Product Updates
Feature Showcase 7 – Ask a Trust Registry (A New Trust Task in Orbit Enterprise!)

Mathieu Glaude

May 10, 2023


Orbit Enterprise is a no-code, self-sovereign identity platform that facilitates the orchestration of trust tasks. We’re all very familiar with digital credentialing trust tasks such as issuing a credential or verifying a presentation proof. However, Orbit Enterprise supports other trust tasks, including secure messaging and negotiations.

Our recent 0.6.10 Orbit Enterprise release includes a Trust Decision Helper module which allows for an additional trust task called “ask a trust registry” to be used alongside others. Not only do we facilitate the lookup of trust registries when a party is looking to make a trust decision, but we’ve also implemented options that leverage the DNS zone of a party you may be interacting with.

Here is some additional details from the release notes that capture the module being applied towards a holder receiving a credential offer:

We’ve enabled Orbit Enterprise users to update their DID Documents with pointers to their domain names. Consequently, when someone resolves an issuer’s DID document, they can extract the issuer’s domain from the document and query the issuer’s DNS for additional information addressing the two concerns mentioned earlier. This integration provides a more comprehensive and reliable way of verifying issuers and their authority.

A holder receiving a credential offer can query the issuer’s DNS records to verify if there’s a match between the DID presented in the DID Document and the DID written in their DNS. Additionally, the holder can query trust registry locations that the issuer directs them to.

If you are interested in better understanding why we’re leveraging DNS in this flow, we recently wrote a blog post which covers the use case in much more detail.

In this demonstration, we show how an organization being offered a credential can use the issuer’s DNS information, which has been put into their DID document, to validate that the owner of the DID also has ownership of a specific domain name. Additionally, they can use pointers in the domain name system to discover trust registries that could facilitate trust decisions to be made.

We hope you find this demonstration useful and thought-provoking. Please get in touch with us if you’re looking to do any work in the intersection of credential exchange and trust registries. As we continue to work on more trust registry enhancements and features, we would love to collaborate with different community members.

Related Posts

Cloud Storage, Management, Issuance and Verification of Verifiable Credentials

Products

 

Orbit Enterprise

Establish your own trusted digital interactions ecosystem with your customers, partners and suppliers

Orbit Edge Wallet

Hold and manage issued verifiable credentials securely and in a privacy-preserving way

Updates

 

Product Updates

Solutions

 

Verified Person

Receive a verifiable credential from Northern Block

OpenID4VC

Try our new OpenID4VC demo

Energy and Mines Digital Trust

Organizational Wallet and Credentials

Receive, store and exchange organizational credentials within your ecosystem

 

 

 

Trust Registry Solutions

Page Coming Soon!

Interoperable Solutions

Page Coming Soon!

OpenID4VC Demo

Exchange verifiable credentials over OpenID4VCI and OpenID4VP.

 

Resources

 

SSI Orbit Podcast

Self-sovereign Identity, Decentralization and Digital Trust

Blog

Insights and News from the Forefront of Self-sovereign Identity