Unlocking Trust: Strategies for Building Trusted Verifiable Credentialing Ecosystems
Technology
|
Sasikumar Ganesan
|
10 OCT 2024
10 OCT 2024

When it comes to digital interactions, the question of trust within this domain has become increasingly complex. Unlike traditional environments where trust is built through face-to-face interactions and established institutions, the digital world operates differently – characterised by anonymity, rapid evolution, and a heightened risk of security threats. Gaining and retaining trust in such an environment is vital to the continued growth and stability of digital transactions.

Digital wallets and ecosystems are at the epicentre of this challenge. These technologies, which facilitate everything from financial transactions to identity verification, require frameworks that ensure trust is not only granted but continuously upheld. The objective is to create a framework for dynamic trust management that adapts to changing threats while ensuring interaction integrity across vast networks.

Rethinking Trust as a Dynamic Process

Traditionally, trust in digital systems has been treated as a static state – something that, once established, is assumed to persist unless explicitly revoked. This conventional approach, furthered by Public Key Infrastructure (PKI) models, often relies on hierarchical trust structures. In such systems, trust is centralised, with a root authority acting as the ultimate guarantor of trust. However, these models have shown significant vulnerabilities, particularly in the face of evolving threats and state-sponsored attacks.

Alternatively, viewing trust as a dynamic process, one that is continuously validated and reinforced through repeated interactions over time has its own practicality. This perspective acknowledges that trust can fluctuate based on the ongoing reliability, security, and consistency of the data. By modelling trust as an ongoing process rather than a one-time establishment, we create a more resilient framework that adapts to the complexities of modern digital ecosystems.

Decentralising Trust

 

The limitations of traditional PKI models have prompted a shift towards decentralised trust frameworks. In a decentralised approach, trust is distributed across multiple actors rather than being reliant on a single root authority. This approach reduces the risk of a single point of failure and creates a more robust and flexible system.

 

In decentralised trust frameworks, trust chains are formed through networks of interconnected entities. Each entity in the chain can validate and verify the trustworthiness of others, allowing for customised trust models tailored to the specific needs and policies of participants – whether they are issuers, verifiers, or holders/end-users. 

 

Building Blocks of a Trust Framework

 

01 Trust Framework

 

This framework is structured hierarchically, delineating the roles of issuers and verifiers, while also accommodating diverse trust models. 

Issuers, ranging from government bodies, private organisations to accredited institutions, are responsible for establishing the terms, policies, and assurances linked to the credentials they issue.

Verifiers perform identity checks using these credentials. They can either accept or reject credentials based on issuer policies, and can also introduce their own policies to manage risk according to their specific requirements.  For instance, a bank may accept a tax ID for account opening but could request additional credentials if unavailable.

The flexibility within the framework allows verifiers to customise their trust criteria while still adhering to the broader issuer policies. Importantly, the concept of a wallet applies not just to the holder of credentials but also to the verifier. 

Additionally, this framework enables the holders of credentials to exert control over their data. They can impose restrictions on the information they share, ensuring that their privacy is respected. For example, a holder might choose to share only their name and date of birth, or limit data sharing to a simple photograph. This ability to customise what is shared provides a more secure and personalised experience for the user while maintaining the integrity of the overall trust system.

02 Trust Issuer Chains

 

This chain provides a robust, adaptable framework for securing digital identities across diverse use cases. At the top of this chain is the Digital Trust Registrar, whose role is to identify and authorise agencies that can accredit or issue credentials. However, the overall network is inclusive and adaptable, allowing for the existence of self-accredited entities that operate independently of government oversight. 

This model allows closed-loop networks. For instance, a large corporation could issue verifiable credentials to its employees without needing external permission. These credentials could then be used by a bank to offer additional benefits, assuming the bank recognises and trusts the issuer. The verifier, in this case, the bank, has the autonomy to decide which issuer chains it would trust and under what conditions.

Below the digital trust registrar, the system can include both accredited and self-accredited registries. These registries, in turn, work with trusted issuers who are responsible for generating and distributing the actual credentials. The concept of a trusted issuer can even extend to individuals. The system accommodates varied scenarios, allowing legal entities and individuals to act both as issuers and verifiers.

In this model, the validation of trust and adherence to policies is consistent whether data flows from a subject to a legal entity or vice versa. The trust issuer chain provides a robust and flexible framework for ensuring that digital identities are both secure and adaptable to diverse use cases.
 

03 Verifier Chain of Trust

This is the mechanism through which verifiers establish and maintain confidence in the credentials they assess. This chain begins with the digital trust registrar, which sets the foundational guidelines for what constitutes a trusted verifier. The accreditation board further defines the terms and conditions under which credentials are issued, ensuring that they meet the required standards for accuracy, security, and relevance.

A trusted verifier, once accredited, operates under these guidelines but also exercises discretion in selecting which issuers and credentials to recognise. For example, a bank might decide to accept credentials only from issuers that meet specific regulatory requirements or align with its internal risk management policies.

The concept of a wallet plays a crucial role here as well. The wallet, whether it belongs to the holder or the verifier, serves as the interface through which trust is managed and verified. It contains the policies and protocols that govern interactions, ensuring that data is exchanged securely and in compliance with the trust framework. Essentially, the wallet not only facilitates transactions but also enforces the trust criteria set by both the issuer and the verifier.


The proposed trust framework emphasises decentralisation, the dynamic nature of trust, and adaptable policies. By recognising trust as an ongoing process and leveraging multiple trust chains, we can create a strong and reliable digital ecosystem. 

 

As this framework continues to evolve, collaboration and feedback from various stakeholders will be crucial in shaping a trusted digital future. The ultimate goal is to create an environment where both service providers and end-users can interact with confidence, knowing that the systems in place are robust, flexible, inclusive, and secure.

 

 

 

profile-img
Sasikumar Ganesan
Head of Engineering – MOSIP
Inclusive
Privacy
Security
Supported by:
footer images
footer images
footer images
footer images
Incubated by
Contact Us
26/C, Electronic City, Hosur
Road, Bangalore - 560100. 
Quick Links:
Supported by:
footer images
footer images
footer images
footer images
Contact Us
26/C, Electronic City, Hosur Road, Bangalore - 560100. 
Quick Links:
Incubated by