In a recent thread on Twitter, Steve Wilson, Tim Bouma, Josh Geno, and I had a nice discussion about the use of the word “trust” to describe credential exchange.

Steve suggested the words “fidelity” and “provenance”. I like those. I wrote the following to use them in describing credential exchange in the SSI Stack. Note that I didn’t get rid of the word “trust” completely, but it moved from being a catch-all descriptor to a result.

Verifiable credentials contain claims about attributes. Credential issuers provide credentials containing claims to credential holders who use them to prove things about themselves to credential verifiers. For example, my employer may provide me with an employment credential that I hold and present to my bank when applying for a loan to prove to them that I’ve been employed three years and have a salary greater than a certain amount.

The identity metasystem (orange box) provides assurances about the fidelity of the credential: the identifier of the issuer and that the credential was issued to the holder who is presenting it, hasn’t been tampered with, and hasn’t been revoked.

The verifier is also concerned with the credential’s provenance: who issued it (not just their identifier) and on what authority they issued it under? Provenance depends on the design of the context-specific identity system (blue box). The verifier may ascertain the provenance of the credential in any way that satisfies them. In some cases, they may know about the issuer directly (e.g. many banks would know about local employers). In other cases, they may rely on things the business can prove about itself (e.g. I can determine if a business is a legally registered entity and other information from credentials they can present such as a business registration credential). Still further, the business may be part of a larger, formal organization that governs how they operate (e.g. an accredited university or a regulated bank).

The fidelity provided by the identity metasystem, combined with the credential provenance provided by the context-specific identity system operating on top of it, provides the basis for trusting the information that the holder has conveyed through credential exchange.