Triangle of Trust: Foundation of Verifiable Credentials
The Triangle of Trust defines the core relationship model that enables verifiable credentials to function in digital identity systems. It establishes clear roles for each participant—issuer, holder, and verifier—creating a trust framework that maintains security, privacy, and user control.
Key components
Section titled “Key components”The Triangle of Trust consists of three primary entities:
Issuer
Section titled “Issuer”The Issuer creates and signs verifiable credentials to establish their authenticity. Government agencies, universities, employers, and certification bodies act as issuers. They sign credentials cryptographically with private keys, publish public keys and identifiers, and revoke credentials when necessary.
Holder
Section titled “Holder”The Holder receives, stores, and controls credentials in digital wallets. Holders control when and how they share credentials, can selectively disclose information, and may generate presentations that combine multiple credentials. Individuals typically act as holders, though organizations and IoT devices can also hold credentials.
Verifier
Section titled “Verifier”The Verifier requests and validates credentials from holders. Service providers, employers, and government agencies act as verifiers. They validate cryptographic signatures, check credential status, verify issuer identity, and evaluate credential content against policies to make trust decisions.
The verification process
Section titled “The verification process”The verification process establishes trust through seven validation steps:
- Credential Request: The verifier requests specific credentials or proofs
- Presentation Creation: The holder generates a presentation containing requested information
- Cryptographic Validation: The verifier validates signatures on the presentation and credentials
- Issuer Validation: The verifier confirms issuer identity through DID resolution
- Status Check: The verifier confirms the credential remains valid and unrevoked
- Policy Enforcement: The verifier evaluates credential content against domain rules
- Trust Decision: The verifier accepts or rejects the credential
Vidos services in the verification ecosystem
Section titled “Vidos services in the verification ecosystem”Vidos provides four configurable services that support the Verifier role:
- Authorizer: Manages access control policies that determine who can request verification
- Resolver: Locates and retrieves issuer DID documents, public keys, and credential schemas
- Verifier: Validates cryptographic signatures and proof formats
- Validator: Evaluates credential content against domain rules and compliance policies
Together, these services enable verifiers to establish trust with issuers and holders. They support multiple credential formats (JSON-LD, JWT, mDocs), configurable trust rules, selective disclosure, and zero-knowledge proofs.
Design considerations
Section titled “Design considerations”Implementing the Triangle of Trust requires balancing three concerns:
Security: Use secure channels, current cryptographic methods, input validation, and rate limiting.
Privacy: Request minimum credentials, support selective disclosure, and define clear data retention policies.
Interoperability: Support multiple credential formats (W3C VC, DID standards) and design for extensibility.
The Triangle of Trust provides the foundational model for credential exchange in decentralized identity systems. By defining three clear roles—issuer, holder, and verifier—it enables trustworthy digital interactions without centralized authorities. Vidos strengthens the verifier role with configurable services that maintain both security and interoperability.