for and is not a bad actor?


The scenario above can be boiled down into two questions:

  1. How does a credential verifier know that the issuer of the credential is trustworthy?
  2. How does a credential holder know that a verifier is trustworthy?


To answer the questions above, governance must be established in a verifiable data ecosystem, and trust registries make that possible.

What is a trust registry

A trust registry is a list of approved issuers and verifiers within an ecosystem and the types of credentials they are authorized to issue and verify. Trust registries are basically a way of saying, “yes, these issuers can issue these credentials (these schemas)” and “yes, these verifiers have the authority to verify that credential” in an ecosystem. Trust registries are created and maintained by a governing entity (or entity groups), which at Trinsic is called an ecosystem provider.

diagram of a verifiable credential ecosystem with a trust registry
An ecosystem’s provider creates and maintains the trust registry.

In the banking example above, instead of the bank having to maintain its own list of hundreds of authorized issuers of driver’s licenses, the bank would only need to trust one DMV trust registry which the ecosystem provider would maintain. If the issuer of the credential is not listed in the trust registry, the verification will not be successful. Similarly, the trust registry would provide the prospective bank member the assurance that the bank is an authorized verifier and is only asking for the information it is authorized to verify.

Here is an example of how a trust registry can be expressed in the ‘issuer’ field in a verifiable credential:

				
					```

"type": [ "VerifiableCredential", "PermanentResidentCard" ],

"issuer": {

    "id": "did:key:z5TcCNM3CXMnaQZ4raGjL6keRB119GtbSRe2u...",

    "type": "AuthoritativeMember",

    "trustRegistry": "https://example.com/registry/trusted-issuers",

    "governanceFramework": "https://example.com/governance-framework"

}

```
				
			

For more information and a demo on trust registries, read “Trinsic Basics: What Is a Trust Registry?”

eSSIF-Lab and an open source trust registry

Trinsic was sponsored by eSSIF-Lab to create an open source trust registry solution that integrates with the Verifiable Credentials Data Model.

This was delivered in the form of:

  1. Application Service
  2. Infrastructure and deployment
  3. Reference implementations


We based the solution on the Trust Over IP Foundation specification for interoperable trust registries. Because of this, the trust registry implementation we built is architected so that one ecosystem could reference or incorporate a trust registry from a separate ecosystem if needed.


The solution is open source and ready-to-build, so anyone can start using it today to add governance regulation into their ecosystem. To get started and to see the trust registry in action, visit the project’s GitLab page.

Governance as a driver of SSI adoption

Trinsic applied to work on this trust registry project with eSSIF-Lab (and luckily got selected!) because we believe that solving governance in verifiable credential ecosystems is crucial for SSI adoption. Without governance, anyone in an ecosystem would be able to issue or verify credentials even if they didn’t have the authority to do so, discrediting the data exchanged within the ecosystem. Trust registries are one way to solve this problem, and we are committed to continue working with the community as other governance solutions are identified.


At this time, the two main community efforts that tackle the problem of verifiable data governance are:

  1. Trust Registry Protocol Specification: Incubated at the Trust over IP Foundation, this is the specification that our implementation is based on.
  2. Trust Establishment: Incubated at the Decentralized Identity Foundation, this is an early stage effort to standardize trust establishment by providing ‘trust lists’ of authorized issuers and verifiers. It is conceptually and functionally almost identical to trust registries.

Trinsic’s Trust Registry Service

In addition to the open source trust registry implementation that we built for eSSIF-Lab, Trinsic has its own Trust Registry Service that is part of our platform. Our Trust Registry Service is also based on the Trust Over IP interoperable specification.


Currently, our Trust Registry Service is only available for beta customers using Trinsic Ecosystems. Interested in seeing a demo of Trinsic Ecosystems? Fill out this form, and someone from our team will reach out shortly.