light-mode-image
Learn

Trust and security considerations

Holding credentials securely means managing which verifiers and issuers your app trusts, authenticating the holder, and keeping credential status current. This page covers each of those considerations.

Trust and security considerations

Trusted verifier management

The Holder SDK supports configurable trust lists for verifier certificates. You can adapt your app's behavior based on trust level:

  • Block requests from untrusted verifiers entirely.
  • Show warnings or reduced information for unrecognized verifiers.
  • For remote presentations, verifier authentication is mandatory. The SDK validates the verifier's identity before proceeding.

Trusted issuer management

The SDK maintains a local list of trusted issuer certificates. Only credentials from issuers whose signing certificates are in your trust list will pass validation. Configure this list based on the jurisdictions and credential types your app supports.

Holder authentication

The SDK leverages platform-level security to ensure credentials are only presented by their rightful holder:

  • Biometric authentication: require Face ID, Touch ID, or fingerprint before credential access.
  • Device unlock: ensure the device has a passcode/PIN set.
  • Key binding: credential keys are bound to the device's secure element or keystore.
  • Per-credential policies: issuers can define security policies per credential type.

Balance security with inclusion: some users may lack or have disabled biometrics. The SDK supports OS-level alternatives (PIN, passcode, pattern) as fallbacks.

See the Device Key Authentication guide for detailed configuration.

Status list management

Credentials can be revoked after issuance. The SDK handles status list retrieval and caching based on the issuer's configured ttl and exp parameters:

  • ttl: recommended duration for using a cached status list before fetching an update.
  • exp: hard deadline after which a cached status list must not be used.

Apps can rely on cached statuses between ttl and exp to maintain offline usability. Consider how your app communicates credential status changes to the user (e.g., badge indicators, notifications).

See credential revocation for background on status lists.

Next steps

Next, review the operational tooling available for your integration.

How would you rate this page?

Last updated on

On this page