Components

1. Issuer

The issuer is an entity that creates and provides verifiable credentials to holders.

Responsibilities:

• Credential Creation: Issues credentials that are cryptographically signed to ensure authenticity.

• Data Source: Acts as the trusted source of information contained in the credentials.

• Examples: Government agencies issuing digital IDs, universities issuing diplomas, or banks issuing creditworthiness statements.

2. Holder

The holder is the individual or entity that owns and controls the verifiable credential.

Responsibilities:

• Credential Storage: Stores credentials securely, often in a digital wallet.

• Consent and Sharing: Shares credentials selectively with verifiers when needed.

• Examples: A student holding a digital diploma or a traveler holding a digital passport.

3. Verifier

The verifier is an entity that validates the authenticity and integrity of a verifiable credential.

Responsibilities:

• Verification Requests: Requests credentials from the holder for authentication or authorization.

• Credential Validation: Uses cryptographic proofs to ensure the credential is issued by a trusted issuer and has not been tampered with.

• Examples: Employers verifying a candidate’s diploma or an airport validating a digital passport.

4. Governance Rules

The governance rules define the rules and standards for how verifiable credentials are issued, held, and verified.

Responsibilities:

• Establishes trusted relationships among issuers, holders, and verifiers.

• Specifies technical and policy requirements for interoperability and compliance.

• Examples: Emerging European identity regulations, eIDAS and EUDI for digital wallets.

5. Mediator

A mediator plays a crucial role in enabling seamless, secure communication and interaction between mobile digital wallets and other entities (issuers, verifiers, and other wallets) in decentralized identity ecosystems. A mediator does in relation to mobile digital wallets:

Responsibilities:

• Facilitates Secure Connections: Mobile wallets often need to establish secure, private channels for exchanging verifiable credentials and other data. This is especially useful for wallets on devices that are not always online or directly addressable (e.g., behind a firewall or NAT).

• Routes Message: Mobile wallets may not be constantly connected to the internet, making direct communication with other parties (issuers, verifiers, or holders) challenging. The mediator acts as an intermediary to store and forward messages. It ensures that messages sent to the wallet are reliably delivered when the wallet becomes available.

• Supports Credential Exchange: Mediators play a role in helping mobile wallets request and receive credentials from issuers and present credentials to verifiers, often through secure and automated communication channels.

  • Example: The Indicio provides a mediator service that supports mobile wallets by managing secure communication channels. It allows wallets to exchange verifiable credentials even when they are not always online or directly reachable.

6. Verifiable Data Registry or Network

A registry or ledger may be used to publish public information, such as issuer credentials or revocation lists.

Responsibilities:

• Stores metadata (not user information or credentials) like public keys or credential schemas.

• Verifiers use it to confirm the trustworthiness of an issuer or the revocation status of a credential.

  • Examples: Blockchain networks like Hyperledger Indy or the Indicio Network.

Key Interactions

• Issuers provide credentials to holders.

• Holders share credentials with verifiers.

• Verifiers validate the credentials using public keys or registries.

• All interactions occur under a governance framework to ensure security and trust.

Copyright 2025 Indicio PBC