Handling Trust Information
The Core resolves trust information during verification and can optionally restrict interactions to only trusted entities.
Resolving trust information
When handling presentations, the system captures any issuer trust
information provided, validates against subscribed trust lists, and stores
the results. This is surfaced in GET /api/proof-request/v1/{id} as
proofInputs.<item>.credential.trustInformation, and includes the result,
which returns one of three values:
TRUSTED— the issuer was found on a subscribed trust listUNTRUSTED— the issuer was resolved but not found on any subscribed trust listUNKNOWN— trust could not be resolved for this credential
TRUSTED and UNTRUSTED results are currently only returned for PID and
QEAA credentials:
- PID — the Access Certificate (AC) used to access the wallet is also used to sign the credential. The system validates this certificate against subscribed trust lists.
- QEAA — credentials are signed by Qualified Trust Service Providers (QTSPs). The system validates this certificate against subscribed trust lists.
Several kinds of credentials return as UNKNOWN currently:
- EAA — EAA issuers do not currently appear on known trust lists
- Pub-EAA — Trust lists for Pub-EAA issuers are not yet implemented
To retrieve full trust detail, call
GET /api/proof-request/v1/{id}/trust-detail.
Restricting to trusted entities
By default, interactions with untrusted entities are allowed and trust results are recorded for review. The Verifier App includes a toggle to restrict interactions to trusted entities only. When enabled, any proof request from an untrusted entity is rejected before entering the system.
When the restriction toggle is enabled, only interactions that pass trust
validation enter the proof request history. All visible proof requests will
therefore show TRUSTED — not because every interacting entity is trusted,
but because untrusted interactions are blocked before being recorded.