Product Updates
Feature Showcase 7 – Ask a Trust Registry (A New Trust Task in Orbit Enterprise!)

Mathieu Glaude

May 10, 2023

Orbit Enterprise is a no-code, self-sovereign identity platform that facilitates the orchestration of trust tasks. We’re all very familiar with digital credentialing trust tasks such as issuing a credential or verifying a presentation proof. However, Orbit Enterprise supports other trust tasks, including secure messaging and negotiations.

Our recent 0.6.10 Orbit Enterprise release includes a Trust Decision Helper module which allows for an additional trust task called “ask a trust registry” to be used alongside others. Not only do we facilitate the lookup of trust registries when a party is looking to make a trust decision, but we’ve also implemented options that leverage the DNS zone of a party you may be interacting with.

Here is some additional details from the release notes that capture the module being applied towards a holder receiving a credential offer:

We’ve enabled Orbit Enterprise users to update their DID Documents with pointers to their domain names. Consequently, when someone resolves an issuer’s DID document, they can extract the issuer’s domain from the document and query the issuer’s DNS for additional information addressing the two concerns mentioned earlier. This integration provides a more comprehensive and reliable way of verifying issuers and their authority.

A holder receiving a credential offer can query the issuer’s DNS records to verify if there’s a match between the DID presented in the DID Document and the DID written in their DNS. Additionally, the holder can query trust registry locations that the issuer directs them to.

If you are interested in better understanding why we’re leveraging DNS in this flow, we recently wrote a blog post which covers the use case in much more detail.

In this demonstration, we show how an organization being offered a credential can use the issuer’s DNS information, which has been put into their DID document, to validate that the owner of the DID also has ownership of a specific domain name. Additionally, they can use pointers in the domain name system to discover trust registries that could facilitate trust decisions to be made.

We hope you find this demonstration useful and thought-provoking. Please get in touch with us if you’re looking to do any work in the intersection of credential exchange and trust registries. As we continue to work on more trust registry enhancements and features, we would love to collaborate with different community members.

Related Posts
The Digital Universal Credential Adaptor

The Digital Universal Credential Adaptor

Northern Block Inc. and Canadian Bank Note Ltd. partner to enhance convenience for Canadians by combining digital credentials such as Mobile Driving Licences and Verifiable Credentials using Hyperledger Aries technology. This collaboration aims to provide a more user-friendly and interoperable solution, focusing on privacy preservation and high-assurance personal identity credentials.

Cloud Storage, Management, Issuance and Verification of Verifiable Credentials



Orbit Enterprise

Establish your own trusted digital interactions ecosystem with your customers, partners and suppliers

Orbit Edge Wallet

Hold and manage issued verifiable credentials securely and in a privacy-preserving way



Product Updates

Use Cases

Public Sector

Available Soon

Travel & Hospitality

Available Soon

Supply Chain

Available Soon


Available Soon

Banking & Fintech

Available Soon



SSI Orbit Podcast

Self-sovereign Identity, Decentralization and Web3


Insights and News from the Forefront of Self-sovereign Identity

Digital Trust in the Age of Generative AI (with Wenjing Chu)

Digital Trust in the Age of Generative AI (with Wenjing Chu)

 🎧   Listen to this Episode On Spotify 🎧   Listen to this Episode On Apple Podcasts About Podcast Episode When I recorded this podcast with Wenjing, I was initially hesitant to delve too deeply into the current state of generative AI. The pace...

read more