Skip to main content

Handling Trust Information

The Core resolves trust information during verification and can optionally restrict interactions to only trusted entities.

Resolving trust information

When handling presentations, the system captures any issuer trust information provided, validates against subscribed trust lists, and stores the results. This is surfaced in GET /api/proof-request/v1/{id} as proofInputs.<item>.credential.trustInformation, and includes the result, which returns one of three values:

  • TRUSTED — the issuer was found on a subscribed trust list
  • UNTRUSTED — the issuer was resolved but not found on any subscribed trust list
  • UNKNOWN — trust could not be resolved for this credential

TRUSTED and UNTRUSTED results are currently only returned for PID and QEAA credentials:

  • PID — the Access Certificate (AC) used to access the wallet is also used to sign the credential. The system validates this certificate against subscribed trust lists.
  • QEAA — credentials are signed by Qualified Trust Service Providers (QTSPs). The system validates this certificate against subscribed trust lists.

Several kinds of credentials return as UNKNOWN currently:

  • EAA — EAA issuers do not currently appear on known trust lists
  • Pub-EAA — Trust lists for Pub-EAA issuers are not yet implemented

To retrieve full trust detail, call GET /api/proof-request/v1/{id}/trust-detail.

Restricting to trusted entities

By default, interactions with untrusted entities are allowed and trust results are recorded for review. The Verifier App includes a toggle to restrict interactions to trusted entities only. When enabled, any proof request from an untrusted entity is rejected before entering the system.

note

When the restriction toggle is enabled, only interactions that pass trust validation enter the proof request history. All visible proof requests will therefore show TRUSTED — not because every interacting entity is trusted, but because untrusted interactions are blocked before being recorded.