Digital Identity Trust Triangle
Issuer
Often a government or trust anchor (bank, college, hospital). Primary issuers maintain the golden source of data, while derived issuers attest to verified sources at a specific point in time.
Holder
Maintains exclusive custody and presentation rights. They can reject credentials, choose verifiers anywhere in the world, or use Zero-Knowledge Proofs to prove specific attributes without sharing raw data.
Verifier
Confirms legitimacy by resolving the issuer’s public key from the registry—not the issuer directly. This enables permissionless verification and keeps underlying personal data private via ZKP.
Public Registry
The trust triangle rests on a public registry anchored on EVM-compatible blockchains. Readable by anyone but writeable only by the issuer with support for FIPS 140-3 HSM managed private keys, this registry propagates revocations immediately across every protocol and jurisdiction simultaneously.
Trust Anchor
The trust anchor can be a government issued Digital Identity, a core banking mainframe of KYC/KYB data, a title and deed database or any other off-chain private or public data. There is never a need to put data or metadata directly on a digital ledger. Only GDPR compliant merkle trees of privacy preserving verified credentials and revocations are stored in the public registry.