Trusted Lists
The categories of trust a Digital Trust Service publishes (trusted issuers, trusted readers, and trusted wallets) and why each one matters.
A Digital Trust Service (DTS) makes trust decisions scalable by publishing trusted lists. Instead of every participant establishing a direct relationship with every other participant, each participant trusts the lists published by the network operator. Those lists answer three separate questions.
- Who is authorized to issue a given credential type?
- Who is authorized to read (request) a given credential type?
- Which wallets and technologies are certified to participate?
Understanding these three categories first makes it easier to see where the specific mechanisms VICAL and RICAL fit in. See DTS options for how MATTR lets you publish and consume each category.
Trusted Issuer Lists
A Trusted Issuer List defines which issuers are authorized to issue specific types of verifiable credentials. A verifier or wallet can then trust a credential without needing a direct relationship with each issuer. It only needs to trust the list.
Why it matters: Maintaining an up-to-date relationship with every issuer across multiple jurisdictions and credential types is operationally complex. Certificates rotate, new issuers come online, and different authorities publish independently. A Trusted Issuer List delegates that work to the network operator.
Example: A retailer verifying mobile driver's licenses (mDLs) needs to accept licenses from every participating state. Rather than tracking each state's Issuing Authority Certificate Authority (IACA) individually, the retailer's verifier trusts a single issuer list that the network operator keeps current as new states come online.
How MATTR implements it: through ecosystem policies exposed via the MATTR VII APIs and through VICAL, the ISO/IEC 18013-5 standardized mechanism for publishing issuer certificate authority lists. See DTS options for how to choose between them.
Trusted Reader Lists
A Trusted Reader List defines which verifiers (readers) are authorized to request specific types of credentials. A holder or wallet can then trust a verifier before presenting data to it.
Why it matters: Holders should only disclose data to parties that are entitled to request it. A Trusted Reader List gives wallets a way to recognize accredited verifiers and warn users about, or block, requests from parties that are not on the list.
Example: A citizen's wallet receives a request for their date of birth. Before the wallet shows a consent screen, it checks that the requesting verifier appears on the network's reader list. If the verifier is recognized, the wallet can display a trust indicator. If it is not, the wallet can warn the user or decline the request.
How MATTR implements it: through RICAL (Reader Certificate Authority List), the mechanism for publishing reader trust lists. Ecosystem policies exposed via the MATTR VII APIs can also express which participants are permitted to verify a given credential type.
Trusted Wallets and Trusted Technologies
A Trusted Technologies list defines which certified applications and solutions may participate in the network. This can include digital wallets, identity agents, registers, and verifiable credentials that meet established criteria for secure and reliable operation.
Why it matters: The integrity of a trust network depends on the software participants use. Trusting only certified wallets and technologies keeps uncertified, and potentially malicious, applications out of sensitive interactions.
Example: An issuer wants to ensure its credentials are only claimed by wallet applications it has authorized. It requires wallets to cryptographically prove their authenticity before claiming, so only recognized wallet instances can receive its credentials.
How MATTR implements it: through wallet attestation, which validates a wallet instance through a certificate-based trust chain before it can claim credentials, and through the recognized standards and certification criteria defined by the network's trust framework.
Next steps
- DTS options: the options MATTR offers for publishing and consuming each category of trust.
- VICAL overview: the standardized mechanism for issuer trust lists.
- RICAL overview: the mechanism for reader trust lists.
How would you rate this page?
Last updated on