Trust Systems
Trust systems are the foundational infrastructure that enables secure, verifiable interactions in digital identity ecosystems. They answer the critical question: "How do I know I can trust this entity?"
Why Trust Systems Matter
In decentralized identity ecosystems, parties that have never met must be able to:
- Verify credentials – Confirm that a credential was issued by a legitimate authority
- Authenticate wallets – Ensure wallet applications are genuine and secure
- Establish authority – Determine which entities are authorized to issue specific credentials
- Enable interoperability – Support cross-border and cross-jurisdictional recognition
Trust systems provide the technical and governance infrastructure to make these verifications possible at scale.
Core Concepts
Trust Anchors
A trust anchor is a cryptographic public key (and associated metadata) that serves as the root of trust for verifying other entities. Trust anchors are typically:
- Published in trusted lists or registries
- Managed by authoritative bodies (governments, standards organizations)
- Used to verify certificate chains and credential signatures
Trust Lists
Trust lists are authoritative, machine-readable registries of trusted entities. They enable automated verification by providing:
- Public keys and identifiers for trusted entities
- Status information (active, suspended, revoked)
- Metadata about entity capabilities and authorizations
Attestations
Attestations are cryptographic proofs that vouch for specific properties of an entity, such as:
- Wallet application integrity
- Key storage security
- Compliance with standards or regulations
Trust Systems in This Section
This section covers three major trust system approaches used in digital identity:
EU Trust Lists
The European Union's standardized trust infrastructure for the EUDI Wallet ecosystem, based on ETSI standards and mandated by eIDAS 2.0. Covers:
- National Trusted Lists and the EU List of Trusted Lists (LoTL)
- Trust anchors for Wallet Providers, PID Providers, and Attestation Providers
- ETSI TS 119 612 format and implementation
Trust in ISO mDL: VICALs and IACAs
The trust infrastructure defined by ISO/IEC 18013-5 for mobile driver's licenses and mobile documents. Covers:
- Issuing Authority Certificate Authorities (IACAs)
- Verified Issuer Certificate Authority Lists (VICALs)
- Reader authentication mechanisms
- Regional implementations (AAMVA, Austroads)
Wallet Attestations
Cryptographic proofs that establish trust in digital identity wallets. Covers:
- Wallet Instance Attestations (WIA)
- Key Attestations and Wallet Trust Evidence (WTE)
- Integration with OpenID4VCI
- Platform-specific attestation mechanisms
Comparison of Trust Approaches
| Aspect | EU Trust Lists | VICAL (ISO 18013-5) | Wallet Attestations |
|---|---|---|---|
| Primary Purpose | Ecosystem-wide trust | mDL issuer verification | Wallet integrity |
| Scope | EU Member States | Regional (per VICAL) | Per wallet instance |
| Format | XML (ETSI) | CBOR/COSE | JWT/COSE |
| Governance | European Commission | Regional bodies | Wallet Providers |
| Update Frequency | Periodic publication | Versioned refresh | Per-instance lifecycle |
Further Reading
- ID Ecosystems – Overview of identity ecosystem components
- Data Exchange Protocols – How credentials are exchanged
- Credential Lifecycle – Issuance, verification, and revocation