Credential Trust Framework

A Verifiable Credential is a tamper-evident digital claim (like a diploma or license) issued by an authority. It uses cryptographic proofs (e.g., digital signatures) to allow the holder to prove its authenticity and integrity without contacting the issuer directly. VCs are the fundamental data unit of the framework, enabling self-sovereign identity.

A Decentralized Identifier is a globally unique, cryptographically verifiable identifier controlled by the subject (person, organization, or thing), not a central registry. DIDs resolve to a DID Document containing public keys and service endpoints, enabling secure, privacy-preserving interactions. They are the foundational layer for identifying issuers, holders, and verifiers.

The Governance Framework is the rulebook that defines the legal, technical, and operational policies for the ecosystem. It specifies:

• Roles and responsibilities of issuers, holders, and verifiers.
• Rules for credential formats, schemas, and revocation.
• Dispute resolution and liability models.
• Compliance with regulations like GDPR. This component ensures trust is based on agreed-upon rules, not just technology.

A Verifiable Data Registry is a system that mediates the creation and verification of DIDs, their public keys, and credential status (e.g., revocation lists). It can be implemented using various technologies, including blockchains, distributed ledgers, or other decentralized networks. Its role is to provide a trusted source for resolving DIDs and checking credential status without being a central data store.

This is the core trust triangle defining the actors in the framework:

• Issuer: The authoritative entity (e.g., a university) that creates and signs verifiable credentials.
• Holder: The entity (e.g., a student) that receives, stores, and controls the credential, presenting it selectively.
• Verifier: The entity (e.g., an employer) that requests and cryptographically verifies the credential's validity. The model enables selective disclosure and minimizes data exposure.

Technical standards ensure credentials work across different systems and jurisdictions. Key standards include:

• W3C Verifiable Credentials Data Model: The foundational specification for VC structure.
• DID Core Specification: Defines the syntax and operations for DIDs.
• JSON-LD and JWT: Common serialization formats for credentials. Adherence to these open standards is critical for ecosystem-wide adoption and prevents vendor lock-in.

An entity that creates and digitally signs verifiable credentials (VCs) based on claims it is authoritative for. The issuer's public key (often in a Decentralized Identifier or DID) is used to cryptographically verify the credential's authenticity.

• Example: A university issuing a digital diploma.
• Key Responsibility: Maintaining the integrity of the issuance process and the security of its signing keys.

The subject of a credential (often an individual or organization) who receives, stores, and controls the presentation of their verifiable credentials. The holder uses a digital wallet to manage credentials and generate verifiable presentations.

• Core Concept: Enables self-sovereign identity (SSI), where the user has control.
• Key Action: Selectively discloses credentials to verifiers without revealing unnecessary information.

An entity that requests and validates verifiable presentations from a holder to grant access or services. The verifier checks the credential's cryptographic signature, revocation status, and whether it satisfies their specific policy requirements.

• Example: A employer verifying a job applicant's degree.
• Technical Process: Validates proofs against the issuer's DID on a verifiable data registry (e.g., a blockchain).

A trusted system that mediates the creation and verification of identifiers, keys, and other relevant data, such as revocation registries. In decentralized frameworks, this is often a blockchain or distributed ledger.

• Primary Functions:
  • Anchoring Decentralized Identifiers (DIDs).
  • Publishing issuer public keys (DID Documents).
  • Hosting status lists for credential revocation.
• Key Property: Provides a tamper-evident and globally accessible root of trust.

The machine-readable blueprint that defines the structure and data fields of a verifiable credential. It ensures all parties interpret credential data consistently.

• Contents: Specifies property names, data types, and semantic meaning.
• Example: A schema for a "Driver's License" credential defines fields for licenseNumber, expiryDate, and vehicleClasses.
• Importance: Enables semantic interoperability across different issuers and verifiers.

A curated list that specifies which issuers and credential schemas are authorized or trusted within a specific ecosystem or for a particular use case. It answers the question: "Which issuers are trusted for this type of credential?"

• Governance Tool: Managed by a trust framework governance authority.
• Function: Helps verifiers automate policy decisions by checking issuer accreditation, rather than just cryptographic validity.