Effective governance now with DIF Credential Trust Establishment

· 3 min read
Effective governance now with DIF Credential Trust Establishment

In the digital identity space, the Trust Establishment (TE) and Credential Trust Establishment (CTE) specifications play crucial roles in defining how trust is established and managed. CTE, in particular, is gaining traction as we approach the Internet Identity Workshop (IIW), with a plan to advance it to formal V1 status. This article focuses on the CTE, shedding light on its key features that make it a game-changer in building trust within digital credentials.

Core Aspects of CTE

CTE builds upon TE by enabling ecosystems to express their trust in the issuers of decentralized identifiers (DIDs) and credentials. Credential validation steps of checking the integrity and revocation status are well known and understood, but there are not yet commonly-agreed-upon standards for evaluating the authority of a party to issue a credential’s claims. 

Existing approaches have fallen short in one or more of the following areas: 

  • Ensuring the approach is sufficiently adaptable
  • Ability to express authorization for a specific role (not just general authorization)
  • Allows good performance and minimal resources, even eligible for offline use
  • Low-cost to implement, deploy, and use

This is where CTE comes in: enabling ecosystems to express the credibility of participants, but in a way that meets the above needs. By doing so, it helps avoid “rent-seeking” behavior, in which an ecosystem participant tries to position themselves to collect transaction fees or similar.

Authority in the Ecosystem

CTE is non-prescriptive in its stance on defining who is an authority. It operates on the principle that authority is determined by an ecosystem’s existing trust structure, informing the acceptance and recognition of the credentials. This flexibility allows for wide adoption and adaptation, making it a practical solution for managing trust.

Governance and Flexibility

CTE introduces a practical governance model that is lightweight and adaptable. It serves ecosystems both large and small. It specifies roles such as credential issuance and verification, and allows grouping by schemas, or type of credential. This allows CTE to adapt well to a wide variety of use cases and simplifies the process of determining who is authorized to issue or verify credentials.

Trust on Demand

CTE includes flexible dials in cases where more fluidity is required. For example, instead of being statically included in the registry, an individual can hold credential(s) that assigns them a specific role, and the root authority of that credential corresponds to an entry/role in the registry.   This method is not only efficient for offline use but also broadens the compatibility with different protocols, enhancing the flexibility and utility of the trust establishment process.


CTE is designed to counter rent-seeking behaviors and establish a solid trust foundation in digital credentials. It enables organizations and individuals to easily verify the legitimacy of credentials, providing a clear pathway for recognizing valuable credentials for professional development, for example. The specification’s governance model is straightforward and requires minimal technical investment, making it accessible and implementable across various industries.

How it can be used

In the wild, CTE files would be used by software representing companies and people. Companies and people will have a collection of governance files they use for different industries and purposes. In general, companies will be interested in software providing an immediate yes or no answer informing whether to accept or reject a credential. For individuals, however, software can use CTE files to advise on whether a credential is recognized by different parties. By indexing different CTE files, software can help individuals decide which ecosystems and credentials are most valuable for them.

Future Directions

As CTE heads towards v1, its potential to streamline the verification process and enhance the credibility of digital credentials is becoming increasingly apparent. DIF invites you to learn more about how CTE can revolutionize the digital identity field in providing a scalable, flexible, and trustworthy framework for managing digital credentials.

Learn more at:

In summary, CTE is not just about establishing trust; it's about making the process more accessible, adaptable, and reliable for everyone involved in the digital identity ecosystem. Its forward-thinking approach to governance, authority, and risk mitigation positions it as a cornerstone specification in the evolving landscape of digital credentials.