Trust Architecture
The Trust Architecture application collaboration aggregates multiple co-operating application components realizing all needed services to implement the DE4A trust models. The identity management application component is used by the DC to initiate the authentication process and it implements functionality so the user can authenticate him/herself. Both DC and DP use the component to perform the identity matching based on attributes. The Trust Service provisioning component is also used by both DC and DP to provide functionality to handle the digital signing of messages. The data encryption/decryption component is again used by both DC and DP to support the encryption and decryption of messages. The Trust Architecture also provides functionality so that natural persons can represent other natural and legal persons.
For VC the collaboration between these components is similar. The interaction between the user identification components remains the same. In addition to creating, verifying and validating digital signatures, the Trust Provisioning Component now also needs to retrieve the DP certificates and communicates with the Distributed ledger access management component to store the certificates to the Trusted list stored/retrieved to/from the Distributed Ledger (instead of persistent storage in the Intermediation pattern).
- Graphic representations of the Trust Architecture application collaboration
.png)
.png)
.png)
| Application Component | Description | Pattern(s) |
|---|---|---|
| Trust Service Provisioning | Implements the functionalities encapsulating the trust services functionalities.
A ‘trust service’ means an electronic service which consists of these functionalities: i) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or ii) the creation, verification and validation of certificates for website authentication; or iii) the preservation of electronic signatures, seals or certificates related to those services. |
IM, USI, VC, S&N, LKP |
| Identity Management | Implements the functionality of user authentication.
‘Electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person; ‘Authentication’ means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed. |
IM, USI, VC, |
| Record Matching | Application component that provides identity matching based on attributes. Provided attributes are matched against attributes in some local registry. | IM, USI, VC |
| Data Encryption/Decryption | Application component providing encryption and decryption functionality (symmetrical, asymmetrical or a combination thereof). | IM, USI, S&N, LKP |
| Distributed Ledger | Application component that handles connections and operations related to the distributed ledger. | VC |
| Distributed Ledger Access Management | Application component that manages the access management related to Write/Read access into distributed ledger storage. | VC |
| Ledger to Agent | Interface that will connect to the Distributed Ledger (i.e., EBSI) in order to use e.g., the DID registry, Trusted Issuer Registry (TIR), Revocation list, etc. | VC |