HomeTrust & Governance

Trust Frameworks

How does a verifier know which issuers to trust? Trust frameworks provide the governance structure that enables confidence in a decentralized credential ecosystem.

What is a Trust Framework?

A trust framework is a set of rules, policies, and technical standards that define how participants in a credential ecosystem operate. It answers critical questions: Who can issue credentials? What makes an issuer trustworthy? How are disputes resolved?

The Trust Problem
Unlike traditional systems where a central authority vouches for identity, decentralized credentials require new mechanisms for establishing trust between parties who may never have interacted before.

Key Components

Trust frameworks typically include four essential components that work together to establish and maintain trust.

Governance Authority

The organization(s) responsible for creating, maintaining, and enforcing the rules of the trust framework.

Policies & Rules

Documented requirements for participation, including technical standards, security requirements, and operational procedures.

Trusted Entity Registry

A list or registry of entities (issuers, verifiers) that have been vetted and approved to participate.

Audit & Compliance

Mechanisms for verifying that participants continue to meet framework requirements.

Trust Chains

Trust is often hierarchical. A root authority delegates trust to intermediate authorities, who in turn authorize operational entities like credential issuers. This creates a verifiable chain of trust.

Root of Trust

The ultimate authority in the trust chain. Often a government, consortium, or well-established organization.

Intermediate Authorities

Sector-specific or regional authorities that manage trust for their domain (e.g., education sector, healthcare).

Operational Entities

The actual issuers and verifiers that interact with credential holders in day-to-day operations.

Verifiable Data Registries (VDRs)

A Verifiable Data Registry is a system that mediates the creation and verification of identifiers, keys, and other relevant data. VDRs can be implemented using various technologies: blockchains, distributed ledgers, databases, or even simple web servers.

What VDRs Store

  • Issuer DIDs and public keys
  • Credential schemas
  • Trusted issuer lists
  • Revocation status lists

How Verifiers Establish Trust

When a verifier receives a credential presentation, they must determine whether to trust the issuer.

1 Extract Issuer Identifier

The verifier extracts the issuer's DID from the credential.

2 Check Trusted Issuer List

The verifier checks if the issuer is on their trusted issuer list or registered in a trusted VDR.

3 Verify Trust Chain

If using hierarchical trust, verify the chain from issuer up to a root authority.

4 Apply Business Rules

Even with a trusted issuer, the verifier applies their own policies to decide whether to accept the credential.

Real-World Trust Frameworks

EU Digital Identity Framework

European Union (eIDAS 2.0)

The EU's comprehensive framework for digital identity wallets and verifiable credentials across member states.

  • Cross-border recognition
  • Sector-specific trust lists
  • Qualified trust services

TRAIN (Trust Registry)

Trust over IP Foundation

A universal trust registry protocol enabling discovery and verification of trusted entities across ecosystems.

  • Interoperable registries
  • Decentralized governance
  • Credential type mapping

Continue Learning

Governance Models Credential Revocation