Feature Showcase 7 – Ask a Trust Registry (A New Trust Task in Orbit Enterprise!)

Mathieu Glaude

May 10, 2023

Orbit Enterprise is a no-code, self-sovereign identity platform that facilitates the orchestration of trust tasks. We’re all very familiar with digital credentialing trust tasks such as issuing a credential or verifying a presentation proof. However, Orbit Enterprise supports other trust tasks, including secure messaging and negotiations.

Our recent 0.6.10 Orbit Enterprise release includes a Trust Decision Helper module which allows for an additional trust task called “ask a trust registry” to be used alongside others. Not only do we facilitate the lookup of trust registries when a party is looking to make a trust decision, but we’ve also implemented options that leverage the DNS zone of a party you may be interacting with.

Here is some additional details from the release notes that capture the module being applied towards a holder receiving a credential offer:

We’ve enabled Orbit Enterprise users to update their DID Documents with pointers to their domain names. Consequently, when someone resolves an issuer’s DID document, they can extract the issuer’s domain from the document and query the issuer’s DNS for additional information addressing the two concerns mentioned earlier. This integration provides a more comprehensive and reliable way of verifying issuers and their authority.

A holder receiving a credential offer can query the issuer’s DNS records to verify if there’s a match between the DID presented in the DID Document and the DID written in their DNS. Additionally, the holder can query trust registry locations that the issuer directs them to.

If you are interested in better understanding why we’re leveraging DNS in this flow, we recently wrote a blog post which covers the use case in much more detail.

In this demonstration, we show how an organization being offered a credential can use the issuer’s DNS information, which has been put into their DID document, to validate that the owner of the DID also has ownership of a specific domain name. Additionally, they can use pointers in the domain name system to discover trust registries that could facilitate trust decisions to be made.

We hope you find this demonstration useful and thought-provoking. Please get in touch with us if you’re looking to do any work in the intersection of credential exchange and trust registries. As we continue to work on more trust registry enhancements and features, we would love to collaborate with different community members.

Related Posts

Introducing our groundbreaking Trust Registry platform

The ultimate solution for forging resilient trust ecosystems in today's digital landscape.

Trust Registry



Orbit Enterprise

Establish your own trusted digital interactions ecosystem with your customers, partners and suppliers

Orbit Edge Wallet

Hold and manage issued verifiable credentials securely and in a privacy-preserving way

Orbit Trust Registry

Empower your organization to establish credibility, verify identities, and foster secure interactions with confidence and ease.



Product Updates



Verified Person

Receive a verifiable credential from Northern Block


Try our new OpenID4VC demo

Energy and Mines Digital Trust

Organizational Wallet and Credentials

Receive, store and exchange organizational credentials within your ecosystem




OpenID4VC Demo

Exchange verifiable credentials over OpenID4VCI and OpenID4VP.




SSI Orbit Podcast

Self-sovereign Identity, Decentralization and Digital Trust


Insights and News from the Forefront of Self-sovereign Identity

Latest Content