Orbit Enterprise is a no-code, self-sovereign identity platform that facilitates the orchestration of trust tasks. We’re all very familiar with digital credentialing trust tasks such as issuing a credential or verifying a presentation proof. However, Orbit Enterprise supports other trust tasks, including secure messaging and negotiations.
Our recent 0.6.10 Orbit Enterprise release includes a Trust Decision Helper module which allows for an additional trust task called “ask a trust registry” to be used alongside others. Not only do we facilitate the lookup of trust registries when a party is looking to make a trust decision, but we’ve also implemented options that leverage the DNS zone of a party you may be interacting with.
Here is some additional details from the release notes that capture the module being applied towards a holder receiving a credential offer:
We’ve enabled Orbit Enterprise users to update their DID Documents with pointers to their domain names. Consequently, when someone resolves an issuer’s DID document, they can extract the issuer’s domain from the document and query the issuer’s DNS for additional information addressing the two concerns mentioned earlier. This integration provides a more comprehensive and reliable way of verifying issuers and their authority.
A holder receiving a credential offer can query the issuer’s DNS records to verify if there’s a match between the DID presented in the DID Document and the DID written in their DNS. Additionally, the holder can query trust registry locations that the issuer directs them to.
If you are interested in better understanding why we’re leveraging DNS in this flow, we recently wrote a blog post which covers the use case in much more detail.
In this demonstration, we show how an organization being offered a credential can use the issuer’s DNS information, which has been put into their DID document, to validate that the owner of the DID also has ownership of a specific domain name. Additionally, they can use pointers in the domain name system to discover trust registries that could facilitate trust decisions to be made.
We hope you find this demonstration useful and thought-provoking. Please get in touch with us if you’re looking to do any work in the intersection of credential exchange and trust registries. As we continue to work on more trust registry enhancements and features, we would love to collaborate with different community members.