SSI-powered interactions need to be trustworthy and safe for all participants in order to achieve widespread adoption. In addition to technical assurance through cryptography, human trust must be achieved through governance. These capabilities must usable offline, transparent to wallet holders, and configurable by enterprises.
Trust Registries are one of the critical components of machine-readable governance frameworks. Through this component, holders can avoid coercion by verifying the verifier; verifiers can discern offline which issuers they trust; issuers can communicate to holders which governance framework they are associated with. It will lead to additional safety and confidence for all participants.
A trust registry maintains a list of all authorized entities in a trust ecosystem, the types of data they’re authorized to exchange, and the operations they’re to perform on those types.
The registry supports operations to register, revoke, and query for authorizations granted to entities on data type operations within a trust ecosystem. For example, authorizing a specific university to issue a diploma. The core of the solution is developing authorization rules engine that is able custom defined policies based on the requirements of a trust registry.
This solution will use NIST recommended approach to Role-Based-Access-Control (RBAC) authorization implemented in a popular language. The solution will be pluggable to existing infrastructures as a microservice module running in a container instance.
Integration with TRAIN
Our component is a spec and implementation of a trust registry, using TRAIN as a starting point. First, we will finalize the spec provided previously in a ToIP working group. Then, instead of building from scratch, we will use TRAIN as a starting point and champion it within the Covid credential and ToIP groups we’re a part of. The result is an API that enables more than just querying DNS for issuer records; support for DIDs in addition to DNS, holders verifying issuers and verifiers, offline functionality, and role-based programmatic governance over the types of credentials organizations are authorized to issue/verify are included.
Ultimately, this becomes a foundational element of machine-readable governance frameworks. It also bridges the TRAIN and ToIP communities with a solution that meets both requirements. Finally, it discourages others from splintering the community with bespoke solutions. All of which are important to scale SSI to meet the complex demands of global adoption.